HTTPS sessions active for Tier 2 subscribers

[thealexweb]

So when is the login going to post via SSL vs how it currently sends which is just http in clear text for username and password

passwordinclear.png

Its a forum, its a news site - I don't really see any need for anything to be SSL --- OTHER THAN when I send my password ;)

 

Wow thats really bad, especially since this was reported to staff quite some time ago.

[Sandor]

Wow thats really bad, especially since this was reported to staff quite some time ago.

It's why I use a completely unique password on this site.

 

I have a selection of passwords and variations for other sites but you can't risk having something similar to another login here.

 

And then some clowns have the cheek to ask you to "pay" for your data to be used securely. How about no.

[rr_dRock]

If I followed that advice for every site I visit I'd be paying out a fortune.

 

The site already advertises to each of us to make money.

 

How much do you think it costs to implement SSL on a site by the way? You might be in for a shock.

 

 

It's why I use a completely unique password on this site.

 

I have a selection of passwords and variations for other sites but you can't risk having something similar to another login here.

 

And then some clowns have the cheek to ask you to "pay" for your data to be used securely. How about no.

... I acknowledged that the logins should be ssl. Are you blind by chance? or are you a "selective reader"? You sir, are the clown. Why WOULDN'T you use a unique password? Are you that idiotic that you think that variations of the same password can't be cracked?

Oh, and I understand that certificates (especially chained ones) are rather cheap. Cheap however doesn't equal free. The time and effort to implement them? Oh yeah, also not free.  

The data you're sending while browsing the site is rather inconsequential to most people who would be watching your connection. "OMG THEY'RE GOING TO STEAL MY BROWSER VERSION. !!!!!!!!!!"   But yes, (for the third time now, for those of you at home counting) logins should be through ssl. (honestly I don't really care, because I'm not enough of a moron to use the same password here as elsewhere, or a variation of it)

how about you "clowns" that think you're entitled to get everything for free, or without any compensation to those who do the work stop complaining, and if you don't like the way things are run, well then, tough luck princess.

(FTR, I hold yearly subscriptions to about 5-6 sites, I'm not broke. Again, maybe you should do something else with your life rather than posting insolent, childish comments on forums, seeing as you're so hard done by)

[Steven P. Administrators]

Wow thats really bad, especially since this was reported to staff quite some time ago.

Yeah it's really bad that all IPB forums work this way (without SSL) which most tech sites I visit don't have btw.  :rolleyes:

[thealexweb]

Yeah it's really bad that all IPB forums work this way (without SSL) which most tech sites I visit don't have btw.  :rolleyes:

 

Shoddiness all round boys XD

[Noir Angel]

... I acknowledged that the logins should be ssl. Are you blind by chance? or are you a "selective reader"? You sir, are the clown. Why WOULDN'T you use a unique password? Are you that idiotic that you think that variations of the same password can't be cracked?

Oh, and I understand that certificates (especially chained ones) are rather cheap. Cheap however doesn't equal free. The time and effort to implement them? Oh yeah, also not free.  

The data you're sending while browsing the site is rather inconsequential to most people who would be watching your connection. "OMG THEY'RE GOING TO STEAL MY BROWSER VERSION. !!!!!!!!!!"   But yes, (for the third time now, for those of you at home counting) logins should be through ssl. (honestly I don't really care, because I'm not enough of a moron to use the same password here as elsewhere, or a variation of it)

how about you "clowns" that think you're entitled to get everything for free, or without any compensation to those who do the work stop complaining, and if you don't like the way things are run, well then, tough luck princess.

(FTR, I hold yearly subscriptions to about 5-6 sites, I'm not broke. Again, maybe you should do something else with your life rather than posting insolent, childish comments on forums, seeing as you're so hard done by)

 

 What would your reaction be if you walked into a bank to open an account and they said "Sorry sir but we only protect your privacy if you open a paid account. Our servers will remain unencrypted for all users on basic accounts".

 

In my book you either employ security properly or not at all.

[+Anarkii Subscriber²]

So question for a dummy like me
Should I update my bookmark to https://www.neowin.net now?
 

I know its enabled for me, but since i just use the good ol http version, I take it neowin doesnt automatically switch to https for me?

[rr_dRock]

 What would your reaction be if you walked into a bank to open an account and they said "Sorry sir but we only protect your privacy if you open a paid account. Our servers will remain unencrypted for all users on basic accounts".

 

In my book you either employ security properly or not at all.

 

That doesn't make sense, because you don't have $1000s on Neowin, so there's no need for the security you would have at a bank. Simply use a unique password and you don't have to worry too much.

