RE: No site security concerns in real life

RE: No site security concerns in real life (Full Version)

All Forums >> [Casual Banter] >> Off the Grid

Message

crumpets -> RE: No site security concerns in real life (1/25/2016 8:31:26 AM)
quote: ORIGINAL: furneaux Re the cost implications... a domain cert is less than $200. It costs next to nothing to implement. I never did really understand how the process worked for domain certificates, so I defer to your knowledge on that type of advice.

crumpets -> RE: No site security concerns in real life (1/25/2016 8:54:54 AM)
quote: ORIGINAL: furneaux I shall delete it soon as this is clearly a waste of my time. Please don't go away (at least not yet). :) I have some questions to ask of you so that I may better learn from what you have to offer. quote: ORIGINAL: furneaux You are not safe just because you don't use wifi. Your AV won't protect you. I know you (the OP) knows this ... but I'll repeat for the benefit of the others (at least those who are still capable of learning)... I didn't see anyone say that they think their AV will protect them, but if they did say that, then they're dead wrong. As for the Ethernet connection, it only skips the wifi part from your computer to your router. Even on the Ethernet, the password is unencrypted but it's ALSO passed down the pipe to the ISP and to the trunk and through a series of Internet hosts to the Collarspace servers (and back). So, that's dozens of places where anyone who wants to, has your Collarspace login and password credentials, even with WiFi eliminated. quote: ORIGINAL: furneaux you are using your laptop and connecting through a WiFi access point; other machines connected to the same access point see all your traffic. Note that "taking steps" to prevent such local attackers can be quite difficult (for instance, forget it is WiFi is involved). The only part I disagree with is the "taking steps can be difficult" part. Do you (the OP) think that VPN and/or Tor is "difficult"? (I find both trivially easy to implement.) Or, do you think that VPN or Tor are not effective? NOTE: I realize both Tor and VPN have the problem of the end point being in cleartext; this can only be avoided by Collarspace implementing https; but isn't using TOR or VPN a LOT better than not using them? quote: ORIGINAL: furneaux Close to the server. Typically, servers are mass-hosted in some shared facilities, and indelicate server owners may spy on their neighbours. By this, do you mean the ISP and the (potentially dozens, although usually fewer) hosts that are on the route from you to collarspace and back? I agree all hosts from the ISP to Collarspace and back are dangers; but I'm just asking you to clarify, for me, if that's what you meant. quote: ORIGINAL: furneaux Whether this is possible or even easy depends a lot on the competence of the network administrators at the hosting site. I agree. EVERYTHING depends on whether you trust the administrators. That's why you want to have to trust as few administrators as possible. With end-to-end encryption, you eliminate most of the administrators in the path of your packets. quote: ORIGINAL: furneaux However, the DNS, as a whole, is poorly protected, and can be altered by malicious individual. As a related aside, openvpn, when run from the command line, is incapable of setting the dns servers properly, so, if you run a dns leak test (e.g., http://ipleak.net) while using openvpn, you'll notice DNS leaks. Luckily, you can fix them manually or automatically with scripts (as I have done, long ago). If folks want the information, I can run a tcpdump to create a pcap file where I can use wireshark to visually show them the DNS port 53 queries that you're trying to tell them about.

mousekabob -> RE: No site security concerns in real life (1/25/2016 9:15:57 AM)
[image]http://41.media.tumblr.com/4849e38d023cac9fba80ab6c31f690d5/tumblr_mw4yuuWasy1rg5jito1_500.jpg[/image]

Spiritedsub2 -> RE: No site security concerns in real life (1/25/2016 9:19:57 AM)
What does any of this highly impressive computer speak have to do with the discussion category "General BDSM"?

LadyPact -> RE: No site security concerns in real life (1/25/2016 9:39:41 AM)
quote: ORIGINAL: furneaux Re the cost implications... a domain cert is less than $200. It costs next to nothing to implement. Whilst you may not reuse passwords, the majority of people do. This is the sort of thing that makes the bad guys job that much easier. The original post was for the benefit of all. It's a shame it wasn't taken in that spirit. Thank you for the additional information regarding the cost. I don't know what projects the site has been undergoing or if the owner would be willing to spend the money. I do have an additional question based on your original. quote: This needs resolving asap. I have raised it with the site operator and I recommend other users do the same. What method and when did you contact the site operator? I ask because you are talking to a lot of people (regular forum members) who aren't exactly seeing a lot of stuff being done right now. (Don't believe me? Look at the idiot who is specifically posting threads in hopes the site will be shut down by law enforcement.) For all we know, sending emails to Support at this particular time could be about as useful as throwing a rock into a black hole. If the backlog of Support is anything compared to the lack of processing reports through the forum, whoever has to clear everything that should go to Support is going to be working on that for weeks. That's all complaints, reported profiles, reported journals, DMAC reports for stolen pics, reported emails, and everything else that is a problem on the profile side. I haven't seen any forum posts from anybody saying they got a response from Support in weeks, so if you actually got a response, I'd be interested in hearing about it.

