How Is Wilders Security Forums Protecting Us?

Hi Guys!

I hope everyone that runs Wilders will come in and discuss this matter, I think it's of great importance and please forgive me if this has been discussed somewhere else or it's listed somewhere, because I have not seen any of this.

1. I think Wilders is great and thank you for giving us such a great place to come and share and learn, I want you to know I really appreciate this and I'm grateful!

2. Because this is a Security forum I would like to think we can come here and be safe, maintain some level of privacy and anonymity while participating here at Wilders.

3. As it relates to number 2, how is this being accomplished? Does Wilders keep logs of any kind, record the IP addresses that come to the forum, or do anything in this manner?

4. We all understand that a forum also needs to protect itself from spammers, bots, etc., so keeping some type of IP records, it seems would help to defend off problems, but if you are logging all of us, then I'm starting to wonder, where the line is drawn.

5. Let's be honest here with this, many people here like myself are all about privacy and anonymity, otherwise why would Wilders even have a 'Privacy' section in the first place? But if you aren't helping to maintain our privacy and anonymity here, then what good is this really doing us?

Sorry guys I'm not trying to put you on the spotlight, be rude, harsh, or any of the above, but I hope you appreciate the fact that someone wants to know, after all, maybe you'd want to know too when you are visiting some place, what measures are being taken to protect you.

I think it's great we all incoperate some type of protection and security on our systems, but now I think it's time to start asking all the sites we go to and visit what they are also doing to maintain our security, privacy and anonymity?

I know this is a public forum, but now I'm starting to think that anyone that takes Security very serious should not be making a forum public, after all what benefit is it? If people want to see what's going on, let them join and keep it private so nothing goes out across the internet.

I'm sure many of you know, going back to the beginning of the year some spammer/troll that was impersonating many of us across Usenet, well the thing is, DasFox, does have a reputation to maintain and actually I was worried this might cause me problems and it was a situation I had to deal with for many months to make sure it would not cause me a problem, but regardless of my problems, what matters is, I don't think a place like this should be for public eyes and public all across the world and web, so when you go to Google and simply type something, Wilders comes up all over the place for people to read and see.

Being Public & Secure, are not two easy things to accomplish, who knows what the future of cyberspace will bring, when we are so open and public. I believe it's better to be safe than sorry and Wilders should be looked at like an 'Internal Community' where it's free to share and learn just like it is, but if you want to see what's going on, then you have to enter the doors and come inside to have a look, otherwise the door is locked and to me, this is greater security, plus a place that isn't logging us...

I know many will bark and yell over this, saying it's a 'Public Forum', what do you expect? Well, as I stated, let it stay public, meaning anyone can join, but private in the sense no one sees anything until you get in and I know there are great benefits to this, in a simple explaination it keeps you under the radar and many times less of a target for problems for the forum and end-users, but sometimes this doesn't always work, but it's still better then nothing.

We also have to realize this is not 'Grandma's Apple Baking Forum', something like that, who cares if you read about Grandma's apple recipes all over the internet, but then some of you are going to say, who cares who reads any of Wilders posts all over the internet and the truth is, that isn't the problem, it's just keeping it all so open and public, this is how I see the problem...

Truth is, we are all going to have our own ideas and thoughts on this matter that are different, but the TRUTH is no one should be arguing is, for any thing in life, being computer related, personal, or business, if you want better 'Security' then you maintain a higer level of 'Privacy' and that's my point here, for us, the forum and end-users, to continue maintaining our security, we should have a higher level of privacy and I don't think there's anything wrong with that, I truly believe for the forum and end-user it makes for a better situation.

Thank you again Wilders for everything and I hope you will all share your thoughts here to the community over this.

Merry Christmas & Happy New Year To All!

P.S. This is about protecting the end-user on the forum, regardless of what's being said, or how open...

 

Honestly Wilders has one of the most specific, easy to understand privacy policies I've seen in a while. There's no possible way to know they aren't doing anything with our information, but, then again, what do we really give them to begin with? Most of us signed up with toss away email addresses most likely, and user names don't really give anything to them. I'm not sure what harm they could actually do if they were so inclined. They have our IP address, yes, but so does every website you've ever been to unless you've been using a VPN/Tor for everything you do. Even then someone has it.

As far as public vs private, what exactly are "bad people" going to get? Our security setups? A forum like this is in no danger by being public. There's nothing sensitive here, there's no shady posts being made to hide, none of that. If a person is curious about a security/computer issue, they can pop in here and look around. If they have to ask something, they already have to make an account (I think even to search you do).

 

I was probably editing the post, so please go back and re read it...

