-
https SS) is normally required on websites/forums that use "password fields" or contain other private data of users. The new "GDPR" law also states that it must be made clear that cookies are stored, and whether scripts transfer data to external websites. This only applies in the EU. But since there are users who live in the EU, this law should also apply to the relevant site. I have translated 2 extensions that contain this law, so I know what I am talking about.
-
My email leaked because no HTTPS?
HTTPS is definitely industry standard and has been for quite some time now. This is the only web site I have seen in a long time that does not use HTTPS. I even do it on my internal Web für NAS, etc., because it's easy and doesn't cost anything (Let's Encrypt, for instance). Today, I did get odd spam with the little used mail address I used to register today. Could be coincidence, but who knows.....Leave a comment:
-
It should be noted that the grade C is for the main domain.
Here in the forums there is no encryption
Leave a comment:
-
It would be Winamp's responsibility for failing to provide even minimal industry standard security.
The Grade C given by SSL Labs is due to supporting SSLv3, and as a result being vulnerable to POODLE.
Even if SSLv3 were turned off, it would be capped to B because the site administrator installing the certificate file but not the chain file. This can cause a browser error if the intermediate certificate is not already in the browser's cache.
The server does support TLS 1.2, so the SSL toolkit installed on the server isn't completely obsolete.
The server does support strong ciphersuites, but at the same time supports the broken RC4 suite, and does not set server preference to the strong suites.Leave a comment:
-
Various issues, Grade C
Can they be held liable?
Yes if the site is breached or our plain text login details become available for sale.
And since GDPR, very biggly so.Leave a comment:
-
Homepage might not actually have HTTPS after all, as it is a Cloudflare (likely Business/$200/mo due to the custom certificate) IP address, and Cloudflare supports cheating by having their proxy run HTTPS but the backend run unencrypted. Browsers and search engines will just blindly see it as valid.Leave a comment:
-
I think it's more neglection. The front page is the most activity we have seen in 4+ years. The forums still has references to AOL servers. Honestly if 5.8 was never leaked, then i doubt the front page would have been updated.Leave a comment:
-
Seeing as the main site got Let's Encrypt and that this site is on a dedicated IP, I don't see it as being too hard, unless the vBulletin license is such that changing would mean needing a license for a new server.Leave a comment:
-
Can they be held liable? They just discovered HTTPS is free and added it to the homepage.Leave a comment:
-
Why no HTTPS?
Any reason in late 2018 Radionomy isn't using HTTPS for this forum?
The version of Chrome Dev I am typing this on is showing a red triangle in the address bar.
Leave a comment: