(RESOLVED) Will it ever be implemented? HTTPS

(RESOLVED) Will it ever be implemented? HTTPS

Author
Discussion

PoleDriver

28,616 posts

193 months

Thursday 19th January 2017
quotequote all
Mattt said:
If the whole site HTTPS project is delayed, Haymarket still can't sort the login form as a minimum within a year.
FTFY

Tonsko

6,299 posts

214 months

Thursday 19th January 2017
quotequote all
Without dragging it too far off topic, I'd say hash cracking is fairly de-rigueur these days. Hashcat makes life very easy, and even a feeble gaming rig can probably reach around 10 billion hashes/second on MD5.

All that jazz

7,632 posts

145 months

Saturday 21st January 2017
quotequote all
Bumpity bump for https ! 10 days to go ! Techies are you listening?? ears

yes

Silent1

19,761 posts

234 months

Saturday 21st January 2017
quotequote all
GreigM said:
Tonsko said:
MD5.

Run!
Hey, I'd take it over cleartext. Most "hackers" have limited capability beyond running the scripts they download, would someone really put in the effort to extract and brute-force an MD5 hash....for PISTONHEADS logins?

That being said if it is MD5 the code structure is in place for the hashing process - so would be a 5 min job to upgrade to something with decent strength.
It's not been encrypted for all that long though.

bitchstewie

50,782 posts

209 months

dmsims

6,452 posts

266 months

Monday 23rd January 2017
quotequote all
bhstewie said:
Google don't have that long either smile

All that jazz

7,632 posts

145 months

Monday 23rd January 2017
quotequote all
I'm disappointed that JAMES DRAKE, HEAD OF PISTONHEADS COMMUNITY has not responded and assured the community that HAYMARKET takes the members' privacy, security and personal data very seriously and assure us that https will be in place by the end of this month as stated by his colleague.

themanwithnoname

1,634 posts

212 months

Monday 23rd January 2017
quotequote all
All that jazz said:
I'm disappointed that JAMES DRAKE, HEAD OF PISTONHEADS COMMUNITY has not responded and assured the community that HAYMARKET takes the members' privacy, security and personal data very seriously and assure us that https will be in place by the end of this month as stated by his colleague.
Is that the same James Drake who has, on a few occasions, replied to all on emails without using BCC?

More than once.

In one mail thread.

Just saying.

ETA: Then blames the intern.

Dan_1981

17,352 posts

198 months

Monday 23rd January 2017
quotequote all
All that jazz said:
I'm disappointed that JAMES DRAKE, HEAD OF PISTONHEADS COMMUNITY has not responded and assured the community that HAYMARKET takes the members' privacy, security and personal data very seriously and assure us that https will be in place by the end of this month as stated by his colleague.
In all seriousness what do you expect this type of post to achieve?

Ten pages in and PH are ignoring the issue. Just like the phonesafe one.

It's apparent they don't really care about either issue.

All that jazz

7,632 posts

145 months

Monday 23rd January 2017
quotequote all
Dan_1981 said:
In all seriousness what do you expect this type of post to achieve?
That question is far more fitting to your own post. Clearly you don't care about the issue so what are you doing in this thread and why aren't you in other threads that pique your interest? Many of us do care about the issue and want it fixing. They didn't care about creating a "what car?" forum for years either but eventually they got sick of us being a constant thorn in their sides and made it happen.

GreigM

6,726 posts

248 months

Monday 23rd January 2017
quotequote all
Dan_1981 said:
In all seriousness what do you expect this type of post to achieve?

Ten pages in and PH are ignoring the issue. Just like the phonesafe one.

It's apparent they don't really care about either issue.
Indeed, but when (not IF) a user's details are compromised it will be easier to crucify in the press/sue (delete as per your preference) Haymarket for supreme arrogance and/or incompetence

Vaud

50,289 posts

154 months

Monday 23rd January 2017
quotequote all
GreigM said:
Dan_1981 said:
In all seriousness what do you expect this type of post to achieve?

Ten pages in and PH are ignoring the issue. Just like the phonesafe one.

It's apparent they don't really care about either issue.
Indeed, but when (not IF) a user's details are compromised it will be easier to crucify in the press/sue (delete as per your preference) Haymarket for supreme arrogance and/or incompetence
Which is odd, as IT security and compliance are pretty high on most operational board agendas. They certainly are on the supervisory boards...

thebraketester

14,192 posts

137 months

Monday 23rd January 2017
quotequote all
As I have suggested before.

Someone attack the weakness in the system and PM me my password and I will personally drive to haymarket and discuss it with them face to face.

PoleDriver

28,616 posts

193 months

Monday 23rd January 2017
quotequote all

dmsims

6,452 posts

266 months

Monday 23rd January 2017
quotequote all
thebraketester said:
As I have suggested before.

Someone attack the weakness in the system and PM me my password and I will personally drive to haymarket and discuss it with them face to face.
It's a trivial task but something you can get locked up for smile

What exactly are the dev team working on ?

PoleDriver

28,616 posts

193 months

Monday 23rd January 2017
quotequote all
dmsims said:
What exactly are the dev team working on ?
New ways to boost income?

Dan_1981

17,352 posts

198 months

Monday 23rd January 2017
quotequote all
All that jazz said:
Dan_1981 said:
In all seriousness what do you expect this type of post to achieve?
That question is far more fitting to your own post. Clearly you don't care about the issue so what are you doing in this thread and why aren't you in other threads that pique your interest? Many of us do care about the issue and want it fixing. They didn't care about creating a "what car?" forum for years either but eventually they got sick of us being a constant thorn in their sides and made it happen.
It does interest me. I think the lack of response is typical of PH these days.

However the post you made with names in bold will not drive a response, it just looks childish.

Oh and I still don't think Racing Pete works at PH anymore.....

All that jazz

7,632 posts

145 months

Monday 23rd January 2017
quotequote all
Dan_1981 said:
It does interest me. I think the lack of response is typical of PH these days.

However the post you made with names in bold will not drive a response, it just looks childish.

Oh and I still don't think Racing Pete works at PH anymore.....
Be that as it may, but when the Head of the Community actively avoids the topic yet can be seen posting on nearly every other feedback topic, sometimes these measures are needed. Perhaps by shining the spotlight on them and giving them a virtual 'kick up the arse' it will prompt them to actually find out what's happening about it rather than simply ignoring the topic and praying that we all get bored and forget about it (not gonna happen!). Oh and passing the buck with "not my department" isn't going to wash either.

thebraketester

14,192 posts

137 months

Monday 23rd January 2017
quotequote all
dmsims said:
thebraketester said:
As I have suggested before.

Someone attack the weakness in the system and PM me my password and I will personally drive to haymarket and discuss it with them face to face.
It's a trivial task but something you can get locked up for smile

What exactly are the dev team working on ?
Well I wont divulge the hackers ID...... your honour.

randlemarcus

13,507 posts

230 months

Monday 23rd January 2017
quotequote all
thebraketester said:
Well I wont divulge the hackers ID...... your honour.
But Haymarket might feel that a breach of the Computer Misuse Act had been committed.

You would probably be on slightly safer ground by demonstrating, with consent, a Man in the Middle approach, where the unencrypted IP packet was examined, and the password shown to be visible. Much simpler. Anyone got Wireshark to hand?