HTTPS or not to HTTP

Sit Back and Relax, Non-Bass Related Chat
Post Reply
User avatar
BazzOnBass
Posts: 152
Joined: 20 Aug 2011, 01:00
Location: Broken Hill NSW

HTTPS or not to HTTP

Post by BazzOnBass » 20 Aug 2018, 15:22

As a technologist in $job, am putting this out there.

With well known websites having data breaches occurring at a rapid rate, the move to using https (SSL) and securing websites is well underway. Wondering if the OBF admin team are looking at securing this forum too.

FYI: check to see if your email address has been hacked here: Have I Been Pawned. This resource is a database of over 5 million [edit, that should read 5 BILLION!] (and growing) verified, hacked email accounts and has been created by Aussie web security specialist, Troy Hunt only recently.

Well worth a look because identity and privacy protection really starts with the sites we visit and how we protect our details.
Washburn Force 8, Ibanez Acoustic/Elec, Fender MIA Precision, Michael Tobias 5 pre Gibson, MTD Artist, for gigs Mailloux #008.

Amps: LabSys 400B, GK MB500, TC Electronics RH500, Peavey TNT 130 Combo
Cabs: Ampeg SVT-410HLF Classic, Peavey 410

packrat
Posts: 816
Joined: 27 Oct 2017, 02:17
Location: Sydney

Re: HTTPS or not to HTTP

Post by packrat » 20 Aug 2018, 16:37

Password breaches are really only critical when people reuse passwords. Don’t do that.

More critically, as we push towards more web security, sites which don’t https are starting to be pushed down I search rankings etc. with things like let’s encrypt, https is “free” from a certain perspective but not from the extra maintenance work and moving pieces.

B>

packrat
Posts: 816
Joined: 27 Oct 2017, 02:17
Location: Sydney

Re: HTTPS or not to HTTP

Post by packrat » 20 Aug 2018, 16:38

Note “email address been hacked” is a bit of a misnomer in many cases where an email address is used as a username of registration token for another site. Again, mostly comes down to password re-use.

User avatar
maxgroover
Posts: 3508
Joined: 19 May 2009, 11:28
Location: Sydney

Re: HTTPS or not to HTTP

Post by maxgroover » 20 Aug 2018, 16:58

packrat wrote:
20 Aug 2018, 16:37
Password breaches are really only critical when people reuse passwords. Don’t do that.
How do you remember passwords for all the sites you visit if you don’t reuse?
Ozbass moderator

The Moods Band

Mailloux, Fender, Lakland, Univox basses
Genz Benz, Tech 21, BBE, Crown, Zoom amps and preamps
Bergantino & Genz Benz Cabs

MrChameleon
Posts: 206
Joined: 11 Jun 2015, 11:32

Re: HTTPS or not to HTTP

Post by MrChameleon » 20 Aug 2018, 17:24

maxgroover wrote:
20 Aug 2018, 16:58

How do you remember passwords for all the sites you visit if you don’t reuse?
LastPass, KeePass etc
Accumulating basses

User avatar
tearalong
Posts: 1576
Joined: 04 Sep 2009, 23:03
Location: Narellan Vale NSW
Contact:

Re: HTTPS or not to HTTP

Post by tearalong » 20 Aug 2018, 17:28

maxgroover wrote:
20 Aug 2018, 16:58
packrat wrote:
20 Aug 2018, 16:37
Password breaches are really only critical when people reuse passwords. Don’t do that.
How do you remember passwords for all the sites you visit if you don’t reuse?
I use a password manager - use one password to get into the encrypted database which has 628 passwords which, it warns me includes 65 duplicates.

When I go to a web page it offers to fill the logon form for me.
MTD Heir 4 Lefty with Nordstrand and Bartolini pickups,Genz Benz Shuttlemax or Magellan 800 , Zoom B3 and a Roland GR-55 into Schroeder or Bergantino cabs

packrat
Posts: 816
Joined: 27 Oct 2017, 02:17
Location: Sydney

Re: HTTPS or not to HTTP

Post by packrat » 20 Aug 2018, 21:07

The chrome and safari browawes both have built-in systems to do it. Writing all your passwords on postits is surprisingly secure because postits are only available to people who can take your entire computer anyway, not Russian fraudsters harvesting accounts.

Ironic.

Don't reuse passwords. Almost all the problems of passwords are caused by reuse between stupid thong you don't care about and, say, the email account you use as a password backup for your bank.

User avatar
DeadlyErnest
Posts: 1118
Joined: 09 Mar 2012, 21:42
Location: Canberra

Re: HTTPS or not to HTTP

Post by DeadlyErnest » 20 Aug 2018, 21:38

maxgroover wrote:
20 Aug 2018, 16:58
packrat wrote:
20 Aug 2018, 16:37
Password breaches are really only critical when people reuse passwords. Don’t do that.
How do you remember passwords for all the sites you visit if you don’t reuse?
Think up a system to vary the password from site to site and make the password complex. They should be stored as a hash, not plain text.
Will play for food.

