Go Back   nV News Forums > Website Related > Feedback Forum

Newegg Daily Deals

Reply
 
Thread Tools
Old 03-11-08, 04:24 AM   #1
pgs
Registered User
 
Join Date: Apr 2006
Posts: 73
Default https access

Are these forums accessible using https?

Since login+password are required, it would be not too bad to use secure connection.

Or maybe it is possible, only I could not find out how.

Thanks a lot in advance.

pgs
pgs is offline   Reply With Quote
Old 03-11-08, 08:52 PM   #2
Runningman
Registered User
 
Runningman's Avatar
 
Join Date: Feb 2008
Posts: 925
Default Re: https access

if your so concerned with security, just use a proxy service.
Runningman is offline   Reply With Quote
Old 03-12-08, 02:00 AM   #3
crainger
 
crainger's Avatar
 
Join Date: Aug 2004
Location: Coffs Harbour, NSW, Australia
Posts: 29,559
Send a message via AIM to crainger
Default Re: https access

These forums are very secure. Just give me your cc details and I'll take care of the rest.

cgr
crainger is offline   Reply With Quote
Old 03-12-08, 03:37 AM   #4
pgs
Registered User
 
Join Date: Apr 2006
Posts: 73
Default Re: https access

Quote:
Originally Posted by Runningman
if your so concerned with security, just use a proxy service.
That would not help for the login issue.

Maybe there is some misunderstanding here.

The problem is that, in normal http connection, the login+password could be "sniffed" and used later by someone else.

Since all other forums, including the "forums.nvidia..." run on https, I was wondering how about this one.

Anyway thanks for the suggestion.

pgs
pgs is offline   Reply With Quote
Old 03-12-08, 06:07 AM   #5
Runningman
Registered User
 
Runningman's Avatar
 
Join Date: Feb 2008
Posts: 925
Default Re: https access

Quote:
Originally Posted by pgs
That would not help for the login issue.

Maybe there is some misunderstanding here.

The problem is that, in normal http connection, the login+password could be "sniffed" and used later by someone else.
just make your password unique from your other passwords and you shouldnt worry about these types of things but i hate to inform you but https suffers from man in the middle attacks also. so if they can "sniff" your clear texted passwords, chances are they can man in the middle you also.


please read up on this type of attack vector.
http://www.contentverification.com/m...dle/index.html
Runningman is offline   Reply With Quote
Old 03-12-08, 06:56 AM   #6
pgs
Registered User
 
Join Date: Apr 2006
Posts: 73
Default Re: https access

Quote:
Originally Posted by Runningman
just make your password unique from your other passwords and you shouldnt worry about these types of things but i hate to inform you but https suffers from man in the middle attacks also. so if they can "sniff" your clear texted passwords, chances are they can man in the middle you also.


please read up on this type of attack vector.
http://www.contentverification.com/m...dle/index.html
Sniffing is much easier than MTM, it is enough to sit in somewhere in the connection path and capture the traffic, while MTM must be able to capture _and_ change packets in _both_ directions, for all packets. Not to mention that, above TLS, some browser provide also other consistency check.
Of course, the ISP can do easily MTM, but almost everybody can do sniffing.

So, I do agree that https is not the solution to all security problems, but it is anyway better to have one security layer more than one less, considering also that this does not cause more effort to the user.

Of course, my password used here is unique, my concern is if someone starts to post things in these forums with my account.

Or should I consider the missing https as a "safe harbor" mechanism?
That is, I'm not liable for postings with my name here. That would be OK too... :-)

Thanks!

pgs
pgs is offline   Reply With Quote
Old 03-12-08, 08:11 AM   #7
Runningman
Registered User
 
Runningman's Avatar
 
Join Date: Feb 2008
Posts: 925
Default Re: https access

Quote:
Sniffing is much easier than MTM, it is enough to sit in somewhere in the connection path and capture the traffic, while MTM must be able to capture _and_ change packets in _both_ directions, for all packets. Not to mention that, above TLS, some browser provide also other consistency check.
Of course, the ISP can do easily MTM, but almost everybody can do sniffing.
wait, what. almost everybody can not do any of these attacks unless they have root access to a machine within your path at the ISP and tier 1 levels, if your worried about DNS cache poisoning then just run a caching DNS server locally. these things arent as easy as you make them out to be. besides what hacker is going to want your nvnews password...sounds kinda wierd to be worring about something like this...
Runningman is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
Video: CUDA and Dynamic Parallelsim Ease Access to GPU Performance News Archived News Items 0 06-28-12 05:40 PM
BUG 302.17 - can not access TTY console legluondunet NVIDIA Linux 9 06-24-12 05:16 PM
How Microsoft and Yahoo are selling politicians access to you News Archived News Items 0 06-12-12 10:10 PM
The Circuit: Cybersecurity, Facebook and kids, special access News Archived News Items 0 06-05-12 08:00 PM
Protests demonstrate growing demand for open access to research News Archived News Items 0 05-24-12 08:10 AM

All times are GMT -5. The time now is 06:42 AM.


Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.