Disclose.tv doesn't use encryption for logins!

[Koopatroopa Profile]

Just a notice for anyone using this website. When you login your username and password are sent unencrypted non-SSL. This means anyone can intercept your password if they are on or inbetween your network and disclose.tv's web server.

To test it out in firefox get FireBug and under the Net tab look for POST requests and you should see /action/login. Your username and password are displayed like that all the way to their webserver.

Who is responsible for system administration cuz at the very least they need to put a SSL cert on the server and setup a rewrite rule to use HTTPS for logins...

Thanks guys.

[Troll2rocks Profile]

You know this will cause a shit storm on here right ?

Agreed though.

[Koopatroopa Profile]

You know this will cause a shit storm on here right ?

Agreed though.

Just doing my part to make sure people's information is secure. I hope someone takes notice and fixes this. It really only takes about an hour to do and I would be happy to instruct anyone that needs the info on how to purchase, request and install an SSL certificate and how to setup the rule to force encryption for logins.

[Lucidlemondrop Profile]

[Eisleo Profile]

You know this will cause a shit storm on here right ?

Agreed though.

Well, on DTV everything turns into a shitstorm, right?

An yes, the site should use SSL!

[Kerrblur2 Profile]

lol yea we spoke about this about 3 years ago when them smurf people were on here. myself along with many other people got together to find one of the smurfs lol we were going to goto his house and vandalize his shit.... so easy to grab peoples personal information on here.

[Shemagh Profile]

I must get me one of those Internet For Dummies Books, 'cause I havn't a clue what's being talked about here!

[Poooooot Profile]

I must get me one of those Internet For Dummies Books, 'cause I havn't a clue what's being talked about here!

lmaooo
You and me both, girl.

[Troll2rocks Profile]

I must get me one of those Internet For Dummies Books, 'cause I havn't a clue what's being talked about here!

Basically, HTTPS will better protect your identity should anyone care to go a snooping.

Also the certificate has to be paid for but is like insurance to websites of sorts.

It is a mark of guarntee in other words, a guaantee that says, do not try snooping here.

If that makes sense.

However it is all basically a mind game for consumers who think it gives them security when it doesnt really, but its presence being there is basically just a sign to those who might hack/script that it may be better finding other targets. However it is basically nothing more than a sticker in the window in reality saying don't look in here. So it works both ways, those kind of certificates can also make those who are dark hats interested.

In otherwords dammed if you do dammed if you don't.

Welcome to the internet

[Shemagh Profile]

I must get me one of those Internet For Dummies Books, 'cause I havn't a clue what's being talked about here!

Basically, HTTPS will better protect your identity should anyone care to go a snooping.

Also the certificate has to be paid for but is like insurance to websites of sorts.

It is a mark of guarntee in other words, a guaantee that says, do not try snooping here.

If that makes sense.




However it is all basically a mind game for consumers who think it gives them security when it doesnt really, but its presence being there is basically just a sign to those who might hack/script that it may be better finding other targets. However it is basically nothing more than a sticker in the window in reality saying don't look in here. So it works both ways, those kind of certificates can also make those who are dark hats interested.

In otherwords dammed if you do dammed if you don't.

Welcome to the internet

Cheers mate! I think I'll just try to hide amoung the masses!