Results 1 to 8 of 8

Thread: CastleAge forums is not safe

  1. #1

    Default CastleAge forums is not safe

    Hi guys, I noticed when I'm browsing CastleAge forums on Chrome the page says the site isn't safe, not in HTTPS. Please devs or moderators make this forum in HTTPS so it's safer for everyone. Thanks
    Last edited by BigBang; 09-15-2018 at 12:52 PM.
    BOOOOOOOOOOOOM!

  2. Default

    Moderators do not have the power to change this. It is up to the devs if they want to.
    * Stealth Moderator *

  3. Default

    Further more, since no personal information is actually exchanged or stored here (I would assume that most people don't list more than perhaps their name in here) I would argue that "not safe" is a bit of a stretch.

    It's not "secure", this is true. But not "safe"...
    "Build a man a fire, keep him warm for a night. Set a man on fire, keep him warm for the rest of his life!" - Rev Sim

    "Gratuitous acts of senseless violence are -my- forte!" - Max

  4. #4
    Join Date
    Mar 2010
    Location
    as far away as possible from the rest of the world <_<
    Posts
    22,553
    Blog Entries
    5

    Default

    I use a personal email for login. Doubt anything will happen, but there's a risk. Wouldn't be bad to switch it to https.

  5. Default

    I should probably clarify my post.

    I didn't mean to imply that we shouldn't move to HTTPS.

    Just that "not safe" is a stretch given the nature of this place.

    A move to HTTPS would be nice.
    "Build a man a fire, keep him warm for a night. Set a man on fire, keep him warm for the rest of his life!" - Rev Sim

    "Gratuitous acts of senseless violence are -my- forte!" - Max

  6. #6
    Join Date
    Sep 2013
    Location
    Somewhere in Valeria.
    Posts
    10,106

    Default

    Zserg, the username and password verification have been encrypted for a long time, even when running on http sites such as this site. I would not worry about that attack vector.

    Everyone: Google has this mission that all web pages should have https protection 100% of the time. Now, why I don't argue that it would be nice, especially nice if all new sites did this be default; it is a bit silly to require every old site on the web to do this.

    Why? Because user names and passwords are already normally encrypted on non https sites. Also non https sites generally are not carrying any vital information.

    If you are concerned about this level of security, you should already be running everything thru a VPN, running privacy browsers, and only using email that is digitally signed using PGP or some such method. Have you blocked all third party cookies and are you avoiding javascrpit codes from running? Yeah. That is pretty much nobody.

    Deep packet inspection is a much bigger privacy concern. The recording and selling of such information for targeted advertising is a much bigger privacy concern. I don't hear any Google outrage over that, but Google is worried that a silly blog site or a forum about cars or about games is not encrypted.
    ...Dwarven Miner - I found a free chest roll for ye, but I was ambushed by a Dev in the mine.
    Lil rascal made away with it...



  7. #7

    Default

    This forum (like the game) has changed ownership multiple times now. It would be a really good idea to change it to a HTTPS site. The username I use for this site is one that I only use for a couple of sites I visit ... I recently was sent a bitcoin blackmail scam and it addressed this username/password ... I am NOT saying that this site was the cause .... but it is on a short list of possibilities. A change would be good.
    "Mom, do you know how much those comics you tossed out would be worth today? I told you so."

    Army Code: FEAD56

  8. #8
    Join Date
    Sep 2013
    Location
    Somewhere in Valeria.
    Posts
    10,106

    Default

    ^^ We are probably more in danger from someone using a VBulletin attack and stealing the entire username and password list from the server then from the non https pages.

    Always use a single password with every site. At least when you get the "we hacked you and to prove it here is the password you used" email, you know who-done-it to you.

    Anyone try logging into here with admin/admin or admin/password to see if it worked? (grin) /joke
    Last edited by Rev Sim; 09-19-2018 at 01:42 AM.
    ...Dwarven Miner - I found a free chest roll for ye, but I was ambushed by a Dev in the mine.
    Lil rascal made away with it...



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •