Results 11 to 20 of 39
06-18-2016, 07:15 PM #11
Sponsored Links Remove Advertisements
06-18-2016, 07:41 PM #12
If you're into geek stuff, there was a recent security hole found in the vBuletin software used to run the site.
This is the admins doing their job, and plugging the holes before this site got clobbered.
- Jim1985 5-speed "Ms. Swan"
OH, What A Feeling!
06-19-2016, 07:51 AM #13
Most people here have NO idea what it takes to run a site... I've been in the business for years.
The password requirements are likely not set by the admins themselves, but rather by the application in this case vBulletin.
If you can't type an extra couple of key strokes... or click "save" when your browsers prompts you... well I've got nothing for you.
Sure you don't care if your CelicaSupra account gets hacked, I would on principal alone, but you do realize.... the password most of you use here is the same one most of you use for your bank, your online mortgage, your fleabay account, your Facebook, and probably your email too. If not, well they've still got name, email, maybe address and zipcode... enough to run with and find a way. Maybe send an email out to your contact list with phishing links, now all of a sudden you're the bad guy.
But hell.... even with the most complex password, the admins of this site fail to implement the most basic security to protect us their customers (this aint no charity), which is a Secure Socket Layer. Right now, EVERY time you type something into your browser and hit go on this site... that info is sent around the internet unsecured.... like sending a letter without an envelope and just hoping none of the hands along the way take a peek at whats written.
06-19-2016, 09:58 PM #14
- Join Date
- Aug 2011
- Arlington, WA
Amir is 100% correct about this. I recently had to upgrade my 13 year old Apple Powerbook G4 laptop and my 7 year old iPhone 3GS and it wasn't because either had failed in some way I couldn't fix myself, which would be incredibly unlikely. Either was still way more than capable of running anything I need more than fast enough too. These both are and have always been wonderfully capable devices and incredible values considering how long they've delivered on their initial promises. It was because neither could be upgraded with security software strong enough to be acceptable for anything that now requires this, WHICH SHOULD BE EVERYTHING! Backwards compatibility extending back to everything that could run otherwise current stuff is over. It should have been long ago.
The internet rules became very lax way back in the Netscape days as the competition between browsers to implement new and even better features became beyond stupid. And this wasn't really much of a departure from how most standards are implemented then or are today. In nearly every case, as standards are introduced, their initial implementation is rather incomplete as is usually necessary. Then as vendors update their drivers and software to work with the new standards as they're further defined and fine tuned, they eventually evolve into what they were designed and intended to be in the beginning. Quite often, things that worked fine on initial introduction are either locked out or disabled within an update or two until they too are updated properly.
The lax internet rules went on for way, way too long and have been being tightened up in many ways for years. The level of security breaches long ago reached the point of way beyond acceptable and something had to be done. Finally within the last few months, some of the more vulnerable areas just had to shut out everything that couldn't run acceptably secure applications because WE ARE ALL PAYING FOR ALL THE FRAUD THAT FINANCIAL INSTITUTIONS INCUR BECAUSE OF THIS!
The problem is that everything else is only keeping up as it has to to stay operating. But this isn't good enough. As an example, by now probably everyones credit and debit cards have been updated with secure card chips. How many of us have used our cards anywhere where the type of POS terminals to implement this level of security have been installed except our banks? Me personally, none! I know that there is a deadline beyond which any merchants and vendors will be held responsible themselves for any fraudulent transactions they process. And, while some have payed up for this higher level of security already, many others haven't and likely won't until they incur costs that they determine are unreasonable.
The problem isn't just this. It's that there are a nearly infinite number of other places and opportunities for those inclined to to so to gather sensitive information about us. And there really isn't any effective mechanism to hold those responsible for the security of this to be held accountable.
Unfortunately, until this is done everywhere, none of us is really any more secure than we've ever been. So don't be fooled into thinking so. And yes, the recently upgraded password security might be a little inconvenient. But it's just one step along the road to actually having reasonably effective security someday. Things are never going to be like they used to be. This time I totally agree because it's all for the right reasons. Just like everyone else, I too am being dragged kicking and screaming into todays realities. Only this time I'm kicking and screaming for some entity to require that everything and everyone involved at any level be absolutely required to do this right now so that we can get it done and move on. There's no other way that we can be reasonably protected from ourselves. No matter what has been required in the past, there's always been way to many areas where we all do the minimum we have to to participate. This isn't good enough now and really never has been. And until there's something done about it, we'd all better do everything we can to encourage, Hell, demand it into reality.
Yeah, somebody is going to have to pay for all of this. The reality is that we all already are. There's no such thing as a free lunch and some things, such as this forum that we all enjoy is being paid for in many ways. In the end, we'll end up paying for certain things we now enjoy for free. Maybe it will be in another reasonably acceptable way. If not, some things will go away and rightfully so. Everything everywhere needs to implement secure access that meets todays requirements. The only exceptions that should ever be allowed must not have any way of gathering or allowing any sensitive and potentially misused information traffic.
Of course, everyone should voice their opinions on the subject. But personally, if you disagree, shut the fuck up because you just don't get it and probably never will. And it doesn't matter that for the most part, none of this is really any fault of our own. But we all need protection from those who seek to do harm for their own benefit and this is how nearly all of it happens any more. This is our security fence, bulletproof vest, taser, gun, police, justice system and prison. Admins, are you paying attention?
Last edited by ray85p; 06-19-2016 at 10:28 PM.
06-20-2016, 12:41 AM #15
06-20-2016, 01:22 AM #16
- Join Date
- Aug 2011
- Arlington, WA
Ha ha! But just for mine though. There's only a handful of other anal retentives on here and none of them post very often. Maybe we'll get lucky and at least one of the admins is a "reader"! You know, an old fashioned reckonin' and cypherin" kind of person but also a nerd / geek too!
06-20-2016, 02:50 AM #17
A long time ago, in a life far away, I was a sys admin for Windoze and Unix/Linux networks and systems.
I didn't do desktop support
I didn't run around installing printers for people
I didn't run around replugging Ethernet cables back into the wall for lusers who knocked them loose when they rearranged their desk and were TOO STOOPID to see the loose cable
I didn't refill printers with toner or ink
I was a systems administrator.
I'd spend many long hours after everybody else had gone home for the day "pushing" upgrades to desktops, doing the back-ups for the servers, reading the system logs, reading the firewall logs, reading the latest security bulletins, making sure all the current patches were applied, and cleaning out the air filters in the servers because the Techs we had would check the box that it was done and not do it.
And you do this after normal work hours because sometimes you have to take the network down to apply a patch to a server (kernel patches require reboots in Unix/Linux) and if they network goes down during normal work hours.....well...its not pretty.
It pays well, and it's fun for a while, but you get burned out pretty quickly.
Most sites like this are hosted on somebody else's servers, and the "site" admins are usually just responsible for this site, and not the servers, but they still have patches and things to manage, and software to keep updated.
It's a sign that they're doing a good job when you don't see outages, so I say give 'em a round of applause for a job well done.
- Jim1985 5-speed "Ms. Swan"
OH, What A Feeling!
06-20-2016, 06:38 AM #18
Site admins are still responsible for implementing encryption whether on true shared hosting, a vps, or if they've got their own box. I still fail to see why an SSL has not been installed.
Last edited by amir_zwara; 06-20-2016 at 09:26 AM.
06-20-2016, 10:04 AM #19
- Join Date
- Aug 2008
- St Louis MO
06-24-2016, 10:43 PM #20
It is true that there is always risks. But PayPal, my credit card and my bank are less excessive about password than here.
And yes it's a vbulletin here, all boards is was on have the same new rules.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)