Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Mon 18 Dec 2017, 01:29
All times are UTC - 4
 Forum index » House Training » Bugs ( Submit bugs )
Your forum registration is insecure
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [3 Posts]  
Author Message
DavidSpector

Joined: 16 Dec 2017
Posts: 22

PostPosted: Sat 16 Dec 2017, 14:46    Post subject:  Your forum registration is insecure
Subject description: HTTPS web security is now free
 

When I registered for this forum I was surprised to see that the form was in http (unencrypted transmission). True, who cares if someone steals my forum password, but still, it is not difficult to convert most pages to https, and with Let's Encrypt, security certificates are now free.

If you use cPanel/WHM as your management software, there is an automatic security update page in WHM that lets you create a Let's Encrypt or Comodo certificate just by checking a box and clicking a button.

You'll be happy you joined the modern security revolution. Smile
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 11295
Location: Gatineau (Qc), Canada

PostPosted: Sat 16 Dec 2017, 15:37    Post subject:  

Hi David.

Paranoid, eh? Or maybe playing a psychological game of "Ain't It Awful?"

I'll reply with various "tonic" thoughts:

-- With Flash and John Murga at the helm of this forum, I would not jump to conclusions
too quickly as to the insecurity of this forum! Thanks to them, this forum has survived
numerous online attacks of all kinds.

-- Do you have any proof that https is safer, or is it just dogma, like the Assumption of
the Virgin Mary to Heaven?

Since the decline of official religions, many professionals (doctors, IT professionals, etc.)
have been posing as bishops of science. They do the science, and we simple pilgrims
have to believe them
. I see a contradiction there. Do you? What has happened to
true Cartesian thought and polite rational debate, nobody knows.

-- Forum member belham2 brought up this subject before a couple of months ago.
IIRC, the conclusion of that thread was that the decision to go with https rested entirely
in the hands of the forum owner, John Murga. There may also be some technical
concerns given the age of the forum app. (Please see (c) date at the bottom of this
page.)

Respectfully.

_________________
musher0
~~~~~~~~~~
"Logical entities must not be multiplied beyond necessity." | |
« Il ne faut pas multiplier les entités logiques sans nécessité. » (Ockham)
Back to top
View user's profile Send private message 
DavidSpector

Joined: 16 Dec 2017
Posts: 22

PostPosted: Sat 16 Dec 2017, 15:58    Post subject:  

musher0, I am pleased to hear that this forum has had no security problems. That is impressive.

No, I don't believe concepts because some authority, like a bishop, has stated them.

I require evidence.

If you will take the time to read the Let's Encrypt website and forum, you will discover lots of interesting, evidence-based knowledge that you can profitably use to replace your current ignorance of security matters.

For example, did you know that https can currently be a faster protocol than http? Hard to believe, but I encourage you to read about why that is actually true.

As to its security, https uses two encryption schemes that protect website data of all types from being eavesdropped by malicious users.

The first is asymmetric encryption. This is a complex calculation in "modulus space" or "elliptical space" that relies on the current difficulty in calculating the product of two large prime numbers. This encryption is done during initial TLS handshaking, which is optimized away in subsequent https communications.

The second is symmetric encryption, which is a much faster calculation that is used for all data encryption after the initial handshake.

Finally, as to the ease with which unencrypted form data can be intercepted, this is fact. Malicious users all over the world, who are frequently motivated by financial need and not bothered by ethics, routinely scan Internet packets at a low level to extract the plaintext data communcations contained in them.

They use this information to break into websites and plant viruses that force computers to join mass distributed password guessing and virus communication systems, as well as for other malicious purposes.

Using https will go a long way toward making the Web secure, eliminating many viruses that create Denial of Service, monetary extortion, and other very real threats from which only experts are safe.

What I have discussed here is only the tip of the iceberg, and I recommend that you do some web searching to learn more about security and the problems that it actually solves.

Paranoid? No, not I. Realistic. I advocate turning the entire web (and email, don't forget) into locations free from malicious users through (as a first step only) changing http websites to https. It is finally possible, now that the elitist charging of $200 or more for an ordinary website is a thing of the past.

Congratulations are due to the Let's Encrypt project for eliminating the for-profit nature of security, producing free medium-lifetime certificates that renew automatically through the ACME protocol pioneered by them.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [3 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » Bugs ( Submit bugs )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0320s ][ Queries: 11 (0.0056s) ][ GZIP on ]