Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
HTTPS for LET
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

HTTPS for LET

MunMun Member without signature
edited May 2013 in General

I think LET is big enough and profitable enough for a good SSL cert to help protect all of us from nasty things, what do you think?

«1

Comments

  • protect from what ???

  • AmitzAmitz Member

    Ha! I see a "Thanks"-Button before that happens!

    For those who care:
    You can now find me at https://talk.lowendspirit.com or https://www.hostballs.com

  • MunMun Member without signature

    well as of current all traffic is sent in plain text meaning I can theoretically steal your password and take over your account.

  • 24khost24khost Member

    I will keep out of this discussion. Unless @Taz is here!

  • 24khost24khost Member

    Or do what yahoo does and sha1 the password with JavaScript before it is sent over http:

  • KuJoeKuJoe Member, Provider

    How many people are paying with credit card for access to LET? HTTPS is a waste of time for a forum.

    -Joe @ SecureDragon - LEB's Powered by Wyvern in FL, CO, CA, IL, NJ, GA, OR, TX, and AZ
    Need backup space? Check out BackupDragon
  • yomeroyomero Member

    Yes, you can steal it if you can reach one of the hops between me and let... not gonna happen, lol

  • I want a spam protection before that and community ban system - ban people by voting them ban for 1 day and if a lot of people press same, you get banned for 1 day.

  • AndreAndre Member

    a good SSL cert

    Is there an issue with using a cheap one?

    Do not click this link.
  • @Mun, You should really understand how internet works.

  • MunMun Member without signature

    @darknessends said: I want a spam protection before that and community ban system - ban people by voting them ban for 1 day and if a lot of people press same, you get banned for 1 day.

    Ironic....

  • MunMun Member without signature

    @darknessends said: @Mun, You should really understand how internet works.

    ....facepalm, what don't I understand now ohhh wise one.

  • KuJoeKuJoe Member, Provider

    If a hacker had root access to the LET server, they would disable HTTPS instead of taking encrypted packets.

    -Joe @ SecureDragon - LEB's Powered by Wyvern in FL, CO, CA, IL, NJ, GA, OR, TX, and AZ
    Need backup space? Check out BackupDragon
  • @Mun, brother no offence. This is a forum. It really does not needs too much security unless a lot of incidence of such gruesome act happens. Focus on what @yomero says - You can steal password if you reach a hop between the client user and lowendtalk, that will only happen if we are being routed by one of your servers that is not the case or if you are on same LAN as ours and you use a MITM / ARP Poisoning attack, again which is not the case. Most of the users on LET surfing from their private computers makes it a bit less probable scenario.

  • joepie91joepie91 Member, Provider

    @KuJoe said: If a hacker had root access to the LET server, they would disable HTTPS instead of taking encrypted packets.

    HTTPS is typically used as a transport security layer, not a server security layer. The hops inbetween is what HTTPS is for - both at the carrier level, and on the machine of the user.

  • Especially when signup is free and you can troll, derail and post non sense stuff as much as you can and no body does justice.

  • AndreAndre Member

    @KuJoe said: root access to the LET server, they would disable HTTPS instead of taking encrypted packets.

    Rather than just stealing the DB? wut

    Do not click this link.
  • MunMun Member without signature

    So what if it is a forum?

    Alliedmodders is a forum, and they have ssl. They don't have cash exchanges, they just know it is a better thing to do when you have a large community where a bunch of things go on.

  • @Mun, leave you do not get it. Just do not feel fantasy for implementing any technology anwhere ! It becomes like mongoDb is better than MySQL scenario. Consider the pros and cons as well. Also consider how neccessary it is to implement it. I would love to have you write a common "Thank You" plugin for vanilla and ask @Liam to use it on LET.

  • MunMun Member without signature

    The thank you button has already been written and given to @chief, he just doesn't install it.

  • @Mun, Than you can make a website, like LowEndTalkThankYou.com and build a ranking list all over there, let people signup there, verify from pm here, and let them thankyou each other, use Ajax charts and Node to build beautiful statistics out of it.

  • MunMun Member without signature

    @darknessends said: @Mun, Than you can make a website, like LowEndTalkThankYou.com and build a ranking list all over there, let people signup there, verify from pm here, and let them thankyou each other, use Ajax charts and Node to build beautiful statistics out of it.

    Indeed I could. But I don't really see the point. The Thank you button was meant for comment level, and not for the person all around.

  • @Mun, That could be point for a hot discussion, Raise a thread and lets see how does the LET reacts to idea of ranking, It may lead to a rush to be a more productive and disciplined community rather than Troll Mass Generator.

  • MunMun Member without signature

    @darknessends said: @Mun, That could be point for a hot discussion, Raise a thread and lets see how does the LET reacts to idea of ranking, It may lead to a rush to be a more productive and disciplined community rather than Troll Mass Generator.

    There you go.

  • bdtechbdtech Member

    All that's needed is SSL at login. This will keep you safe enough on public networks.

  • SpencerSpencer Member

    Lets be honest here, even if we needed it, a Mr Somebody would never do it due to his "busy" schedule

  • @Mun said: Alliedmodders is a forum, and they have ssl. They don't have cash exchanges, they just know it is a better thing to do when you have a large community where a bunch of things go on.

