TAFKARM Posted January 25, 2017 Posted January 25, 2017 I'm no techie, but just checking we don't potentially have the same issue? http://www.pistonheads.com/gassing/topic.asp?h=0&f=209&t=1576172 http://www.pistonheads.com/gassing/topic.asp?h=0&f=24&t=1648392
Nick Algar - Competition Secretary Posted January 25, 2017 Posted January 25, 2017 Thanks Russ and interesting read. I'm sure our webmaster will answer soon ?
bigron Posted January 25, 2017 Posted January 25, 2017 It doesn't look to be implemented on here. This isn't always a problem but my issue is with the sign in page which is also not secured by ssl/tls, so credentials from your browser to the site are sent in the clear. The chances of someone actually collecting the data is probably small but the risk still exists.
Dave Eastwood (Gadgetman) - Club Chairman Posted January 26, 2017 Posted January 26, 2017 The webmaster is aware of the thread. It's not my area of expertise, (I can knock an old fashioned style site together with Dreamweaver and Flash, but that's my limit!) So I can really add any comments of my own.
TAFKARM Posted January 26, 2017 Author Posted January 26, 2017 Thanks - my big concern is security of the "only you can see these details! Understand?" Data that sits in our profile. I'll await response from on high, but thought best raise a possible vulnerability.
Kingster Posted January 26, 2017 Posted January 26, 2017 2 hours ago, RussH said: Thanks - my big concern is security of the "only you can see these details! Understand?" Data that sits in our profile. I'll await response from on high, but thought best raise a possible vulnerability. The issue raised is to do with "packet sniffing" - so someone intercepting the network traffic when they are on the same network as you (like McDonalds/Airport/Office/Hotel wifi). Your details are secure unless someone hacks your account - and while it is technically possible for someone to intercept your email and password using a packet sniffer like WireShark, it is pretty unlikely. The issue was raised on PH a year ago and there's no news of mass attacks on there as far as I can see? User passwords are stored in an encrypted format, so even I can't see them. Personally - I don't use the same password for my bank etc as I do on forums or other public access sites and I change them every now and then despite the pain of remembering them all. However, I'll talk to the Committee about implementing SSL on the server as our Member's data integrity is obviously very important. 3
Kingster Posted February 14, 2017 Posted February 14, 2017 We now have SSL logins and an A rating on SSL labs you can put your details back in now @RussH so we can deliver your Club Mag! 2
TAFKARM Posted February 14, 2017 Author Posted February 14, 2017 Thanks Chris - amazing work considering how long it's taken those PH muppets
Kingster Posted February 14, 2017 Posted February 14, 2017 Thank Adrian for the effort all I did was prod him! As he set the server up I left it to him. Moving forward I'll be taking over more and more though
Captain Colonial Posted February 14, 2017 Posted February 14, 2017 Yes, my thanks to Ade and Chris for all they do, including this. Moving to this wasn't free and the risk was extremely minimal, but the cost was worth it to keep members feeling safe and secure about their personal details. I'd like to add the club has never suffered a security breach with member info. Of course, I know where you all live, and I know what some of you did last summer, so there's always me to worry about instead... 1
B.RAD Posted February 14, 2017 Posted February 14, 2017 Top work, thanks chaps And thanks Russ for flagging, you're my hero x
John Loudon - Sponsorship Liaison Posted February 15, 2017 Posted February 15, 2017 Since this was implemented I have been inundated with spam email. Is this coincidence or a possible link?
Recommended Posts