(RESOLVED) Will it ever be implemented? HTTPS
Discussion
Amusingly Haymarket Media Group run SC Magazine. For, um, computer security.
https://www.scmagazine.com/
https://www.scmagazine.com/
Tonsko said:
Amusingly Haymarket Media Group run SC Magazine. For, um, computer security.
https://www.scmagazine.com/
Yes good isn't it https://www.scmagazine.com/
Mattt said:
Anyone who is concerned should email datacontroller@haymarket.com
Don't bother"10 SECURITY OF YOUR INFORMATION
We follow appropriate security procedures in the storage and disclosure of your Information so as to prevent unauthorised access by third parties."
They don't reply either - tossers
In reference to recent posts, we have conducted an investigation in the alleged breach. To our knowledge no data breach has occurred, and to this end no breach has been reported to the ICO. We do have written internal policies and procedures in place to alert us to and deal with a data breach if one occurs. None of our Data Breach protocols have been triggered.
I have been in contact with the PistonHeads technology team and they are continuing to work on implementing HTTPS on all pages that have personal data (e.g. login and registration) as a top priority and are close to being able to confirm a timeframe on when this work will be released. Once this is known they will be providing another update.
Haymarket Media Group Global Data Protection Officer
I have been in contact with the PistonHeads technology team and they are continuing to work on implementing HTTPS on all pages that have personal data (e.g. login and registration) as a top priority and are close to being able to confirm a timeframe on when this work will be released. Once this is known they will be providing another update.
Haymarket Media Group Global Data Protection Officer
Maybe instead of spouting corporate speak (can someone translate that?) you should update this policy until it's fixed
"10 SECURITY OF YOUR INFORMATION
We follow appropriate security procedures in the storage and disclosure of your Information so as to prevent unauthorised access by third parties."
to
We allow anyone to see your password in plain text on any public wifi, we were alerted to this a long time and have done diddly squat about it
How long does it take 12 people to change a few lines of "code" ?
"10 SECURITY OF YOUR INFORMATION
We follow appropriate security procedures in the storage and disclosure of your Information so as to prevent unauthorised access by third parties."
to
We allow anyone to see your password in plain text on any public wifi, we were alerted to this a long time and have done diddly squat about it
How long does it take 12 people to change a few lines of "code" ?
PistonTechs said:
To our knowledge no data breach has occurred, and to this end no breach has been reported to the ICO. We do have written internal policies and procedures in place to alert us to and deal with a data breach if one occurs. None of our Data Breach protocols have been triggered.
I've seen some denial in corp information security in the last few years but that takes the biscuit.You don't know what you don't know (to quote Rumsfeld). It is an arrogant position to hide behind policies and procedures, especially when dealing with a complex legacy estate like PH, which you openly admit does';t have some basic security in place.
If you can't do it yourself, then call in some experts. Your auditors may be able to do some advisory work. Or a niche company.
Or create a private forum on PH to discuss the issue and take some free (already offered) advice from some domain experts. I know some, but not all. There are some seriously smart people who love PH and don't want to see what is essentially OUR data compromised.
But you seem blind to it.
Silent1 said:
SystemParanoia said:
Silent1 said:
I just want to make it clear, I'm in no way responsible for any data breaches that may have occurred.
I love your website 
thebraketester said:
PistonTechs said:
Haymarket Media Group Global Data Protection Officer
You guys are just making up job titles now aren't you?
If anyone else remembers Cyberface and Silent1 back in the day?
SystemParanoia said:
I feel it deserves the full 1995 web 1.0 treatment resplendent with frames, starfield gifs and embeded midi files. :biggrin:
It's truly shocking - the alleged premier UK motoring site -
FAO the Data protection officer:
"11 REPORTING OF SECURITY VULNERABILITIES
Haymarket Media Group Ltd is committed to the privacy, safety and security of our customers. If you discover a potential security vulnerability, we would appreciate it if you could report it just to us in a responsible manner. Please email us at data.protection@haymarket.com and we will respond to you as soon as possible. This provides us with an opportunity to work with you and quickly address and resolve any issue. Publicly disclosing a potential vulnerability could put the wider community at risk, and therefore we encourage you to come to us first. We’ll keep you informed as we move forward with our investigations."
Please change this to:
If you report a potential security vulnerability
1. We will completely ignore you
2. We will not inform you of anything (because there is no vulnerability) and our 12 strong development team have much more important things to do
"11 REPORTING OF SECURITY VULNERABILITIES
Haymarket Media Group Ltd is committed to the privacy, safety and security of our customers. If you discover a potential security vulnerability, we would appreciate it if you could report it just to us in a responsible manner. Please email us at data.protection@haymarket.com and we will respond to you as soon as possible. This provides us with an opportunity to work with you and quickly address and resolve any issue. Publicly disclosing a potential vulnerability could put the wider community at risk, and therefore we encourage you to come to us first. We’ll keep you informed as we move forward with our investigations."
Please change this to:
If you report a potential security vulnerability
1. We will completely ignore you
2. We will not inform you of anything (because there is no vulnerability) and our 12 strong development team have much more important things to do
PistonTechs said:
I have been in contact with the PistonHeads technology team and they are continuing to work on implementing HTTPS on all pages that have personal data (e.g. login and registration) as a top priority and are close to being able to confirm a timeframe on when this work will be released. Once this is known they will be providing another update.
Haymarket Media Group Global Data Protection Officer
As a non-techie this seems to read as you have used over a year on a known problem to make a timeline on solving part 1 of the issue (which seems to be the easiest)?Haymarket Media Group Global Data Protection Officer
Gassing Station | Website Feedback | Top of Page | What's New | My Stuff