User avatar
tearalong
Posts: 1576
Joined: 04 Sep 2009, 23:03
Location: Narellan Vale NSW
Contact:

Re: HTTPS or not to HTTP

Post by tearalong » 20 Aug 2018, 22:07

Image
MTD Heir 4 Lefty with Nordstrand and Bartolini pickups,Genz Benz Shuttlemax or Magellan 800 , Zoom B3 and a Roland GR-55 into Schroeder or Bergantino cabs

User avatar
Phil
Site Admin
Posts: 2712
Joined: 22 Oct 2008, 23:35
Location: Cedar Vale, QLD (Southside Brisbane)
Contact:

Re: HTTPS or not to HTTP

Post by Phil » 21 Aug 2018, 08:26

We've actually discussed this in the background for months, it's probably time for me to get this going. It should happen soon.

User avatar
PilbaraBass
Posts: 15100
Joined: 23 Oct 2008, 17:07
Location: Gladstone, QLD

Re: HTTPS or not to HTTP

Post by PilbaraBass » 21 Aug 2018, 13:07

maxgroover wrote:
20 Aug 2018, 16:58
packrat wrote:
20 Aug 2018, 16:37
Password breaches are really only critical when people reuse passwords. Don’t do that.
How do you remember passwords for all the sites you visit if you don’t reuse?
I have a system, but I worn't divulge mine.

The key is to find a system... mine's pretty good. (I think).
'98 Carvin AC40, '07 Squier JDAV, '91 P-bass, '96 Ibanez ATK300F, '15 Ibanez SR605
Kanye West wrote:My greatest pain in life is that I will never be able to see myself perform live.

User avatar
maxgroover
Posts: 3508
Joined: 19 May 2009, 11:28
Location: Sydney

Re: HTTPS or not to HTTP

Post by maxgroover » 21 Aug 2018, 14:31

Ok - giving Lastpass a go. Some questions for those closer to this stuff:

Should I only be launching websites that require log-in from within the Lastpass vault?

On my iphone, are apps secure enough or should I only use Lastpass? (i.e if I want to go on eBay is the iOs app okay, or should I launch eBay from within the Lastpass iOs app?)

Chrome asks to save my username and passwords when I sign in to sires. Should I stop doing that now and delete all saved passwords from Chrome?
Ozbass moderator

The Moods Band

Mailloux, Fender, Lakland, Univox basses
Genz Benz, Tech 21, BBE, Crown, Zoom amps and preamps
Bergantino & Genz Benz Cabs

User avatar
BazzOnBass
Posts: 152
Joined: 20 Aug 2011, 01:00
Location: Broken Hill NSW

Re: HTTPS or not to HTTP

Post by BazzOnBass » 17 Sep 2018, 17:29

I note the site now running on https/SSL, nice one admins.
Washburn Force 8, Ibanez Acoustic/Elec, Fender MIA Precision, Michael Tobias 5 pre Gibson, MTD Artist, for gigs Mailloux #008.

Amps: LabSys 400B, GK MB500, TC Electronics RH500, Peavey TNT 130 Combo
Cabs: Ampeg SVT-410HLF Classic, Peavey 410

User avatar
BazzOnBass
Posts: 152
Joined: 20 Aug 2011, 01:00
Location: Broken Hill NSW

Re: HTTPS or not to HTTP

Post by BazzOnBass » 17 Sep 2018, 17:38

maxgroover wrote:
21 Aug 2018, 14:31
Ok - giving Lastpass a go. Some questions for those closer to this stuff:

Should I only be launching websites that require log-in from within the Lastpass vault?

On my iphone, are apps secure enough or should I only use Lastpass? (i.e if I want to go on eBay is the iOs app okay, or should I launch eBay from within the Lastpass iOs app?)

Chrome asks to save my username and passwords when I sign in to sires. Should I stop doing that now and delete all saved passwords from Chrome?
If you're using LastPass I'd use its features.

iOS tends to be more secure but again, see above.

Saving pwd details in the browser is certainly not what I recommend.
Washburn Force 8, Ibanez Acoustic/Elec, Fender MIA Precision, Michael Tobias 5 pre Gibson, MTD Artist, for gigs Mailloux #008.

Amps: LabSys 400B, GK MB500, TC Electronics RH500, Peavey TNT 130 Combo
Cabs: Ampeg SVT-410HLF Classic, Peavey 410

packrat
Posts: 816
Joined: 27 Oct 2017, 02:17
Location: Sydney

Re: HTTPS or not to HTTP

Post by packrat » 17 Sep 2018, 19:37

With chrome, it isn’t exactly in the browser.

Post Reply

Who is online

Users browsing this forum: No registered users and 9 guests