Logging into wilderssecurity securely

Discussion in 'General Topics' started by Overwriter, Aug 17, 2008.

Thread Status:
Not open for further replies.
  1. Overwriter

    Overwriter Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    35
    Hi

    I was wondering is there any way of logging into wilderssecurity securely instead of sending my user name and password in clear text ?

    Thank you.
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    No, sorry, there isn't. We don't have SSL support for the forum.
     
  3. Overwriter

    Overwriter Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    35
    OK thank you.

    Any chance of a self signed certificate ? Or is it more technical than that ?

    It just seems funny that a security forum doesn’t have, err, a secure log in !:D

    (Only joking).:D

    Thanks anyway.
     
  4. Eagle Creek

    Eagle Creek Global Moderator

    Joined:
    Jul 27, 2004
    Posts:
    734
    Location:
    The Netherlands
    As far as I know, the majority of internet forums (including security related websites) don't use an SSL secure connection.
     
  5. Overwriter

    Overwriter Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    35
    I have been on forums that do, especially the security ones. Isn’t this a chance for wilderssecurity to lead by example ?
     
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Actually, yes, it is more technical than that. A "self signed" certifcate would lead to far more questions, such as... Why does my browser say you don't have a legitimate certificate? Why don't you have a "real certificate"?

    If you want to understand the issues involved, you will do a search on "SSL login" via google and include vbulletin as a phrase.

    http://www.google.com/search?num=30...Kv&q=ssl login site:vbulletin.com&btnG=Search

    You'll see the issues involved, and they are indeed, many. It includes excessive costs as well as serious technical issues not addressed by simpy "having a certicate".

    Eagle Creek is right. 99%+ of forums do not use SSL secured pages - including, the forums at vbulletin.com themselves.
     
  7. Overwriter

    Overwriter Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    35
    Hi

    Thank you for your reply.

    I understand that some people may ask why the certificate is not signed but I wonder if those users would select the “log in securely” option anyway ?

    Also I wasn’t suggesting that all the forum pages were over SSL, I was just asking for a secure log in. I understand shared servers etc wouldn’t be able to cope with the CPU demand of many users on one forum if all pages were encrypted using SSL.

    I believe there are some certificate authorities who are offering free authentication for personal and non profit making groups etc. So I wonder if that may solve one problem ?

    Anyway I was only asking out of interest and it doesn’t really matter if you are not keen on the idea, which neither of you seem to be. I just don’t like signing into things over an unsecured link but I guess I am a little too security conscious.

    Thank you for your time answering my question.

    Oh, as for the 99% of forums not being secure, surly wilders-security should be in the top 1% !!

    Thanks again.
     
  8. Nagib

    Nagib Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    21
    Overwriter, you can always use TOR if you want to hide your browsing. But you also have to create email acc while using TOR. You shouldn't log in to any acc you created in direct connection while using TOR.

    TOR is a wonderful solution. If it's used in a proper way.
     
  9. Overwriter

    Overwriter Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    35
    Hi Nagib:)


    I do use TOR and that is why I would like a secure login on the forum to prevent the exit node from viewing my username and password. I am sure you know but many others don’t realise that the exit node see’s everything in plain text.

    Thanks for your help.:)
     
  10. Nagib

    Nagib Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    21
    Yes, that's why everybody should use only accounts which they created on TOR while using it.

    If you're doing it in a proper way it's not a big deal even if someone manages to see your password. Who cares? What the exit node owner can possibly do except changing your password and playing with your account (it would be very childish and boring for every grown-up normal human).
     
Loading...
Thread Status:
Not open for further replies.