Thread: Is loveforum login really secure?
View Single Post
  #5 (permalink)  
Old 28-05-08, 06:46 AM
anachronistic
 
Posts: n/a
Words of wisdom from Indi; of course precautions should be taken into consideration. But what I am getting at is even more important; the user login of the forum uses an algorithm of cryptography, called MD5, which is known for its simple vulnerabilities. Its hashes are easily decoded, because they are very simply encrypted. What does this mean? Well, someone that knows what they are doing could phish a page to you, because it is not HTTPS, and get your username and password. They could also retrieve the hash of the username/password and decrypt it, and have access to your account here (and possibly other websites, and more personal information if you use the same password for everything)

As I recall, this has happened already with one account (Dono) and vulnerability remains open.

I am just looking out for this community by examining the issue. Time and time again in my experience as a server specialist and web designer, my opinion is that users tend to use the same username/password for everything. I am informing the public about this, and hopefully they will make any necessary changes, to ensure their security, but it is not guaranteed.

I also think it is the duty of administrative staff, even moderators on forums, to do everything they can, within reasonable boundaries, to eliminate any such problems. Why? Well, that is how the successful websites do it. The mindset of "Pfft, well that's just how the Internet is," is somewhat hindering, because it is, in a way, avoiding a problem. Sure, that's how the Internet is now, but it is not adamant. It can be changed, for the better, or for the worse. I am here to make it for the better, as I see it. Don't you want that? Don't you care?

And from a philosophical point, nothing in this world is secure. Nothing is symmetrical. So this lesson can be applied to actual life, too. I am actually writing about that in my freetime. A life of independence is a perfect one.

Oh, and I want to be recognized for the things I say. Even on here. I take full credit for all of it, but unfortunately, some sneaky bastard will probably take that away from me. Oh well. Hopefully what I said was so cleverly toned and original, that nobody could ever imitate it and call it their own. HA!
Last edited by anachronistic : 28-05-08 at 06:57 AM.
Reply With Quote