angelikaJ -> RE: No site security concerns in real life (1/25/2016 7:19:57 PM)
quote: ORIGINAL: Spiritedsub2 What does any of this highly impressive computer speak have to do with the discussion category "General BDSM"? It got moved. (Which means there is an admin around somewhere.) Yay!

stef -> RE: No site security concerns in real life (1/25/2016 8:56:52 PM)
quote: ORIGINAL: angelikaJ It got moved. (Which means there is an admin around somewhere.) Yay! I don't know if that's a "yay" moment. The fact that they're moving around harmless threads and allowing the other madness to continue here is more than a little troubling.

Spiritedsub2 -> RE: No site security concerns in real life (1/25/2016 10:24:05 PM)
I messaged support asking someone to take down the pedophilia thread, and just a few minutes later it was gone. Awesome. So someone is there, at least tonight.

Curmudgeonly1 -> RE: No site security concerns in real life (1/25/2016 10:38:23 PM)
Don't you find it just a little disturbing that the moderators can be so easily influenced by a couple of whining women and that serious discussion about serious issues can be so readily supressed? I wonder what else is censored. "I disapprove of what you say, but I will defend to the death your right to say it" Evelyn Beatrice Hall [sm=skiprope.gif]

Wayward5oul -> RE: No site security concerns in real life (1/26/2016 12:33:38 AM)
THANK GOD!

Curmudgeonly1 -> RE: No site security concerns in real life (1/26/2016 1:03:13 AM)
The catholic church, the jews, the islamists and NAMBLA have asked me to pass on their sincere thanks for your help in the furtherance of their aims. They are truly most grateful for the shroud of silence you are helping to draw around their activities. [sm=skiprope.gif]

Kirata -> RE: No site security concerns in real life (1/26/2016 1:17:06 AM)
quote: ORIGINAL: crumpets If folks want the information, I can run a tcpdump to create a pcap file where I can use wireshark to visually show them the DNS port 53 queries that you're trying to tell them about. I love it when people talk dirty. [:D] K.

furneaux -> RE: No site security concerns in real life (1/26/2016 2:38:39 AM)
Ladypact: I used the support form on the main site. No response. Have subsequently deleted my main account (although I have no faith that my images and profile data have actually been deleted). I agree with you in that they're probably overwhelmed. Crumpets: I've been in IT for 30 years... VPN, TOR et al are way beyond the capabilities of the "average" user. That's why the UK government are so keen on filters, because they are effective for vast swathes of people. Technically easy to circumvent, but a closed door for the majority. Re "close to the server" - I would guess these sites are kept on "shared hosting", so this and a bunch of others all hosted on a single machine (or virtual cluster). This again makes it easier to get access to the data. And if that data is easily dumped in plain text, half the work is already done. I'm surprised at the negative response. I don't know how many folk on here are "out", but I would be surprised if many would be happy for their facebook friends or the mums at the school gate to know their business. I wonder how many use the same password for facebook and the same email address... a lot I suspect.

furneaux -> RE: No site security concerns in real life (1/26/2016 2:40:27 AM)
P.S. I see this discussion has been moved to somewhere where fewer people will now see it. I wonder why.

Lucylastic -> RE: No site security concerns in real life (1/26/2016 3:10:03 AM)
Because, its got nothing to do with bdsm probably Off the grid is popular,

NookieNotes -> RE: No site security concerns in real life (1/26/2016 3:20:31 AM)
quote: ORIGINAL: furneaux Re "close to the server" - I would guess these sites are kept on "shared hosting", so this and a bunch of others all hosted on a single machine (or virtual cluster). This again makes it easier to get access to the data. And if that data is easily dumped in plain text, half the work is already done. I doubt it. Dedicated, I would guess. And possibly several boxes. Easier to handle with traffic, adult content (often requires a dedicated) and safety for other sites hosted by the provider.

furneaux -> RE: No site security concerns in real life (1/26/2016 4:24:21 AM)
What's worse is that the site is using Cloudflare, so adding SSL is a trivial thing to implement! "Add SSL with a single click without requiring you to change your existing configuration. CloudFlare makes it extremely easy to extinguish the FireSheep!" https://www.cloudflare.com/ssl/

DeviantlyD -> RE: It's a beautiful day in the islands of Aloha! (1/26/2016 10:11:15 AM)
[image]http://www.soest.hawaii.edu/coasts/data/oahu/oblique_south/images/054_waikiki_w.jpg[/image]

Page: << < prev 3 4 5 6 [7]

Collarchat.com © 2025

Terms of Service

0.046875