 

When I come on Neowin, I don't expect Neobond to be holding a rocket launcher at the doors. I expect that my login will be stolen one day regardless of what level of security is on the site, and as such I do certain things to protect myself.

Just like at the bank, there are several levels of security, and if you want the best (safe deposit box, in a vault within a vault) you're going to have to pay for it, no?

And don't you get a better bank plan the more you pay anyway? I have unlimited Interac transactions, but that's because I pay 15 bucks a month.

Also, your point about the bank is invalid because there are laws governing security measures that banks must follow... Do those exist for Neowin? Do you think the banks would care about your money if they wouldn't get reprimanded for losses?

 

 

Oh and as for "all or nothing"

So, if you had a door, that had a handle lock, would you leave it unlocked because it didn't have a deadbolt?  Didn't think so.

[+BudMan MVC]

Wow thats really bad, especially since this was reported to staff quite some time ago.

Bad? A issue was brought up to neowin about non ssl login, it was discussed and stated that it would be fixed when neowin got around using ssl.

Not like day to day operations, updates to the software, hardware, etc. etc.. get in the way or anything ;)

Neowin has now implemented ssl - and guess what the logins are now over https..

This is a win win for everyone - if you want to use ssl for the whole site you can do that via a sub. If you don't care about that, you still have your logins secured.

As to neobonds comment -- please feel free to check out any other tech sites you might browse.. And sad to say you will find what he says common on forums.

The above is from a hardware site that has lots of members.. Lots of traffic, huge site to be honest. You might have heard of Tom's site before ;) As you can see my testclear and password on a login attempt was free for all to see.

So its not like neowin was doing something that nobody would do.. But unlike some other sites, neowin has corrected the concern and everyone should be happy about this!!

[Redmak Administrators]

Is this discussion still going? ssl is enabled for logins guys

[_neutrino Veteran]

So question for a dummy like me

Should I update my bookmark to https://www.neowin.net now?

 

I know its enabled for me, but since i just use the good ol http version, I take it neowin doesnt automatically switch to https for me?

pft... Bookmarks. I have this place as the home page... and have had for many years now. :D

[articuno1au]

I can't believe you guys just compared a forum to a bank in terms of security requirements -_-

 

Further to that, SSL isn't a requirement for anything. You can CHOOSE to enable it by subscribing for a paltry figure, or you can continue to use this site like you do most without SSL.

 

tl;dr - Entitlement ###### much?

 

EDIT::
Just noticed it was Javik who made the comment.. Wouldn't have bothered to reply had I realised :\

[rr_dRock]

it appears I quoted my own post.... my bad. *shakes head at self stupidity*

 

 

I can't believe you guys just compared a forum to a bank in terms of security requirements -_-

 

Further to that, SSL isn't a requirement for anything. You can CHOOSE to enable it by subscribing for a paltry figure, or you can continue to use this site like you do most without SSL.

 

tl;dr - Entitlement ###### much?

 

Iknowright?

 

 

 

(psssssst. the plan worked btw, it's one of the main reasons I subbed.)

[Redmak Administrators]

So question for a dummy like me

Should I update my bookmark to https://www.neowin.net now?

 

I know its enabled for me, but since i just use the good ol http version, I take it neowin doesnt automatically switch to https for me?

 

Yeah, we don't automatically redirect you to https

[Hum]

We're happy to announce that we've added SSL sessions for Tier 2 ad free subscribers. Currently this is only active on the main news site, the forums will follow shortly.

 

Even more reason to subscribe :p

 

Enjoy!

If I knew what SSL sessions were, I might be glad. :laugh:

[Steven P. Administrators]

If I knew what SSL sessions were, I might be glad. :laugh:

Super Silly Lines :P

[rr_dRock]

Super Silly Lines :p

 

Sounds like something Hum already uses.

[Sandor]

... I acknowledged that the logins should be ssl. Are you blind by chance? or are you a "selective reader"? You sir, are the clown. Why WOULDN'T you use a unique password? Are you that idiotic that you think that variations of the same password can't be cracked?

Oh, and I understand that certificates (especially chained ones) are rather cheap. Cheap however doesn't equal free. The time and effort to implement them? Oh yeah, also not free.  

The data you're sending while browsing the site is rather inconsequential to most people who would be watching your connection. "OMG THEY'RE GOING TO STEAL MY BROWSER VERSION. !!!!!!!!!!"   But yes, (for the third time now, for those of you at home counting) logins should be through ssl. (honestly I don't really care, because I'm not enough of a moron to use the same password here as elsewhere, or a variation of it)

how about you "clowns" that think you're entitled to get everything for free, or without any compensation to those who do the work stop complaining, and if you don't like the way things are run, well then, tough luck princess.

