Enabling HTTPS ?

[Coasting]

I could see this being useful. Especially on a site where we constantly exchange addresses and phone numbers and potentially other info in PM

Back in february I got a wicked virus and other issues when I accessed the BCAquaria forum.
I ended up with a crypto virus on my computer. All my login info for various emails and my bank accounts were stolen. I had $1990 removed from my bank through an EMT because of the shit put on my laptop they somehow got my login and password for stuff I dont have my computer remember. My email accounts somehow got hacked and were being caught sending out spam. I actually had gotten a virus or something else from visiting that forum a few years back as well. I will NEVER go back on that site.

Then in the summer I got this email from the company the forum is apart of or whatever.

Quote:

Notice of Data Breach

You may have heard reports recently about a security issue involving VerticalScope. We would like to make sure you have the facts about what happened, what information was involved, and the steps we are taking to help protect you. VerticalScope owns and operates a number of community websites. You are receiving this email because you are a registered user of the following community website(s) involved in the data breach:
www.bcaquaria.com

What Happened?

On June 13, 2016, we became aware that February 2016 data stolen from VerticalScope was being made available online.

What Information Was Involved?

Community member usernames, email addresses, hashed passwords, community userIDS, community website, and the IP address the username originally registered with.

[Myka]

Quote:

Originally Posted by Coasting

I could see this being useful. Especially on a site where we constantly exchange addresses and phone numbers and potentially other info in PM

Back in february I got a wicked virus and other issues when I accessed the BCAquaria forum.
I ended up with a crypto virus on my computer. All my login info for various emails and my bank accounts were stolen. I had $1990 removed from my bank through an EMT because of the shit put on my laptop they somehow got my login and password for stuff I dont have my computer remember. My email accounts somehow got hacked and were being caught sending out spam. I actually had gotten a virus or something else from visiting that forum a few years back as well. I will NEVER go back on that site.

Then in the summer I got this email from the company the forum is apart of or whatever.

Wow! I've never heard of anything like this! If using https is "a thing", then why are none of the biggest forums using it?

[SoloSK71]

They have not had an incident yet?

Google, Firefox and Microsoft have not put enough emphasis on it?

It requires a bit more effort (getting an SSL certificate) that a regular implementation.

Charles

[Myka]

Quote:

Originally Posted by SoloSK71

They have not had an incident yet?

No idea. I checked a bunch of forums, and didn't find even one of them using https. I haven't heard of anything like this until this thread.

[SoloSK71]

Another post - https://www.google.ca/amp/s/www.troy...tin-forum/amp/

The vBulletin forums run on HTTPS as well.

Charles

[Reef Pilot]

More and more are using https, and for very good reason. I just checked some other forums that I sometimes frequent. Some use it, and some don't.

Can never totally prevent hacking, but in this day and age, with all the bots running, should at least keep the front doors closed.

[warriorcookie]

Quote:

Originally Posted by Coasting

I could see this being useful. Especially on a site where we constantly exchange addresses and phone numbers and potentially other info in PM

Back in february I got a wicked virus and other issues when I accessed the BCAquaria forum.
I ended up with a crypto virus on my computer. All my login info for various emails and my bank accounts were stolen. I had $1990 removed from my bank through an EMT because of the shit put on my laptop they somehow got my login and password for stuff I dont have my computer remember. My email accounts somehow got hacked and were being caught sending out spam. I actually had gotten a virus or something else from visiting that forum a few years back as well. I will NEVER go back on that site.

Then in the summer I got this email from the company the forum is apart of or whatever.

While this sucks big time, to be clear, https would NOT have prevented this. This was a database dump.

[warriorcookie]

Just wanted to clarify, as my previous responses where typed on a touch screen from an airplane...

Do I think https should be employed: whenever possible, yes! But does this mean you can rest easy that your user names, passwords, birthdates, email address and everything else is safe on this forum and any other: absolutely not!

The reality is that maybe a few of the forums will spend the money and upgrade to https, but the vast majority simply cannot or will not, and it only marginally improves one aspect of the many security vulnerabilities that these forums face. The only thing you can rely on is yourself to follow the latest good security practices when it comes to what info you keep online and how you choose usernames and passwords and how often you change them. My information has been stolen once before, but they only got access to a limited amount of information and there was zero overlap with any other website be it banking info or other.

[Myka]

Very interesting warriorcookie! I use the same username and email address on each forum I use, though I have a different password on each forum, and the email I use is not my main email, and doesn't share a password with anything else. Am I doing it "right"? I like this idea of a password manager, I'll have to look into it.

[warriorcookie]

Quote:

Originally Posted by Myka

Very interesting warriorcookie! I use the same username and email address on each forum I use, though I have a different password on each forum, and the email I use is not my main email, and doesn't share a password with anything else. Am I doing it "right"? I like this idea of a password manager, I'll have to look into it.

Yup, that's the way I do it. Keep the info you enter in your profile limited and use a different password for everything. Repeating the email or username is fine.

There's lots of password managers out there. You need to make sure whichever you go with is secure. If it becomes compromised then they have everything. After looking into several, Lastpass was the one I settled on.