Jump to content



Photo

Neowin Login Not Secure?

question suggestion

  • This topic is locked This topic is locked
108 replies to this topic

#91 +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 26 February 2013 - 17:33

this. isn't. a. banking. website. get a grip people.


W......T........F

So because this isn't a banking website people should just be ok that stuff flying back and forth in the clear?


#92 shozilla

shozilla

    Neowinian Senior

  • Tech Issues Solved: 6
  • Joined: 11-January 09

Posted 26 February 2013 - 17:39

this. isn't. a. banking. website. get a grip people.


What if someone got your password and logged in and went to your neowin profile editor to steal your email address then log out... so he/she can send spams using your email address?

Think about it... I agree and understand what Budman have said about the concerns over logins.

clear text based login is a NO NO. I am surprised that Neowin didn't do a thing about it until Budman brought it up.

#93 trek

trek

    7 / X

  • Joined: 11-August 02
  • Location: Vancouver, Canada

Posted 26 February 2013 - 17:40

Godaddy SSL Certs start at $69/year for one domain... Just sign neowin.net and only use it for the login post action...

#94 Timan

Timan

    Fade Away...

  • Tech Issues Solved: 8
  • Joined: 21-October 01
  • Location: Virginia, USA

Posted 26 February 2013 - 17:44

Would be nice to have, though I am curious. Anyone know any other forums that offer secure login?

#95 +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 26 February 2013 - 18:01

Godaddy SSL Certs start at $69/year for one domain... Just sign neowin.net and only use it for the login post action...


I've heard horror stories about Godaddy

#96 shozilla

shozilla

    Neowinian Senior

  • Tech Issues Solved: 6
  • Joined: 11-January 09

Posted 26 February 2013 - 18:15

Would be nice to have, though I am curious. Anyone know any other forums that offer secure login?


Yes a few of them do... some of them have options in the panel to enable secure mode. Such as phpbb

Google around and you will see what you find.

#97 nub

nub

    Neowinian Senior

  • Joined: 19-November 06
  • Location: Amerika

Posted 26 February 2013 - 18:17

So why did this turn into a SSL discussion, when the cheaper and easier solution that also doesn't nag about the site being mixed https and http so to simply encrypt/hash/salt the password before sending. and not store the clear text password in the database.


Because its useless. All it does is transform you password into another form. The attacker can just send your pw hash as your password. Bam you're into the account. The only useful thing it does is prevent the attacker using the hash on another website that uses a different hash algorithm or no hashes.

#98 HawkMan

HawkMan

    Neowinian Senior

  • Tech Issues Solved: 4
  • Joined: 31-August 04
  • Location: Norway
  • Phone: Noka Lumia 1020

Posted 26 February 2013 - 18:18

I've heard horror stories about Godaddy


just because for some reason web hosts have fanboys, and because GoDaddy is so huge they have a lot of haters for some reason.

#99 threetonesun

threetonesun

    Neowinian Senior

  • Tech Issues Solved: 1
  • Joined: 26-February 02

Posted 26 February 2013 - 18:24

just because for some reason web hosts have fanboys, and because GoDaddy is so huge they have a lot of haters for some reason.


Well, that and their customer support blows *** and their administration site looks like it was designed by a 12 year old, but otherwise I guess they're fine.

#100 +D. FiB3R

D. FiB3R

    aka DARKFiB3R

  • Tech Issues Solved: 3
  • Joined: 06-November 02
  • Location: SE London
  • OS: Windows 8.1 Pro x64
  • Phone: Lumia 625

Posted 26 February 2013 - 19:11

just because for some reason web hosts have fanboys, and because GoDaddy is so huge they have a lot of haters for some reason.


In the last few years, GoDaddy has come under fire plenty of times – and for plenty of reasons.

Not only has the company used sexual advertising several times to promote its services, which has led to backlash several times, but in early 2011 then-CEO Bob Parsons killed a wild elephant in Zimbabwe, which many believed was just another sign that the company was willing to engage in unethical practices. (This includes buying domain names users search for and then inflating the value of these domains when users return to purchase them so GoDaddy makes a larger profit on the transaction.)

In late 2011, GoDaddy also initially supported SOPA, which also indicated the company was not willing to support its customers freedom of speech and activity on the internet. (GoDaddy reversed their opinion shortly after a call to boycott the company because of this.)


Seems like enough reasons to me.

#101 HawkMan

HawkMan

    Neowinian Senior

  • Tech Issues Solved: 4
  • Joined: 31-August 04
  • Location: Norway
  • Phone: Noka Lumia 1020

Posted 26 February 2013 - 19:29

So they used babes in bikinis to advertise ... so what
So he killed an elephant, never mind one that was going to have to be put down anyway.... whatever.
How is buying popular searched for domain names unethical, sounds like good business practice to me... you meam they're a business out to make money... whatever

oh you mean the company listened to their customers and dropped their support for SOPA... oh yeah, that **** has got to stop, can't support a company that will change their minds just because their customers tell them they're wrong....

you got to come up with some better reasons, some actual real valid reasons.

#102 Anibal P

Anibal P

    Neowinian

  • Tech Issues Solved: 1
  • Joined: 11-June 02
  • Location: Waterbury CT
  • OS: Win 8.1
  • Phone: Android

Posted 26 February 2013 - 19:31

Or how about add other options for login like generic openID vs FB and twitter. Not everyone uses those services, and if they do -- maybe they don't want to link their neowin account with those accounts, etc.


There's also the new +Google Plus login that was just released:

http://googlepluspla...us-sign-in.html

#103 +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 26 February 2013 - 19:40

oh you mean the company listened to their customers and dropped their support for SOPA... oh yeah, that **** has got to stop, can't support a company that will change their minds just because their customers tell them they're wrong.


They got caught with their pants down.

#104 HawkMan

HawkMan

    Neowinian Senior

  • Tech Issues Solved: 4
  • Joined: 31-August 04
  • Location: Norway
  • Phone: Noka Lumia 1020

Posted 26 February 2013 - 19:44

errr. it's not called getting aught with your pants down when you publicly and very officially support something. and then they listened to their customers, unlike many, if not most other companies.

gives them a bonus point in my book.

#105 +Brando212

Brando212

    Neowinian Senior

  • Tech Issues Solved: 10
  • Joined: 15-April 10
  • Location: Omaha, NE
  • OS: OS X Mavricks, Windows 7/8.1 Pro
  • Phone: Sony Xperia ZL, Nokia Lumia 925

Posted 26 February 2013 - 19:52

errr. it's not called getting aught with your pants down when you publicly and very officially support something. and then they listened to their customers, unlike many, if not most other companies.

gives them a bonus point in my book.

yes they "listened to their customers" /s

more like they reversed the decision to support SOPA because they were afraid to lose a lot of customers due to the backlash
something any company does to cover their ass if a backlash is big enough



Click here to login or here to register to remove this ad, it's free!