Matrix Games Forums

Forums  Register  Login  Photo Gallery  Member List  Search  Calendars  FAQ 

My Profile  Inbox  Address Book  My Subscription  My Forums  Log Out

Not Secure

 
View related threads: (in this forum | in all forums)

Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [General] >> General Discussion >> Not Secure Page: [1]
Login
Message << Older Topic   Newer Topic >>
Not Secure - 11/1/2018 9:45:00 PM   
John B.


Posts: 3522
Joined: 9/25/2011
From: Virginia
Status: offline
I'm getting the message that the Matrix site is not secure. Am I missing something on this?
Post #: 1
RE: Not Secure - 11/2/2018 6:51:50 AM   
zakblood


Posts: 22402
Joined: 10/4/2012
Status: online
no that's normal, it just means it's an unencrypted connection, a strategy designed to spur web developers to embrace HTTPS encryption, which apart from the store on the site, is enabled of course but not needed elsewhere as no data which can be tampered or saved or altered with is needed to be encrypted.

(in reply to John B.)
Post #: 2
RE: Not Secure - 11/2/2018 11:16:45 AM   
John B.


Posts: 3522
Joined: 9/25/2011
From: Virginia
Status: offline
Thanks!

(in reply to zakblood)
Post #: 3
RE: Not Secure - 11/2/2018 11:41:38 AM   
RichG

 

Posts: 96
Joined: 11/28/2015
Status: offline

quote:

ORIGINAL: zakblood

no that's normal, it just means it's an unencrypted connection, a strategy designed to spur web developers to embrace HTTPS encryption, which apart from the store on the site, is enabled of course but not needed elsewhere as no data which can be tampered or saved or altered with is needed to be encrypted.


Zakblood, while you are correct about the store connections being encrypted, there is serious problem in that the forum login is not encrypted, which means the passwords are transmitted in plain text. Given that our forum and store login details are the same, this potentially allows for our accounts to be hacked easily through man-in-the-middle attacks or other malicious means.

In this day and age this shouldn't be accepted, and should be fixed asap.

(in reply to zakblood)
Post #: 4
RE: Not Secure - 11/2/2018 11:53:49 AM   
zakblood


Posts: 22402
Joined: 10/4/2012
Status: online
unless your doing this on someone else's wifi, i can't see the problem tbh, first they would need you to login while there and then save the data and recover it, while it's not impossible for that to happen, more often than not it's someone there in the same room with a wifi sniffer with software enabled to grab the process on the fly, and yes while encrypted would stop this, most have more sense to login anywhere in public, or should have.

but it's not my call, i'm not staff or part of the staff, so my answer was per question, not if i agree or disagree with how the site it run or used.

most accounts get hacked by poor passwords or badly patched operating systems and flaws in user behavior, with more knowledge and safer surfing habits, most will be fine, like 99% etc imo, maybe wrong, it's just my opinion

(in reply to RichG)
Post #: 5
RE: Not Secure - 11/2/2018 12:09:36 PM   
RichG

 

Posts: 96
Joined: 11/28/2015
Status: offline
quote:

unless your doing this on someone else's wifi, i can't see the problem tbh


Unfortunately, man in the middle attacks are not restricted to wi-fi. It could be malware running at the web hosting company that Matrix use (often due to servers being hacked), or possibly even at the users ISP (who aren't always immune to malicious staff members). These issues do occur, probably far more often than were are ever told.

quote:

most accounts get hacked by poor passwords or badly patched operating systems and flaws in user behavior


User behaviour is by far the biggest security issue anywhere, but this concern we talk about here can be fixed pretty easy by Matrix if they cared.

(in reply to zakblood)
Post #: 6
RE: Not Secure - 11/2/2018 12:38:08 PM   
zakblood


Posts: 22402
Joined: 10/4/2012
Status: online
sorry this is where i'll step out of it, if you wish to say something to the forum / company owners, i'm not the gun to fire the bullet

(in reply to RichG)
Post #: 7
RE: Not Secure - 11/2/2018 1:01:43 PM   
Mobeer


Posts: 608
Joined: 1/17/2007
Status: offline
There's also a general idea that if you encrypt everything then sensitive data is hard to find. If you just encrypt one communication then its pretty obvious that is more valuable than average.

(in reply to zakblood)
Post #: 8
RE: Not Secure - 11/2/2018 6:15:00 PM   
Cataphract88


Posts: 726
Joined: 10/5/2012
From: Britannia
Status: offline
Fix this Matrix/Slitherine, apart from anything else it doesn't look very professional.

_____________________________

Richard

(in reply to Mobeer)
Post #: 9
RE: Not Secure - 11/5/2018 3:02:21 PM   
PipFromSlitherine

 

Posts: 1373
Joined: 6/23/2010
Status: offline
It's very hard to do for sites like forums are it to some extent requires everything that they link to to be HTTPS as well. It is on the long list of server upgrade requests :)

Cheers

Pip


_____________________________

follow me on Twitter here

(in reply to Cataphract88)
Post #: 10
Page:   [1]
All Forums >> [General] >> General Discussion >> Not Secure Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.225