Camaro5 Chevy Camaro Forum / Camaro ZL1, SS and V6 Forums - Camaro5.com
 
dave@hennessey
Go Back   Camaro5 Chevy Camaro Forum / Camaro ZL1, SS and V6 Forums - Camaro5.com > Members Area > Site Related Announcements / Suggestions / Feedback / Questions


Reply
 
Thread Tools
Old 09-26-2017, 08:13 PM   #1
Risky Justice
 
Risky Justice's Avatar
 
Drives: 2016 Camaro 2SS M6
Join Date: Jan 2017
Location: Panama City, FL
Posts: 162
SSL

Why not enable SSL for the forums? Passwords aren't secure without it, and it would only be $10 a year. More to secure the Camaro5 forums and stuff though...
__________________
2016 Camaro 2SS M6 - bone stock
8.102 @ 89.85 MPH
Risky Justice is offline   Reply With Quote
Old 10-30-2017, 09:31 PM   #2
umby24
 
Drives: None
Join Date: May 2017
Location: Texas
Posts: 34
Agreed. Can also use Let's Encrypt and just get some free basic SSL Certs.
__________________
2017 HBM SS 1LE | EE Catch Can | Gm Clear tails
umby24 is offline   Reply With Quote
Old 10-30-2017, 09:58 PM   #3
h422694
 
h422694's Avatar
 
Drives: 2016 Z06 3LZ, 2014 Tacoma
Join Date: May 2015
Location: Kansas City area
Posts: 256
Just curious. What is being posted on Camaro / Corvette forums that needs to be secured?
h422694 is offline   Reply With Quote
Old 10-30-2017, 10:42 PM   #4
Risky Justice
 
Risky Justice's Avatar
 
Drives: 2016 Camaro 2SS M6
Join Date: Jan 2017
Location: Panama City, FL
Posts: 162
Well, if someone with the expertise wanted to, they could gain access to an administrative account. No password on these forums is secure.
__________________
2016 Camaro 2SS M6 - bone stock
8.102 @ 89.85 MPH
Risky Justice is offline   Reply With Quote
Old 10-31-2017, 03:57 AM   #5
h422694
 
h422694's Avatar
 
Drives: 2016 Z06 3LZ, 2014 Tacoma
Join Date: May 2015
Location: Kansas City area
Posts: 256
Really? And if someone actually had the "expertise" you are talking about, SSL wouldn't even slow them up. Think target, Bank of America, and Experian just to name a few. And those companies spend millions on security, not $10.00.
h422694 is offline   Reply With Quote
Old 10-31-2017, 01:00 PM   #6
umby24
 
Drives: None
Join Date: May 2017
Location: Texas
Posts: 34
As I see it, you have two things users would care about, and an additional item for what the administrators will care about.

For the users:
1. Their passwords
Most users have some degree of password reuse between sites. This being the case, as they are transmitting their sensitive password across the wire unencrypted, anyone who happens to be in the path between their computer, and the server where camaro6 is hosted now have that person's password in plain. All it takes is a MITM on any one of those nodes (from my location, thats 14 nodes) and your account is compromised, on top of any other sites that you use the same/similar login credentials. That could be a users bank, email, network, etc.

2. Their private messages

Private messages are supposed to be just that, private. Again through MITM attacks, stealing the creds, or just straight sniffing their traffic on a pub wifi, you have their "private" creds, their "private" messages, all in your hands. This is a simple attack to carry out for pretty much anyone. There are video tutorials all over the place on how to accomplish this.

Administrators:

3. Admin control of Camaro6, Camaro5, Corvette7.
Sniffing the traffic of an administrator of this site opens up compromise to the entire network of websites and forums hosted by them to destruction, essentially. This would be any attackers ideal situation, as from that point forward they have complete control.


The companies who spent millions on security were worth trillions. They're going to have the best of the best of attackers hitting them every day just due to the possibility for a huge payday. Thats how a company spending millions on security can be hit. An attacker of that skill level is unlikely to be interested in a site of this size.

However, the excuse of "Hackers will get in anyway, why spend money on security?" is like saying "Robbers will just kick the door off the hinges, why put a lock on my door?"

In both instances the lack of security is an invitation to attack, and having security acts as a deterrent. The more difficult it is to get at something, the less inviting it is to would be attackers.

If you practice a zero reuse policy on passwords, don't expose your e-mail address or login name for other places or where you browse outside of camaro6, then you're in a good place, but to blanket assume that everyone else does so would be incorrect, because I can pretty much promise there are multiple users on this site who use the same login for their email or bank as they do for this site.

I'll quote someone else on this:
"If you let people store a password with you, you must take responsibility for protecting it, even if the security of your own site isn't critical."

TLDR; Having SSL Ensures the C.I.A. Of this site, provides peace of mind for users, and protects them when they browse outside of this website.
__________________
2017 HBM SS 1LE | EE Catch Can | Gm Clear tails
umby24 is offline   Reply With Quote
Old 10-31-2017, 01:38 PM   #7
Risky Justice
 
Risky Justice's Avatar
 
Drives: 2016 Camaro 2SS M6
Join Date: Jan 2017
Location: Panama City, FL
Posts: 162
Quote:
Originally Posted by h422694 View Post
Really? And if someone actually had the "expertise" you are talking about, SSL wouldn't even slow them up. Think target, Bank of America, and Experian just to name a few. And those companies spend millions on security, not $10.00.
Good thing those people aren't likely to care about these forums. Some bored teenager on some Mustang forums might get a kick out of it though. Just like locking your house won't keep everyone out, it still keeps the majority out, and that is better than nothing.
__________________
2016 Camaro 2SS M6 - bone stock
8.102 @ 89.85 MPH
Risky Justice is offline   Reply With Quote
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 04:34 AM.


Powered by vBulletin® Version 3.8.9 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.