108 replies to this topic

[+warwagon]

vcfan, on 26 February 2013 - 17:15, said:

this. isn't. a. banking. website. get a grip people.

W......T........F

So because this isn't a banking website people should just be ok that stuff flying back and forth in the clear?

[shozilla]

vcfan, on 26 February 2013 - 17:15, said:

this. isn't. a. banking. website. get a grip people.

What if someone got your password and logged in and went to your neowin profile editor to steal your email address then log out... so he/she can send spams using your email address?

Think about it... I agree and understand what Budman have said about the concerns over logins.

clear text based login is a NO NO. I am surprised that Neowin didn't do a thing about it until Budman brought it up.

[trek]

Godaddy SSL Certs start at $69/year for one domain... Just sign neowin.net and only use it for the login post action...

[Timan]

Would be nice to have, though I am curious. Anyone know any other forums that offer secure login?

[+warwagon]

trek, on 26 February 2013 - 17:40, said:

Godaddy SSL Certs start at $69/year for one domain... Just sign neowin.net and only use it for the login post action...

I've heard horror stories about Godaddy

[shozilla]

Timan, on 26 February 2013 - 17:44, said:

Would be nice to have, though I am curious. Anyone know any other forums that offer secure login?

Yes a few of them do... some of them have options in the panel to enable secure mode. Such as phpbb

Google around and you will see what you find.

[nub]

HawkMan, on 26 February 2013 - 11:54, said:

So why did this turn into a SSL discussion, when the cheaper and easier solution that also doesn't nag about the site being mixed https and http so to simply encrypt/hash/salt the password before sending. and not store the clear text password in the database.

Because its useless. All it does is transform you password into another form. The attacker can just send your pw hash as your password. Bam you're into the account. The only useful thing it does is prevent the attacker using the hash on another website that uses a different hash algorithm or no hashes.

[HawkMan]

warwagon, on 26 February 2013 - 18:01, said:

I've heard horror stories about Godaddy

just because for some reason web hosts have fanboys, and because GoDaddy is so huge they have a lot of haters for some reason.

[threetonesun]

HawkMan, on 26 February 2013 - 18:18, said:

just because for some reason web hosts have fanboys, and because GoDaddy is so huge they have a lot of haters for some reason.

Well, that and their customer support blows *** and their administration site looks like it was designed by a 12 year old, but otherwise I guess they're fine.

[DARKFiB3R]

HawkMan, on 26 February 2013 - 18:18, said:

just because for some reason web hosts have fanboys, and because GoDaddy is so huge they have a lot of haters for some reason.

Quote

In the last few years, GoDaddy has come under fire plenty of times – and for plenty of reasons.

Not only has the company used sexual advertising several times to promote its services, which has led to backlash several times, but in early 2011 then-CEO Bob Parsons killed a wild elephant in Zimbabwe, which many believed was just another sign that the company was willing to engage in unethical practices. (This includes buying domain names users search for and then inflating the value of these domains when users return to purchase them so GoDaddy makes a larger profit on the transaction.)

In late 2011, GoDaddy also initially supported SOPA, which also indicated the company was not willing to support its customers freedom of speech and activity on the internet. (GoDaddy reversed their opinion shortly after a call to boycott the company because of this.)

Seems like enough reasons to me.

[HawkMan]

So they used babes in bikinis to advertise ... so what
So he killed an elephant, never mind one that was going to have to be put down anyway.... whatever.
How is buying popular searched for domain names unethical, sounds like good business practice to me... you meam they're a business out to make money... whatever

oh you mean the company listened to their customers and dropped their support for SOPA... oh yeah, that **** has got to stop, can't support a company that will change their minds just because their customers tell them they're wrong....

you got to come up with some better reasons, some actual real valid reasons.

[z0phi3l]

BudMan, on 26 February 2013 - 13:35, said:

Or how about add other options for login like generic openID vs FB and twitter. Not everyone uses those services, and if they do -- maybe they don't want to link their neowin account with those accounts, etc.

There's also the new +Google Plus login that was just released:

http://googlepluspla...us-sign-in.html

[+warwagon]

HawkMan, on 26 February 2013 - 19:29, said:

oh you mean the company listened to their customers and dropped their support for SOPA... oh yeah, that **** has got to stop, can't support a company that will change their minds just because their customers tell them they're wrong.

They got caught with their pants down.

[HawkMan]

errr. it's not called getting aught with your pants down when you publicly and very officially support something. and then they listened to their customers, unlike many, if not most other companies.

gives them a bonus point in my book.

[+Brando212]

HawkMan, on 26 February 2013 - 19:44, said:

errr. it's not called getting aught with your pants down when you publicly and very officially support something. and then they listened to their customers, unlike many, if not most other companies.

gives them a bonus point in my book.

yes they "listened to their customers" /s

more like they reversed the decision to support SOPA because they were afraid to lose a lot of customers due to the backlash
something any company does to cover their ass if a backlash is big enough