Truth is, cyberspace is changing, we all know this, so to put it in simple terms, participating in a forum, is not like visiting a website, a forum you log into, particiapate and spend many months and years. So if you've been around any forum for years, that's a lot of logging going on and certainly some easy information if the place was compromised...

So read, think, digest, chew, and swallow, because I said a lot in the post, it basically points to the fact that to have security, you need to maintain privacy, being open, public in any fashion at any level of life is going to have it's draw backs and dealing with Cyberspace, certainly at higher levels...

 

I don't know about barking & yelling (Barking's just east of Dagenham isn't it? ), but it would be a bit barking mad not to allow non-members the ability to see forum posts. After all, most bulletin board members on the Net probably read a few of the threads on the boards of their choice, before they decided whether to join or not in the first place. I know we are all a bit paranoid on security forums but you can take it all a bit far.

Barking

 

I've read everything, and my opinion still stands. Again, I don't know what anyone could get from our posts. Obviously if you're posting very personal stuff out in the open forum, you're kind of getting what you ask for. I completely get the threat of spammers/trolls (heck, we have plenty of trolls here as it is without the place even being hacked). But, that sort of thing is just a fact of life on the net, not really anything that has recently become an issue.

In order to truly put a dent in problems, every forum would have to go "members only"..and then if someone wants in, they'll hack in regardless. Btw, knowing websites like "Grandma's apple pie" forums, I can snatch up far more personal and useful information from those places than I can Wilders. I don't know, I just don't see a real need to protect users that much here. Even if it were members only, you can still find posts on Google and other engines, and the majority of the time, you can read the entire page of posts by clicking the link. Only when you try to read an unrelated thread, search, or do something else will you run into the locked door.

 

Sorry I guess I took the post in the wrong direction, or a bit wrong...

I was just pointing out many things, but what I'm trying to get out, regardless of anything, being open public or closed doors, I'm just saying what's being done to protect us here.

Actually don't forget, if Wilders has been logging you for as long as you've been a member and you are on your IP and it get's compromised, sorry this is really the thing I'm talking about.

So I talked about a lot to think about all the different ways to make it more secure, not so open and public, etc., etc., what I'm really concerned with, is what is going on behind the scenes at Wilders, how much logging information, IPs, PM logs, what can someone get if Wilders is compromised, that is why I brought up talking about all the other things...

Ok this better now?

 

PM logs would be where it's at, as far as getting information. God only knows what all gets said in those things. I don't run Wilders, so I don't know what they keep and don't keep. I imagine for legal reasons, PM logs are kept for at least a period of time. If you signed up with your normal email address, and your IP never changes, well, sure, that's useable information. I don't know, Das. I don't see a real threat, but that doesn't mean one isn't there.

 

Here are a couple of security-related threads from the not-too-distant past that include detailed posts from LWM that should shed some light on your general concerns, if not on your specific questions...

Wilders is now https (ssl)?
No ssl at wilders security forum??

 

Your concerns are valid for sure.Some examples of wilders policys like not sharing malware samples for one or links to malware.Also licence sharing inforamtion that has valid emails and or passwords giving away to members.Some other examples is policys on fowl language abuse.As far as privacy, I trust wilders to keep us safe besides its not like they have credit information.Its up to us to use strong logon password and be carefull what we share through PM messages.

 

Great place for active knowledge seeking and sharing on the technical side of computers (mainly security and privacy) with lots of freedom.

 

Other than the information you willingly volunteer in your plain text quotes, there's not too much interesting plain text information otherwise being sent in your packets, such as that in the referrers, which is only going to show your machine's CPU type, your browser type, O/S, language used, and your user name (which is shown on the site anyway). The password is in MD5 hash, so no worries here. It's going to be pretty tough for anyone to use this against you

 

Password's in a hash sure but it's transmitted over http or insecure https.

Not like it's a big deal - if you're PMing your social security and CC info around wilders you might want to take a second look at the situation.

 

Of course over http sending that kind of information would be ill advised.

 

Or HTTPS on a site that uses self signed certs.

Either way, no big deal. There's no real reason to have any serious personal info on here.

 

More about Wilders website security here...

-http://www.wilderssecurity.com/showthread.php?t=297208&highlight=wilders

I agree with LowWaterMark, that ssl is not required for this site, especially since the overhead it requires for the security it offers for this particular type of site is not a worthy tradeoff.

 

I agree as well.

 

Wilders protects us (collectively) by being public. In my experience, Wilders is typically at or near the top in searches about security and privacy. That may be disconcerting at times, I agree.