    Alliedmodders jumped off a bridge, are you going to do the same also?

    How to clean up a questionable reputation: throw the kids some BF/CM offers.

  • MunMun Member without signature

    @doughmanes said: Alliedmodders jumped off a bridge, are you going to do the same also?

    No, but the last time I checked SSL isn't committing suicide, killling someone, or involving of death.

  • @Mun said: No, but the last time I checked SSL isn't committing suicide, killling someone, or involving of death.

    You sound quite the expert on SSL, tell us more why you think snake oil should be applied on the forum

    How to clean up a questionable reputation: throw the kids some BF/CM offers.

  • MunMun Member without signature

    @doughmanes said: You sound quite the expert on SSL, tell us more why you think snake oil should be applied on the forum

    It leaves a gleaming green glow in the upper left hand of your browser :)

  • @Mun said: It leaves a gleaming green glow in the upper left hand of your browser :)

    Anything else to help you sleep good at night?

    How to clean up a questionable reputation: throw the kids some BF/CM offers.

  • MunMun Member without signature

    @doughmanes said: Anything else to help you sleep good at night?

    @chief getting involved. (I know it is a dream)

  • Serving you the best VPS, Web hosting, dedicated servers and more - Cloud Shards | Query Foundry
    We operate the network AS62638 | Available in Syd AU and Dallas, Los Angeles and NYC USA
  • MrOwenMrOwen Member

    @Mun said: It leaves a gleaming green glow in the upper left hand of your browser :)

    >Implying @Chief would spring for an EV cert.
    >Implying LET has the proper documents for an EV cert

  • udkudk Member

    @bdtech said: All that's needed is SSL at login. This will keep you safe enough on public networks.

    If you're going to have SSL, have it everywhere. Just on login will do shit all for security as you can intercept session cookies elsewhere.

  • SpencerSpencer Member

    EV SSL Certs are so dumb. I would say about 99.1% of all users dont know/care about it

  • MrOwenMrOwen Member

    @Spencer said: EV SSL Certs are so dumb. I would say about 99.1% of all users dont know/care about it

    Wait. Let me get this straight: you mean to say tech-illiterate people don't know that in order to get the EV cert, you have to submit a bunch of documents proving you're a real business??? And on top of that, they don't know what an EV cert is??!? :\

  • NickONickO Member

    @Mun said: I can theoretically steal your password and take over your account.

    You going to fly to New Zealand, find my address, come to my house, crack my 24 digit WiFi password and then sniff packets just to find my LET password? Go ahead.

  • yomeroyomero Member

    @udk said: If you're going to have SSL, have it everywhere. Just on login will do shit all for security as you can intercept session cookies elsewhere.

    Agree
    And despite that, big companies like Valve still do it ¬_¬ useless.

  • DStroutDStrout Member

    @NickO said: You going to fly to New Zealand, find my address, come to my house, crack my 24 digit WiFi password and then sniff packets just to find my LET password? Go ahead.

    New Zealand, here I come. Where did you say you lived in NZ again? Also, for security purposes, I'm going to need to verify your Wifi password.

    You could keep reading this on a site infamous for its ties to (ahem) one particular organization, or you could check out vpsBoard, which has no such ties and tolerates no bullshit. Your choice.

  • MunMun Member without signature

    @DStrout said: New Zealand, here I come. Where did you say you lived in NZ again? Also, for security purposes, I'm going to need to verify your Wifi password.

    just take his internet connect and put a hub on it with wireshark :)

  • klikliklikli Member
    edited May 2013

    I guess there is a more common scenario. Right now I use a LEB provider here to proxy my Internet connection. Without HTTPS, in theory, he could steal my password and session (cookies).

  • @MrOwen said: >Implying LET has the proper documents for an EV cert

    Funny how some folks demand almost similar documents/"proof" for a LEB host offer

    How to clean up a questionable reputation: throw the kids some BF/CM offers.

  • MrOwenMrOwen Member

    @doughmanes said: Funny how some folks demand almost similar documents/"proof" for a LEB host offer

    And cue conspiracy theories.

  • @MrOwen said: And cue conspiracy theories.

    Chief shot JFK
    Liam is Justin Bieber's brother from a one night stand that the Bieber family won't agree to DNA tests for
    Infinity snitched on bin Laden, leading to his death

    How to clean up a questionable reputation: throw the kids some BF/CM offers.

  • mojedamojeda Member
    edited May 2013
  • eva2000eva2000 Member

    LET uses Nginx so why not SSL for SPDY support ?

    * Centmin Mod Project (HTTP/2 support + ngx_pagespeed + Nginx Lua + Vhost Stats)
    * Centmin Mod LEMP Stack Quick Install Guide
  • marcmmarcm Member

    @eva2000 said: LET uses Nginx so why not SSL for SPDY support ?

    @eva2000 - It runs on Nginx 1.0.13 - For proper SPDY support it needs to run Nginx 1.4. I think that a better option would be to just turn on the CloudFlare features and call it a day ;-)

  • jeffjeff Member

    I am now going to watch Logan's Run, sometime I like the runners, sometimes I like the sandmen.

    Thanks! Jeff

Sign In or Register to comment.