crumpets
Posts: 1614
Joined: 11/5/2014
From: South Bay (SF & Silicon Valley)
Status: offline
|
There must be people here who don't think they already know it all (Dunning Kruger notwithstanding), so, for THOSE people, I think we (the OP, tj444, and me, at the very least) should strive to edify them as to what dangers they're exposed to by this site being horrendously lax in the most basic of security measures (I had already had freedomdwarf1, stef, and a few others on permanent hide, because they have NEVER added value to ANY thread, and they're not gonna change their stripes on this topic for sure.)
For a quick technical overview though, here's just one summary I pulled from the net:
quote:
SSL provides secure transmission of data between your computer and a server.
That server can be a web server, an e-mail server, or any other type of server that supports SSL. Without SSL, all data sent between your computer and the server is sent unencrypted, which means anyone with access to the network along the way can easily see the data. That means anyone with sufficient access to your home network, a public WiFi access point, your internet provider's network, the network of the provider of the web site operator's network, and so on. With SSL, all data is encrypted so that nobody but you and the server can see it.
What SSL does is stop people from eavesdropping on those conversations. So, for example, the fact that Wikipedia makes it’s articles public doesn’t mean you want your ISP (or the NSA or anyone else) to know *which* articles you’re reading on Wikipedia.
Any web site can use SSL - banking or otherwise. When SSL is in use, you will see that the URL starts with "https" rather than "http", and your web browser will display a lock icon signifying that the connection is secure. Typically you can click the lock icon to get more information about the certificate and company that is providing the secure connection.
Having said that, I don't want to get into a pissing contest with anyone on this topic as you can piss against a brick wall making no positive effect whatsoever.
I suggest the OP (and anyone else who understands encryption better than I do) simply explain what is technically the state of affairs, in the perv-to-perv assistance section of the forum (General BDSM is not the place for purely technical discussions).
- perv to perv
We can cover TECHNICAL (not emotional) topics such as (in no particular order):
It's a general rule that any site that requires/needs passwords should encrypt client:server communications!
If the website supports SSL, then the URL will show "https://" instead of "http://"
Otherwise, unencrypted traffic can easily be analyzed by way of packet sniffers by anyone with access to the network (one obvious example is the ISP or anyone in the coffee shop or public library whose network you're using).
SSL (or more precisely TLS) encrypts communication between client & server
(hence, without TLS, someone could intercept the traffic between your computer and the website and therefore can easily see your login and password)
However, TLS/SSL does more than just encrypt the communication.
- An essential feature is that it also authenticates either or both sides (e.g., X.509 certificates used for authentication)
- Authentication ensures that you are communicating (including sending your password) with the right site.
- Encryption ensures that no one in the way can read or tamper with the communication.
- Although, in most cases, user certificates are rare, and sites that validate them are even rarer, so it is only usually used to authenticate one side (the website).
In addition, many web sites are quite sloppy about how they store user data, often leaving userids, passwords and other sensitive data stored with no encryption.
That is, private messages, like the forum threads and forum posts themselves, are not usually stored in any encrypted format (but are often simply stored in SQL database files)
etc.
It's too much to edify those who can't be taught anything - but it may not be too much to describe the dangers of a site that doesn't employ the most basic of security measures to protect their users' privacy (e.g., their passwords).
< Message edited by crumpets -- 1/23/2016 5:44:05 PM >
|
RE: No site security concerns in real life - 
Profile
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread