Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Cloud server plans you would like to see - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Cloud server plans you would like to see

245

Comments

  • that is why all passwords in the system are stored in a hash. The issue you are talking about they would actually have to have access to your browser which the ssl cert would not protect against. The ssl cert only protects the data that is sent during the transfer to a thrid pary.

  • ssl does not protect against getting hacked for an account. There is a reason that this forum here is not required to use ssl. I agree it is a good thing, but it is just a childs blanket for people, in this case as it does not protect anything if you are not transfering data between 2 servers. Since Paypal uses the ssl for the transfer of payment information it really is redundant and means absolutley nothing.

  • @24khost said: that is why all passwords in the system are stored in a hash.

    lol are you seriously not understanding what SSL is good for?

  • I do but this one is not an issue.

  • TazTaz Member

    @24khost said: that is why all passwords in the system are stored in a hash. The issue you are talking about they would actually have to have access to your browser which the ssl cert would not protect against. The ssl cert only protects the data that is sent during the transfer to a thrid pary.

    They are store "IN YOUR SERVER" as hash, When the user inputs, they use plain text, send that information from their browser.

    Your hash is only valid for your server, users are not using hash when they signup or login.

    for example, if my password is "IloveMonkey", I will input that while logging in, not a 64bit hash like "496c6f76654d6f6e6b6579". "Ilovemonkey" can be fetched while eavesdropping user connection which is not encrypted. I know some one here can explain better than me. But seriously, assuming you have been in business since 10, you should have known the basic technical fact.

  • TazTaz Member

    @gsrdgrdghd said: lol are you seriously not understanding what SSL is good for?

    Troll in my mind, don't feed em please.

  • TazTaz Member

    @24khost said: I do but this one is not an issue.

    No you are not understanding and this is an issue. When was the last time facebook took your CC info? Google search took your CC info? Still they are using SSL.

  • You really need to understand what ssl actually does.

    http://www.askdavetaylor.com/how_does_https_ssl_keep_information_safe.html

    It does not protect your data, it basically confirms who I am that your are dealing with the actual website and not a phishing site.

  • TazTaz Member

    @24khost, you are the only one missing what SSL is.
    NVM, you do not care about your users information, who am I to give crap. I care about my users and my own.

  • I know what ssl is. I also know how to do research.

    The protection of members private info is very near and dear to us. And we do all we can to protect it.

    Though in this aspect it effectually does nothing but provide you a sense of comfort. It would provide no real protection. This is why places that do not keep financial info are not required to use it.

    You also must understand how the billing software stores the domain names. md5 hash + Salt which we have changed the salt password in our install.

  • TazTaz Member

    @24khost said: You also must understand how the billing software stores the domain names. md5 hash + Salt which we have changed the salt password in our install.

    Talk much about hash and craps, remember recent whmcs incident?

  • yes social engineering, the ssl didn't help now did it?

  • Do I use a 3rd party payment processor?
    If your e-commerce site forwards your visitors to a 3rd party payment processor (like PayPal) to enter the credit card information then you don’t need an SSL certificate because your website won’t touch the credit card information. Just make sure none of the credit card details get entered when the address bar still shows your domain name. Note that PayPal allows you to accept the credit card information on your site or forward visitors to their site. If you accept the credit card information on your site, you need an SSL certificate.

    Straight from sslshopper.com

  • Please understand we appreciate your opinion, but we have actually researched what actually is needed and what is not.

    The data taken from whmcs, was due to an employee at hostgator. Not whmcs issue. Passwords are as secure as can be. You password protect your config file and you have no problems. This would require getting my password to the server which we use a randomly generated secore password.

  • TazTaz Member
    edited July 2012

    Trying wake an awake person is something I can not do. Any how, I am done with your things. I won't be posting on this thread. But some info to point out that might (!) help you and your users,

    Your website is full of broken links, lorem ipsum text, missing useful information, terrible pixelated graphics, you have SLA with out further info, site information on one of your legit (?) testimonial doesn't load. Please fix your site before promoting.

    Best of luck!

  • @24khost said: Though in this aspect it effectually does nothing but provide you a sense of comfort. It would provide no real protection.

    SSL is only there to provide a sense of comfort but does not provide real protection?

    Thanked by 1Taz
  • in our case since we use paypal and store no payment information on our server as i posted earlier. It is not needed.

  • You, sir, are a joke and i would never trust you with my personal information. Anyone who does is a fool.