 

In a nutshell, secluding WSF from a large audience would defy it's purpose, I think.
Regarding the aspect of how Wilders treats the user 'data', it's just a matter of trust as with a lot of other websites. I see no reason to distrust WSF or it's mods.
The info posted here on Wilders is often highly informative for a large audience but it's not like this community is at the top of the security software<->privacy matters food chain.
No disrespect towards to WSF at all though, it's a great place to learn a lot about a lot (j/k Igor) but we aren't high value targets because we post about the workings of our favorite HIPS or try to promote knowledge about an IL process in IE.
And about protecting reputations, aren't real life and online reputations completely separate? Why not use a different nick on different fora if you're worried? Problem solved! I agree that your specific troll was an annoying bugger though, DasFox.

 

As with other forums out there, the onus is on the admins to ensure the software they use is up to date and any relevant patches are applied. They have policies in place, such as no direct links to live malware, which go some way to protect users.

Most forum software has the ability to log IPs etc., and the moderators/admins need that info, especially when it comes to dealing with disputes and, heaven forbid, banning/suspending users. You have to trust that they, the admins et al, use that information responsibly. As dw426 says, there's no real personal information here, unless you wish to share it. The discussions about your computer setups and what security measures you take are not really sensitive info and unlikely to be used against you.

 

If you speak, act and type what is right and lawful, you have nothing to fear.

If you speak, act and type in an honorable manner, you will not be disgraced.

If you speak, act and type about matters NOT of the sensitive nature, then you have nothing of personal value to be stolen.

Not adhering to these simple standards is where you get into trouble. Not adhering to these standards, while also not taking proper precautions, gets you into trouble.. faster.

I live by the ideas that everyone deserves respect (within reason), my business is only my business and should remain my business (not bragged about etc) and that the way you treat others is how you will be treated. I don't really care who sees my writings on the web. There is no real personal information that I fear, and next to nothing I have said that I would regret (although there are always some things you wish you could take back ).

So, no matter if it is Wilders or gmail, or any forum, it really makes no difference to me. Some people though, it seems they like the anonymity that the web brings, and act like jerks because they can and nobody really knows who they are (or so they believe). Different strokes for different folks I guess.

Sul.

 

Well said Sully I go by the same thoughts too...

 

Words of wisdom Sully and nicely said.

 

I have been lurking here for a long time. I only occasionally post but expect that to pick up somewhat. This is a great place to come and read.

I am a Mod and Admin on several sites so I have some knowledge of what goes on behind the scenes as far as forum software capabilities.

Most of my thoughts have been expressed by others in the posts above on this thread. The information being discussed is (should be anyway) all legal stuff to do. So it boils down to using your head when you communicate personal information that may apply to YOU specifically. For instance; in PM's I would strongly suggest the use of PGP if you communicate majorly behind the scenes. PGP works very well and accomplishes "eyes only" as it should be. This issues applies to ALL forums where you participate. An Admin can run queries and easily see any PM's they want. PGP removes that risk, pure and simple.

I feel safe here but do the basics like VPN, throw away emails, etc..... like any one of us might consider. Nothing beyond that is needed at a legal site doing legal things. Beyond that you would use "war driving" AP's and a non-traceable computer. I sure don't need that at Wilder's!!!

 

Just to throw in my two pennies here...I agree with everyone above regarding the SSL. It's not necessary site-wide. If LWM chooses to keep SSL on the sign-in page, I can see that and would think that makes a statement about security at a security site.

BTW, while we've got LWM in the thread here, thanks for all you do.

 

Actually I guess I still have not expressed myself completely, I'd like to know what Wilders is holding over us?

1. Is Wilders keeping any logs?

2. Are there any logs of PM being kept, or when we delete a PM is it being deleted completely off the database?

3. Is Wilders keeping a log or track record of IPs for any length of time?

Sully, long time since I've seen you and you know from our past chats I've respected you and admired you for your help and I appreciate too, but what you've said here is far from the truth in this world of corruption we live in;

If you speak, act and type what is right and lawful, you have nothing to fear.

Honest decent people that have stood up and spoken out truths around the world have been imprisoned and labeled as traitors and terrorists. The truth is, in this world, standing up and speaking out the right thing, does have grave consequences, that people have to be careful of, after all how many average citizens have the power or resources to take on big business or big government...

Anyhow I'm sure you're just talking about in the context of the forum, but even here, if we bash companies and talk about them, they also might want to say you have defamed their good name and try and bring a lawsuit against and people have slandered others on the internet and go to court over it.

Anyhow I'd really love the Wilders Admins to come on this post and tell us how they are protecting us and what they hold if anything over us each and every time we log in?


THANKS Wilders I do appreciate you, but please share, I think we all have a right to know?