Retro Information Safety On Non-SSL retros

TheRealMoonman · Apr 14, 2017

Sorry if this is in the wrong section, but I do believe it is a issue that must be addressed in regards to the safety of user information on Non-SSL retros.
POC:

The point of this thread is not to try portray retros without SSL like they are trying to get you're information, I'm just trying to suggest you exercise more caution, because most are still in their little skid dos warfare phase.

MayoMayn · Apr 14, 2017

TraeRetros said:
Sorry if this is in the wrong section, but I do believe it is a issue that must be addressed in regards to the safety of user information on Non-SSL retros.
POC:

The point of this thread is not to try portray retros without SSL like they are trying to get you're information, I'm just trying to suggest you exercise more caution, because most are still in their little skid dos warfare phase.

Using CF Flexible SSL doesnt protect shit neither.
What you're doing doesnt matter if they have SSL or not, since you're just checking the request headers that you sent.

TheRealMoonman · Apr 14, 2017

Sentinel said:
Using CF Flexible SSL doesnt protect shit neither

Rip, I never tested that because I haven't got a SSL enabled domain on any VPS, I was just using Aux's for POC, but i assumed SSL would be protected due to prior experience with session hijacking at McDonalds lmfao

MayoMayn · Apr 14, 2017

TraeRetros said:
Rip, I never tested that because I haven't got a SSL enabled domain on any VPS, I was just using Aux's for POC, but i assumed SSL would be protected due to prior experience with session hijacking at McDonalds lmfao

You're simply just "recording" request headers which can be done on any website, so SSL or not that is pretty useless, as it only works for your network.

TheRealMoonman · Apr 14, 2017

Sentinel said:
You're simply just "recording" request headers which can be done on any website, so SSL or not that is pretty useless, as it only works for your network.

True, probs should remove the vid and close thread before the skids see it

CosmoPeak · Apr 14, 2017

This is how the internet works... The client sends the password to the server. SSL encrypts the data between the client and the server. The data is still decrypted at the end of the connection and the hotel owner can do whatever they want with the password. I think you're misunderstanding here.

TheRealMoonman · Apr 14, 2017

LukeOx said:
This is how the internet works... The client sends the password to the server. SSL encrypts the data between the client and the server. The data is still decrypted at the end of the connection and the hotel owner can do whatever they want with the password. I think you're misunderstanding here.

I know how SSL works, I should of just made the title different, its basically spreading just trying spreading awareness of what could happen and idk why I thought having no SSL would contribute to the matter.

Weasel · May 2, 2017

TraeRetros said:
I know how SSL works, I should of just made the title different, its basically spreading just trying spreading awareness of what could happen and idk why I thought having no SSL would contribute to the matter.

The possibility of 2 users of a retro that aren't family members or close friends to be on the same network and wanting to hack the other is almost impossible. Retro's don't need an SSL connection.

MayoMayn · May 2, 2017

Holmes said:
The possibility of 2 users of a retro that aren't family members or close friends to be on the same network and want to hack the other is almost impossible. Retro's don't need an SSL connection.

Especially a CF Flexible "SSL" just makes it even worse.

Undercover · Jun 16, 2017

SSL for a retro is a waste of money.
All the big ones still use cloudflare.

Default · Aug 3, 2017

Undercover said:
SSL for a retro is a waste of money.
All the big ones still use cloudflare.

I'd rather know that users can visit my site in confidence that their data is safe and that it isn't a phishing site.. rather than avoiding it, also if you get a lot of profit on your site because users see that https on the address bar then that small price for an SSL certificate was totally worth it

Sledmore · Aug 6, 2017

LetsEncrypt, it takes 2 minutes to set it up & automatic renew. Do that and enjoy not having to pay.

MayoMayn · Aug 6, 2017

Sledmore said:
LetsEncrypt, it takes 2 minutes to set it up & automatic renew. Do that and enjoy not having to pay.

Good luck to newbies using LetsEncrypt when they're on a Windows VPS.

Sledmore · Aug 6, 2017

Atomic said:
Good luck to newbies using LetsEncrypt when they're on a Windows VPS.

Tbh, that is even easier!

There is like 4 reputable clients made for Windows. They're just simple shell scripts, that you press the stage number for and it's done in a heartbeat.

MayoMayn · Aug 6, 2017

Sledmore said:
Tbh, that is even easier! There is like 4 reputable clients made for Windows. They're just simple shell scripts, that you press the stage number for and it's done in a heartbeat.

Oh shit, I always thought it was a hell generating keys on Windows.
Well, it is a hell using CLI.

j0ker · Aug 20, 2017

Shits basic af......this has been happening for yearssssss

Retro Information Safety On Non-SSL retros

TheRealMoonman

I eat babies

MayoMayn

BestDev

TheRealMoonman

I eat babies

MayoMayn

BestDev

TheRealMoonman

I eat babies

CosmoPeak

PeakRP.com

TheRealMoonman

I eat babies

Weasel

👄 I'd intercept me

MayoMayn

BestDev

Undercover

Member

Default

https://forcehotel.org

Sledmore

Chaturbate Livestreamer

MayoMayn

BestDev

Sledmore

Chaturbate Livestreamer

MayoMayn

BestDev

j0ker

$client = socket_accept($sock);

Users who are viewing this thread

Latest posts

Connect with us

Newest members