  • You have no clue what SSL does. It's for key exchange, but it also encrypts the information being sent between you and your end users. Otherwise their username and password are being sent in clear text, which can be snooped on.

    Also, md5 + salt? That's no better protection than md5. Why are people still using hashing algorithms that were broken in 2005?

  • TazTaz Member

    Got bored explaining the same.

  • Specially when there is no data other than you address, phone number and email address saved on our server. All transactions of credit card and such is handled by paypal.

  • gsrdgrdghdgsrdgrdghd Member
    edited July 2012

    @24khost said: Specially when there is no data other than you address, phone number and email address saved on our server.

    image

    What the fuck does the data saved on your server has to do with SSL? And you don't think passwords are sensitive data?

    @Zen: the only pratical way @24khost's SSL could be decrypted would be when someone went through the trouble of hacking a CA and creating certificated for 24khost. And the odds of that are practically zero.

  • "SSL 1.0 has been cracked"

    I assume you're talking about TLS 1.0. There have been patches that fixed the vulnerability that allowed the BEAST attacks.

    Yes, SSL "only" protects communications between client and server. That's all it's supposed to do. I'm not worried about some guy sniffing traffic in Starbucks hacking my server, and I can't prevent him from hacking a client machine, but I can trivially prevent him from getting a free pass at user data between a user and my server, making him more likely to go for the low-hanging fruit of people who don't take those precautions.

    It's silly to say that you shouldn't encrypt communications because someone could just hack your server. The key space of the average household door lock is only 10^5 (5 pins, 10 pin sizes), and a guy with a 10 cent bump key makes it obsolete. I'm guessing you still lock your door rather than leaving it wide open with a sign that says, "Rob me."

    tl;dr: The existence of attacks against security tools does not make security obsolete, and it does not absolve businesses of the need to behave responsibly with client data. You need to make your best effort, which means maybe understanding what SSL actually does, and consigning MD5 to the scrap heap.

  • Even lets say you get sniffed and he gets into your account on my server what information there is he going to use. It is your fault if you use the same password for everything.

  • @24khost said: Even lets say you get sniffed and he gets into your account on my server what information there is he going to use. It is your fault if you use the same password for everything.

    Like i said, you and your "company" are a complete joke.

  • TazTaz Member

    @24khost go back to wht and continue your BS cause you got too many kids over there who doesn't know a crap and A$$ modes who will stop smart ones from pointing you out. If you can not do things the right way, please Stop using LET and LEB, you will only hurt your (?)business(?) and your reputation (?) .

  • Do I need one?

    If customers are not entering credit card information directly on your website, but rather entering it directly on a payment processing company's website, such as PayPal, Google Checkout or Amazon Payments, then you do not need an SSL Certificate, since you are not transmitting or storing credit card information.

    Hostgator -> http://www.google.com/url?sa=t&rct=j&q=do i need an ssl&source=web&cd=4&ved=0CGQQFjAD&url=http://support.hostgator.com/articles/what-type-of-ssl-secure-certificate-do-i-need&ei=x6YRUKDwEYK56wGB5YGwCQ&usg=AFQjCNFs-f35AlYvIZ26ZnvY72tHlYSVoA

    What kind of "sensitive private data" needs protection?
    Private data is information that should only be known to you (the website owner) and the user. The most obvious example is credit card numbers. If you outsource your credit card processing to an external e-commerce gateway, the transactions are protected by your e-commerce provider's SSL. Adding SSL on your website is not necessary.

    Passwords may also be sensitive if they access private data or functions, such as bank account statements, email inboxes, and so on. Passwords that merely access a members-only area are less sensitive, because these resources are shared and not truly private.

    Note that personal information such as names, email addresses, phone numbers, and mailing addresses are not private. This is information that is meant to be shared with others. SSL does not really protect information that is already publicly available in more accessible formats such as the phone book

  • http://support.exware.com/ssl.html

    Read that folks that should inform you a little more about ssl and the fact that what I am saying is correct. Do i have a ssl cert yep, has it been put back up yet nope. Is it really that important, only to people who feel that it keeps them safer even though it is protecting nothing important.

  • TazTaz Member

    @Zen I completely honor and agree with your comment, how ever, OP will only hurt himself if he continues this argument.

  • TazTaz Member

    Have you read the whole thing your self sir?

Sign In or Register to comment.