Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 44

Thread: Ubuntuforums.org SSL Security

  1. #21
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,632
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Ubuntuforums.org SSL Security

    Quote Originally Posted by LaRoza View Post
    Really? Change your password if that is the case.
    No -- I guess I lied. However I would be really angry if my password were lifted and someone masqueraded as me. There seems like there should be a better security mechanism in place above transferring passwords in clear text?! I know UG only runs these forums off 2 computers, however you think MS would throw him a few bucks so he run the site using SSL certs.

  2. #22
    Join Date
    Apr 2007
    Beans
    14,781

    Re: Ubuntuforums.org SSL Security

    Quote Originally Posted by kevdog View Post
    No -- I guess I lied. However I would be really angry if my password were lifted and someone masqueraded as me. There seems like there should be a better security mechanism in place above transferring passwords in clear text?! I know UG only runs these forums off 2 computers, however you think MS would throw him a few bucks so he run the site using SSL certs.
    I thought you were (and my first response was also a joke) but I didn't want to take chances.

    (My first response was an offer to ban you and your IP)

    Is this security needed? I don't think so. To get an account, you just need an email address. Technically, stealing a password from someone is easy, but not rewarding. The worst you could do is mess up an account. To get the credentials of an admin would be the goal, and there are only five of them.

  3. #23
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,632
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Ubuntuforums.org SSL Security

    I kind of like my credentials as an ordinary user also. I wouldn't want someone stealing my identify on the Ubuntu forums. I've invested too much time and energy.

  4. #24
    Join Date
    Apr 2007
    Beans
    14,781

    Re: Ubuntuforums.org SSL Security

    Quote Originally Posted by kevdog View Post
    I kind of like my credentials as an ordinary user also. I wouldn't want someone stealing my identify on the Ubuntu forums. I've invested too much time and energy.
    It would be easy to undo, and the chances of it happening are low. It would be more likely to have someone to have access to your computer and use it when you are logged on (that has happened a few times here).

  5. #25
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,632
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Ubuntuforums.org SSL Security

    That wouldn't happen -- my attack dog would rip that person's head off!

  6. #26
    Join Date
    Apr 2007
    Beans
    14,781

    Re: Ubuntuforums.org SSL Security

    Quote Originally Posted by kevdog View Post
    That wouldn't happen -- my attack dog would rip that person's head off!
    Your attack dog could do it,


  7. #27
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,632
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Ubuntuforums.org SSL Security

    Hmmm never thought about that possibility

  8. #28
    Join Date
    Apr 2006
    Beans
    53

    Re: Ubuntuforums.org SSL Security

    Currently logged into this forum from tech university campus LAN with few hundred future IT specialists living in it. How likely it is that somebody is just testing "Cain & Abel" just to see what it can sniff.

    Should I change my password from another connection now?

    Is ubuntuforums.org doing everything for protecting their members enough? Specially if using SSL only for password exchange wouldn't need much financial resources?

  9. #29
    Join Date
    Apr 2007
    Beans
    14,781

    Re: Ubuntuforums.org SSL Security

    Quote Originally Posted by virx View Post
    Currently logged into this forum from tech university campus LAN with few hundred future IT specialists living in it. How likely it is that somebody is just testing "Cain & Abel" just to see what it can sniff.
    How likely? Not likely. The traffic is probably very high on the campus.

    Is it possible? Yes.
    Should I change my password from another connection now?
    If you feel the people on the campus are untrustworthy scammers, yes.

    Is ubuntuforums.org doing everything for protecting their members enough? Specially if using SSL only for password exchange wouldn't need much financial resources?
    It does everything but encrypt, and encrypting in this case would be too much of a strain.

  10. #30
    Join Date
    Feb 2008
    Location
    Sydney, Australia
    Beans
    2
    Distro
    Ubuntu 9.04 Jaunty Jackalope

    Re: Ubuntuforums.org SSL Security

    It's an interesting topic and I think that theft of any part of a persons identity is troublesome, be it a forum account or a credit history.

    It would be nice to at least have an option to use encrypted authentication at times when you 'know' that your traffic could be monitored. Plenty of cafe wireless access points are unencrypted and there's often lots of people connected with laptops possibly reading your data.

    Besides, no one wants their name to be on the 'wall of sheep'

Page 3 of 5 FirstFirst 12345 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •