Jump to content



Photo

Neowin Login Not Secure?

question suggestion

  • This topic is locked This topic is locked
108 replies to this topic

#16 Kelxin

Kelxin

    Neowinian

  • Joined: 08-April 04

Posted 26 February 2013 - 08:24

Hrm, I think I have about 20ish passwords for my own uses, then a unique password for each of my 200+ clients servers ... Somedays I feel like bashing my head against a wall trying to remember one... but hey, its definitely more secure than some of the other options in the world.


#17 Steven P.

Steven P.

    aka Neobond

  • Tech Issues Solved: 76
  • Joined: 09-July 01
  • Location: Neowin HQ

Posted 26 February 2013 - 08:45

I suppose I'm more surprised it's taken 13 years to discover this (massive?) flaw, but I've alerted Redmak and DaveLegg to have a look.

Thanks BudMan.

#18 nekkidtruth

nekkidtruth

    I'm sorry, do you still exist?

  • Joined: 10-March 07
  • Location: Canada
  • OS: Windows 7 64-bit
  • Phone: Stock LG Nexus 5

Posted 26 February 2013 - 08:51

I suppose I'm more surprised it's taken 13 years to discover this (massive?) flaw, but I've alerted Redmak and DaveLegg to have a look.

Thanks BudMan.


I LOL'd at 13 years. What does that say about this "technically savvy" community? Haha :shifty:

#19 Steven P.

Steven P.

    aka Neobond

  • Tech Issues Solved: 76
  • Joined: 09-July 01
  • Location: Neowin HQ

Posted 26 February 2013 - 08:59

I LOL'd at 13 years. What does that say about this "technically savvy" community? Haha :shifty:


About as much as your "helpful" response I suppose.

#20 nekkidtruth

nekkidtruth

    I'm sorry, do you still exist?

  • Joined: 10-March 07
  • Location: Canada
  • OS: Windows 7 64-bit
  • Phone: Stock LG Nexus 5

Posted 26 February 2013 - 09:09

About as much as your "helpful" response I suppose.


Touche. However, doesn't make it any less humorous. ;)

#21 DaveLegg

DaveLegg

    Coderator at heart

  • Tech Issues Solved: 13
  • Joined: 31-October 04
  • Location: Oxford, UK

Posted 26 February 2013 - 09:31

There was a previous discussion about this here: http://www.neowin.ne...ds-https-login/

#22 Steven P.

Steven P.

    aka Neobond

  • Tech Issues Solved: 76
  • Joined: 09-July 01
  • Location: Neowin HQ

Posted 26 February 2013 - 09:32

Touche. However, doesn't make it any less humorous. ;)


It's humorous that you don't understand that this isn't actually a huge problem, and can only be resolved by purchasing an expensive SSL certificate for 3 servers, or have a free one cry about it being self signed (creating an unnecessary browser alert for my site).

#23 uMadRabbit

uMadRabbit

    Neowinian Senior

  • Joined: 03-January 12

Posted 26 February 2013 - 09:34

Guess he doesn't really know how much SSL certs actually cost.

#24 Steven P.

Steven P.

    aka Neobond

  • Tech Issues Solved: 76
  • Joined: 09-July 01
  • Location: Neowin HQ

Posted 26 February 2013 - 09:35

Guess he doesn't really know how much SSL certs actually cost.


Ones that are fully trusted, and don't create browser alerts yeah.. expensive.

#25 +i11usive

i11usive

    Neowinian Senior

  • Joined: 28-November 06
  • OS: Windows 8.1
  • Phone: Galaxy S5

Posted 26 February 2013 - 09:36

Guess he doesn't really know how much SSL certs actually cost.


RapidSSL are knocking them out for US$49 :)

#26 articuno1au

articuno1au

    Neowinian Senior

  • Tech Issues Solved: 2
  • Joined: 20-March 11
  • Location: Brisbane, Australia

Posted 26 February 2013 - 09:38

I was going to say. There's dozens of certified signing authorities that do SSL cert pricing for reasonable money O.o

Comodo will sign a multi-domain cert through namecheap for $91..

http://www.namecheap...tes/comodo.aspx

#27 nekkidtruth

nekkidtruth

    I'm sorry, do you still exist?

  • Joined: 10-March 07
  • Location: Canada
  • OS: Windows 7 64-bit
  • Phone: Stock LG Nexus 5

Posted 26 February 2013 - 09:39

It's humorous that you don't understand that this isn't actually a huge problem, and can only be resolved by purchasing an expensive SSL certificate for 3 servers, or have a free one cry about it being self signed (creating an unnecessary browser alert for my site).


So...because I found humor in the length of time it took someone on a tech site to notice something such as this, automatically equates to my having no understanding. Ooook.

#28 Steven P.

Steven P.

    aka Neobond

  • Tech Issues Solved: 76
  • Joined: 09-July 01
  • Location: Neowin HQ

Posted 26 February 2013 - 09:42

So...because I found humor in the length of time it took someone on a tech site to notice something such as this, automatically equates to my having no understanding. Ooook.


Don't worry about it :)

#29 DaveLegg

DaveLegg

    Coderator at heart

  • Tech Issues Solved: 13
  • Joined: 31-October 04
  • Location: Oxford, UK

Posted 26 February 2013 - 09:48

So...because I found humor in the length of time it took someone on a tech site to notice something such as this, automatically equates to my having no understanding. Ooook.

I think Neobond merely misinterpreted the first post, as not having SSL is something we've discussed in the past (as shown by the link in my previous post)

#30 +GreenMartian

GreenMartian

    Neowinian Senior

  • Joined: 28-August 04
  • Location: adelaide, au

Posted 26 February 2013 - 09:56

So...because I found humor in the length of time it took someone on a tech site to notice something such as this, automatically equates to my having no understanding. Ooook.

Ook? Ook. Ook! Ook! (sorry, can't resist.. :p )

On topic, how about setting up a donation page? Then annoy the hell out of your users, a'la Wikipedia?

Or at least have optional secure login using self-signed cert for those worried about sniffing but not too bothered with an extra browser warning?