(RESOLVED) Will it ever be implemented? HTTPS
Discussion
Prizam said:
Sniffing packets in EC2 environments.
Here
Amazon Market even give you a one click launch for the instance. Sweet.
The downside... It will cost me $0.05 per our to harvest information. How many days will a quid get me ?
Not sure, they're a pain to calculate costs because they charge for things like traffic on top. But you won't be in the same network segment as the PH servers, you may as well try running wireshark locally for all the difference being on an EC2 host will make.Here
Amazon Market even give you a one click launch for the instance. Sweet.
The downside... It will cost me $0.05 per our to harvest information. How many days will a quid get me ?
James - could you tell us if the developers are general HM devs or are they dedicated to PH?
Could you also give us some indication of their current project workload and deliverables i.e. The top 3 things that they are working on as a team as of today?
As you are obviously aware, this issue is a potential compromise to user security and the Phonesafe issue is bordering on illegal. Just how far up the HM chain have either of these gone, or are they both contained within the 'PH world' at the moment?
You can clearly see that users are getting more than a little fed up with critical problems being seemingly ignored for years at a time - the age old response of "if you don't like it, you know where the door is" simply doesn't wash with these - I get the feeling that there are several people that are very very close to reporting you to the regulatory authorities with regard to the Phonesafe debacle. And to be fair I wouldn't blame them in the slightest.
Both these items should have been prioritised right at the very top of the list a long long time ago and it is to the shame of Haymarket, let alone Pistonheads that the best (paraphrased) response you can give is 'Dunno mate'.
Could you also give us some indication of their current project workload and deliverables i.e. The top 3 things that they are working on as a team as of today?
As you are obviously aware, this issue is a potential compromise to user security and the Phonesafe issue is bordering on illegal. Just how far up the HM chain have either of these gone, or are they both contained within the 'PH world' at the moment?
You can clearly see that users are getting more than a little fed up with critical problems being seemingly ignored for years at a time - the age old response of "if you don't like it, you know where the door is" simply doesn't wash with these - I get the feeling that there are several people that are very very close to reporting you to the regulatory authorities with regard to the Phonesafe debacle. And to be fair I wouldn't blame them in the slightest.
Both these items should have been prioritised right at the very top of the list a long long time ago and it is to the shame of Haymarket, let alone Pistonheads that the best (paraphrased) response you can give is 'Dunno mate'.
Well, Google have announced that (over time) Chrome will be updated to mark all sites not defaulting to SSL as unsafe. So that may prompt some action...
https://threatpost.com/chrome-to-label-some-http-s...
https://threatpost.com/chrome-to-label-some-http-s...
Amazon said:
It is not possible for a virtual instance running in promiscuous mode to receive or “sniff” traffic that is intended for a different virtual instance. While customers can place their interfaces into promiscuous mode, the hypervisor will not deliver any traffic to them that is not addressed to them. Even two virtual instances that are owned by the same customer located on the same physical host cannot listen to each other’s traffic.
Link.PistonHeads said:
Your message has been deleted as it divulges information on how to obtain passwords. Sharing this information could land someone in a rather large spot of bother.
That's spectacularly naive, but not unexpected from a site using HTTP for password logins!Have a word with yourselves!
thebraketester said:
I was just thinking that it was getting a bit heated - James just works there like we work elsewhere, he probably doesn't set the budgets so it's a bit unfair to take anger out on him, then I see this and I think fu*k it, trying to sensor conversations is just daft and crazy and all the info is publicly available anyway, we all know where to go if you want to sniff traffic, it's not difficult.I suspect financial problems with Haymarket are the cause - most publishers are suffering right now and I don't expect Haymarket to be any different.
0000 said:
That's spectacularly naive, but not unexpected from a site using HTTP for password logins!
Have a word with yourselves!
Yep, I got one as well. The irony being the post I had deleted specifically warned people not to do it on a public network.Have a word with yourselves!
A note for whoever did the deletion - what we were discussing is not illegal in any way so long as you are doing it on your own wifi (as my deleted post highlighted). This smacks of a cover up rather than deal with the issue being discussed.
Had the same email.
GreigM said:
Yep, I got one as well. The irony being the post I had deleted specifically warned people not to do it on a public network.
A note for whoever did the deletion - what we were discussing is not illegal in any way so long as you are doing it on your own wifi (as my deleted post highlighted). This smacks of a cover up rather than deal with the issue being discussed.
Indeed.A note for whoever did the deletion - what we were discussing is not illegal in any way so long as you are doing it on your own wifi (as my deleted post highlighted). This smacks of a cover up rather than deal with the issue being discussed.
Edited by Tonsko on Wednesday 25th January 12:37
Gassing Station | Website Feedback | Top of Page | What's New | My Stuff