Why Is AOF Still An Insecure Site? - Page 2

Sundancefisher · #31 01-30-2020, 09:23 AM

If a hacker can see my very strong password is &$perchbonk678&$ and then figures use for everything including tinder, sugarbabies, eBay, Amazon, Shaw and Fanny’s Fabrics then I am royally up the Internet river without a paddle.

wildcwilly · #32 01-30-2020, 01:10 PM

It does matter to an extent because many of the members on this forum are of an older persuasion

or spend most of their time outdoors and are not as tech savy. There are still an amazing number of people that think "password" is a good enough password.

Best practice is to use a different password for every site you visit: good luck with that

Easier is to use a password manager such as Lastpass, Bitwarden, etc. There are several.

If it's a matter of cost for the SSL certificate for the site, they may want to look into "Let's Encrypt", a free opensource SSL Certificate Authority.

CW

drhu22 · #33 01-30-2020, 04:04 PM

Quote:

Originally Posted by wildcwilly

It does matter to an extent because many of the members on this forum are of an older persuasion

or spend most of their time outdoors and are not as tech savy. There are still an amazing number of people that think "password" is a good enough password.
Best practice is to use a different password for every site you visit: good luck with that

Easier is to use a password manager such as Lastpass, Bitwarden, etc. There are several.
If it's a matter of cost for the SSL certificate for the site, they may want to look into "Let's Encrypt", a free opensource SSL Certificate Authority.
CW

That was my thinking when I made the original post

DMS1 · #34 01-30-2020, 05:18 PM

We just had a 3rd party secure our company website and it cost $500. Not sure what the cost is for a large site like this?

Au revoir, Gopher · #35 01-30-2020, 11:02 PM

Quote:

Originally Posted by wildcwilly

It does matter to an extent because many of the members on this forum are of an older persuasion

or spend most of their time outdoors and are not as tech savy. There are still an amazing number of people that think "password" is a good enough password.

Quote:

Originally Posted by drhu22

That was my thinking when I made the original post

Problem is, the real problem isn't that "AOF is insecure". The real problem is that people don't know what is and what isn't secure. By your logic, if there was an nice shiny padlock in the address bar every thing would be secure and none of the problems midgetwaiter listed would be an issue. Good luck with that

Fact is, you can't trust the internet! Sure, this site has security issues; but whether those issues extend into other areas of your life is your decision, not the decision of the administrators of this site.

Caveat surfer.

ARG

midgetwaiter · #36 01-31-2020, 09:37 AM

Quote:

Originally Posted by Au revoir, Gopher

Problem is, the real problem isn't that "AOF is insecure". The real problem is that people don't know what is and what isn't secure. By your logic, if there was an nice shiny padlock in the address bar every thing would be secure and none of the problems midgetwaiter listed would be an issue. Good luck with that

This is correct, the lack of SSL is bad but it’s at the bottom of the list IMO. The other less obvious problems are much worse.

drhu22 · #37 01-31-2020, 02:58 PM

Quote:

Originally Posted by Au revoir, Gopher

Problem is, the real problem isn't that "AOF is insecure". The real problem is that people don't know what is and what isn't secure. By your logic, if there was an nice shiny padlock in the address bar every thing would be secure and none of the problems midgetwaiter listed would be an issue. Good luck with that

Fact is, you can't trust the internet! Sure, this site has security issues; but whether those issues extend into other areas of your life is your decision, not the decision of the administrators of this site. Caveat surfer.ARG

Where did I say that a nice shiny padlock is the 'be all and end all'? All I did was bring up the issue and ask why its not being addressed.

drhu22 · #38 01-31-2020, 04:56 PM

Quote:

Originally Posted by drhu22

Where did I say that a nice shiny padlock is the 'be all and end all'? All I did was bring up the issue and ask why its not being addressed.

However... I do think that a website should take more responsibility for its member's security, especially when updates are available, and so many are naive or uneducated on internet safety.

Responsibility should be on members and AOF

Apologies for calling out mods instead of administration as in first post, my bad.

drhu22 · #39 01-31-2020, 05:24 PM

Heres some info on https...
https://www.howtogeek.com/181767/htg...should-i-care/

Au revoir, Gopher · #40 02-01-2020, 01:22 PM

Quote:

Originally Posted by drhu22

Where did I say that a nice shiny padlock is the 'be all and end all'? All I did was bring up the issue and ask why its not being addressed.

Would you have thought there was an issue if the padlock had been there?

ARG

jrowan · #41 02-02-2020, 09:58 AM

Personally I don't care about my account on this site. However, I do care about the admin/mod accounts. Over HTTP it would be trivial for a bad actor to intercept their password and mess with the whole site.

For $500 to secure your site that someone mentioned it depends on what needs to be done.

Was your site compromised and you didnt have database or file backups? That's a lot more money to go through and clean the site.

Is your site running on Wordpress or drupal and very outdated? It could cost even more depending on if your stuff will still work on the newer versions.

Is your site ok and just need an SSL? Probably about $100-$200 for the cert and probably 2 hours of labour @ 150/hr with a DNS check thrown in to make sure you have a good SPF record (prevents email impersonation).

Does your host offer automatic free ssl via lets encrypt or cpanel ssl? Then it's just labour @ up to $150/hr of an hour or two max.

Sundancefisher · #42 02-02-2020, 10:02 AM

Who uses a VPN all the time?