• Welcome to ZD Forums! You must create an account and log in to see and participate in the Shoutbox chat on this main index page.

What Annoyed You Today?

Jamie

Till the roof comes off, till the lights go out...
Joined
Feb 23, 2014
Gender
trans-pan-demi-ethno-christian-math-autis-genderfluid-cheesecake
Excuse me, but to be honest I'd be worried about the site's lack of https before I worked about two factor authentication, which by the way can still be exploited. Moreover, I think Xenforo's overall connectivity with social media is a greater security risk as well, or if the forum software has exploits or is out of date.
Funny, because I could swear Mases switched to https and that's why people were having login problems at one point (cache). Not sure what happened to that.
 

Jimmu

Administrator
Staff member
ZD Legend
Administrator
Joined
May 6, 2012
Location
Tokyo, Japan
Funny, because I could swear Mases switched to https and that's why people were having login problems at one point (cache). Not sure what happened to that.
Mases switched to http from https, I raised the potential security issues a while ago but didn't get any reasoning regarding it.
 

Dark

Bleeds Darkness
Joined
Jun 22, 2016
Location
37.235° N, -115.8111° E
Gender
Dark Lord
Excuse me, but to be honest I'd be worried about the site's lack of https before I worked about two factor authentication, which by the way can still be exploited. Moreover, I think Xenforo's overall connectivity with social media is a greater security risk as well, or if the forum software has exploits or is out of date.
Can I not have a more secure account? That is the only reason I wanted 2fa in the first place.
 

Lilith

Hypostasis of the Archons
Joined
May 13, 2017
Location
The River Styx
Can I not have a more secure account? That is the only reason I wanted 2fa in the first place.
Of course. All security is a sliding scale, with absolute security not existing due to the nature of computing (and if you really wanted to get into it, the nature of encryption, entropy and the universe itself. We happen to live in a universe that likes encryption). Nonetheless, I find it relevant to point out that there are different types of security, and different angles you can approach it from. The question might more precisely be posed: more secure in what way?

As an aside. One must also consider: account is an entry point. It is your data that is sensitive, no? Forum software uses databases, where the info is often stored in plaintext (save for passwords, etc.), so some hypothetical attacker could simple gain access to say the table with PM data or similar, and bypass account security period. It's a matter of security type. Just a thought!
 

Dark

Bleeds Darkness
Joined
Jun 22, 2016
Location
37.235° N, -115.8111° E
Gender
Dark Lord
I find it slightly annoying that I somehow managed to derail a thread with one post.

Edit: I also find it slightly annoying that my post duped.
 
Last edited:

Jimmu

Administrator
Staff member
ZD Legend
Administrator
Joined
May 6, 2012
Location
Tokyo, Japan
Xenforo 1.5 has the support for optional 2fa, we are currently running 1.4.8. Still awaiting that customer account info from Mases to be able to update the forum.

I'm sure you already know this but security on the internet is really just a resource game. Given enough time, or enough money any attacker can and will enter any system. If you don't want it known, don't put it on the internet. This especially goes for smaller websites or online systems that aren't owned by huge companies with millions of dollars and security experts behind them.

Security is obviously important for any website, but I imagine Mases' reasoning for removing the https and settling for http was he probably felt that the website, being a video game news site, doesn't hold much sensitive information. I imagine that something was conflicting with https somehow and that's why the easiest option was just to switch to http. That's entirely speculation though, as what he does with the main site in general is beyond the scope of what I'm doing on the forums, I'm not involved there. When I am provided what I need I'll be able to move on xenforo updates anyway.
 

Dark

Bleeds Darkness
Joined
Jun 22, 2016
Location
37.235° N, -115.8111° E
Gender
Dark Lord
Xenforo 1.5 has the support for optional 2fa, we are currently running 1.4.8. Still awaiting that customer account info from Mases to be able to update the forum.
I thought it was disabled. Thanks for clearing that up for me.

Security is obviously important for any website, but I imagine Mases' reasoning for removing the https and settling for http was he probably felt that the website, being a video game news site, doesn't hold much sensitive information. I imagine that something was conflicting with https somehow and that's why the easiest option was just to switch to http. That's entirely speculation though, as what he does with the main site in general is beyond the scope of what I'm doing on the forums, I'm not involved there. When I am provided what I need I'll be able to move on xenforo updates anyway.
There is sensitive info on here in the form of emails, and since this site doesnt use https, all usernames and passwords entered into the login field are sent in plaintext. I dont mind using http, but the option to use https would be nice as that greatly reduces the chances of a sucessful MITM attack.
 

Jamie

Till the roof comes off, till the lights go out...
Joined
Feb 23, 2014
Gender
trans-pan-demi-ethno-christian-math-autis-genderfluid-cheesecake
I thought it was disabled. Thanks for clearing that up for me.



There is sensitive info on here in the form of emails, and since this site doesnt use https, all usernames and passwords entered into the login field are sent in plaintext. I dont mind using http, but the option to use https would be nice as that greatly reduces the chances of a sucessful MITM attack.
Mases doesn't care about the forums.
 

Azure Sage

Spread Smiles!
Staff member
ZD Legend
Comm. Coordinator
Joined
Jan 17, 2011
Location
Magnolia City
Gender
Snow Queen: is azure sage trans
Started downloading the ARMS Testpunch around 7:30. The download didn't finish until 9:02 and during that time the download crashed upwards of 30 times and it was stuck at 98% for the entire last half hour of the testpunch time frame. I didn't get to play AT ALL.
 

Deus

~ ZD's Pug Dealer ~
ZD Champion
Joined
Jul 6, 2011
Location
England
Gender
Gingerblackmexicanjew
Woke up this morning to learn that my home city was experiencing snow and the biggest thunderstorm it has ever seen and I had been miles away. I would have loved to have been there for that
 

Vanessa28

Angel of Darkness
Staff member
ZD Legend
Administrator
Joined
Jan 31, 2010
Location
Yahtzee, Supernatural
Gender
Angel of Darkness
My extreme homophobic and trangenderphobic coworker who seemed to have make it his issue that my sister ceci used to be my brother. He is taking it to the extreme with his snarky remarks how my brister (brother/sister combination) used to be my brother. Calling her The thing, IT, Your fake sister, oh you mean your brother. The worst thing is he rides with me to work and he is trying to demand me to drive him from spot to spot. This coworker needs to be kicked in the face.
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

Top Bottom