108 replies to this topic

[Kelxin]

Hrm, I think I have about 20ish passwords for my own uses, then a unique password for each of my 200+ clients servers ... Somedays I feel like bashing my head against a wall trying to remember one... but hey, its definitely more secure than some of the other options in the world.

[Neobond]

I suppose I'm more surprised it's taken 13 years to discover this (massive?) flaw, but I've alerted Redmak and DaveLegg to have a look.

Thanks BudMan.

[nekkidtruth]

Neobond, on 26 February 2013 - 08:45, said:

I suppose I'm more surprised it's taken 13 years to discover this (massive?) flaw, but I've alerted Redmak and DaveLegg to have a look.

Thanks BudMan.

I LOL'd at 13 years. What does that say about this "technically savvy" community? Haha

[Neobond]

nekkidtruth, on 26 February 2013 - 08:51, said:

I LOL'd at 13 years. What does that say about this "technically savvy" community? Haha

About as much as your "helpful" response I suppose.

[nekkidtruth]

Neobond, on 26 February 2013 - 08:59, said:

About as much as your "helpful" response I suppose.

Touche. However, doesn't make it any less humorous.

[DaveLegg]

There was a previous discussion about this here: http://www.neowin.ne...ds-https-login/

[Neobond]

nekkidtruth, on 26 February 2013 - 09:09, said:

Touche. However, doesn't make it any less humorous.

It's humorous that you don't understand that this isn't actually a huge problem, and can only be resolved by purchasing an expensive SSL certificate for 3 servers, or have a free one cry about it being self signed (creating an unnecessary browser alert for my site).

[alwaysonacoffebreak]

Guess he doesn't really know how much SSL certs actually cost.

[Neobond]

alwaysonacoffebreak, on 26 February 2013 - 09:34, said:

Guess he doesn't really know how much SSL certs actually cost.

Ones that are fully trusted, and don't create browser alerts yeah.. expensive.

[i11usive]

alwaysonacoffebreak, on 26 February 2013 - 09:34, said:

Guess he doesn't really know how much SSL certs actually cost.

RapidSSL are knocking them out for US$49

[+articuno1au]

I was going to say. There's dozens of certified signing authorities that do SSL cert pricing for reasonable money O.o

Comodo will sign a multi-domain cert through namecheap for $91..

http://www.namecheap...tes/comodo.aspx

[nekkidtruth]

Neobond, on 26 February 2013 - 09:32, said:

It's humorous that you don't understand that this isn't actually a huge problem, and can only be resolved by purchasing an expensive SSL certificate for 3 servers, or have a free one cry about it being self signed (creating an unnecessary browser alert for my site).

So...because I found humor in the length of time it took someone on a tech site to notice something such as this, automatically equates to my having no understanding. Ooook.

[Neobond]

nekkidtruth, on 26 February 2013 - 09:39, said:

So...because I found humor in the length of time it took someone on a tech site to notice something such as this, automatically equates to my having no understanding. Ooook.

Don't worry about it

[DaveLegg]

nekkidtruth, on 26 February 2013 - 09:39, said:

So...because I found humor in the length of time it took someone on a tech site to notice something such as this, automatically equates to my having no understanding. Ooook.

I think Neobond merely misinterpreted the first post, as not having SSL is something we've discussed in the past (as shown by the link in my previous post)

[+GreenMartian]

nekkidtruth, on 26 February 2013 - 09:39, said:

So...because I found humor in the length of time it took someone on a tech site to notice something such as this, automatically equates to my having no understanding. Ooook.

Ook? Ook. Ook! Ook! (sorry, can't resist.. )

On topic, how about setting up a donation page? Then annoy the hell out of your users, a'la Wikipedia?

Or at least have optional secure login using self-signed cert for those worried about sniffing but not too bothered with an extra browser warning?