(FTR, I hold yearly subscriptions to about 5-6 sites, I'm not broke. Again, maybe you should do something else with your life rather than posting insolent, childish comments on forums, seeing as you're so hard done by)

Sounds like you're mad bro.

 

The point is SSL is rather simple, in the grand scheme of things, to implement. The admins have implemented it on the site but then used it as a somewhat cynical attempt to garner more subscriptions rather than just do the right thing from the get go. You are right...the people running the site can do whatever they like and frankly I don't really care. I've never gained much value or insight from this site in the 10 years I've lurked around it. It's good for discussion and arguments but the news reporting is often far from the mark. That's why I don't dip my hand in my pocket.

 

Basically, as others have mentioned - either you do security correctly and absolutely or you may as well not do it at all.

 

Congratulations on having subscriptions to some sites. You're just like...well...everyone else. I felt the burn when you accused me of childishness and insolence. This from the guy who lists his interests on his profile thus: "Making people uncomfortable, posting inane comments to try to get a rise out of you, and kittens."

 

I like your style.

[Haggis Veteran]

Yeah it's really bad that all IPB forums work this way (without SSL) which most tech sites I visit don't have btw.  :rolleyes:

 

 

ah but two wrongs dont make a right lol :P

 

am just yanking your chain btw dont ban me lol

[Hum]

I've never gained much value or insight from this site in the 10 years I've lurked around it.

Then you have not read the Hum posts. ;)

[NeoTrunks]

This was a nice reminder to renew my sub. Thanks :)

[rr_dRock]

Sounds like you're mad bro.

 

The point is SSL is rather simple, in the grand scheme of things, to implement. The admins have implemented it on the site but then used it as a somewhat cynical attempt to garner more subscriptions rather than just do the right thing from the get go. You are right...the people running the site can do whatever they like and frankly I don't really care. I've never gained much value or insight from this site in the 10 years I've lurked around it. It's good for discussion and arguments but the news reporting is often far from the mark. That's why I don't dip my hand in my pocket.

 

Basically, as others have mentioned - either you do security correctly and absolutely or you may as well not do it at all.

 

Congratulations on having subscriptions to some sites. You're just like...well...everyone else. I felt the burn when you accused me of childishness and insolence. This from the guy who lists his interests on his profile thus: "Making people uncomfortable, posting inane comments to try to get a rise out of you, and kittens."

 

I like your style.

 

 

Thanks for visiting my profile! Hope you enjoyed your visit, please remember there are free mints at the door. =)

 

LOOKS like I'm mad, unfortunately speech to text has no tone of voice so you'd be unable to hear the anger. (Do you know of some that does, I think that would make life considerably easier for a lot of people)

But your analysis is wrong, if I was mad, you would know from my overuse of profanity, and my mind numbing stupidity in insulting you. I just like bothering people such as yourself, as I'm sure you've heard. (are my comments inane enough?)

If you find no value in the site, why do you visit? Why post? You seem to like to generate ad revenue for a service you hold no faith in, which speaks volumes about you. 

This is my opinion of course, but I feel like if you have nothing worthwhile to contribute, continue lurking or find a My Little Pony forum (or whatever you may fancy, personal preference of course), as there are people who actually do find some worth in this site (like me for example.) that are drowned out because of the "OMGWHYDOSUBSCRIBERSGETEVERYTHINGIWANTIWANTIWANTMEMEMEMEME" (you're obviously not that bad, but there are some.......)

 

DO NOT TAKE THE GREAT LEADER NEOWINS NAME IN VAIN!

 

And yes, just like everyone else I have subscriptions. But I don't complain about the cost as some do, as I realize the worth in the subscription. This site makes my day go by a bit faster, and makes me want to acid burn everyone I meet a little less, due to my ability to vent, and take out some frustrations about certain issues with some people who are of an intelligence greater than that of celery. That includes you, =) I hope you feel special.

 

 

Anyway, the issue of the logins is fixed. Your heroic endeavor has saved the day! There's not a whole lot of reason to have the news/forums under ssl, but it sure is nice knowing my employer won't be reading every word I post. (once it's implemented for the forums of course)

 

And again, the all or nothing?

 

Doorknob lock. Not locked because no deadbolt? No.   You lock the door, but there are windows! Do you barricade your windows?

 

I enjoy your banter.

[Sandor]

You definitely sound mad.

[funkydude]

Is this discussion still going? ssl is enabled for logins guys

 

Your cipher order is still incorrect, I guess you ignored my earlier link.

[Redmak Administrators]

Your cipher order is still incorrect, I guess you ignored my earlier link.

 

We may fix this at some point but it has no priority atm (working on something far more important :shifty: )