Bitcoin Forum
May 11, 2024, 10:38:53 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Other > Meta > Forum Login passwords not protected
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Forum Login passwords not protected  (Read 1062 times)
BitMofo (OP)
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
July 30, 2011, 06:33:03 PM
 #1
Hi,

On first attempt, passwords are secure, but if you get it wrong and login from loginattempt2, it is just straight http and easy to sniff!
1HNffyHktcD2iB6WJhPxKbALJdg4dwerTG
"Bitcoin: mining our own business since 2009" -- Pieter Wuille
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1715423933
Hero Member
*
Offline Offline

Posts: 1715423933

View Profile Personal Message (Offline)

Ignore
1715423933
1715423933
Reply with quote  #2
1715423933
Report to moderator
TKHatch
Newbie
*
Offline Offline

Activity: 19
Merit: 0


View Profile
July 31, 2011, 09:31:54 AM
 #2
Smells fishy to me.
wumpus
Hero Member
*****
Offline Offline

Activity: 812
Merit: 1022

No Maps for These Territories


View Profile
July 31, 2011, 10:54:52 AM
 #3
Yup the forum sometimes bounces you to http without warning. Not only on login. This can be pretty dangerous if you're on a public network.

I don't think it's fishy, just some kind of misconfiguration.

Maybe this helps:
https://forum.bitcoin.org/?topic=2795.0
Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
BitMofo (OP)
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
July 31, 2011, 12:58:14 PM
 #4
Quote from: John Smith on July 31, 2011, 10:54:52 AM
Yup the forum sometimes bounces you to http without warning. Not only on login. This can be pretty dangerous if you're on a public network.

I don't think it's fishy, just some kind of misconfiguration.

Maybe this helps:
https://forum.bitcoin.org/?topic=2795.0

Thanks for this =] I think I'll be switching back to firefox! Isn't anything like this for chrome is there?
1HNffyHktcD2iB6WJhPxKbALJdg4dwerTG
Exonumia
Full Member
***
Offline Offline

Activity: 189
Merit: 101



View Profile
July 31, 2011, 03:13:37 PM
 #5
Quote from: BitMofo on July 31, 2011, 12:58:14 PM
Thanks for this =] I think I'll be switching back to firefox! Isn't anything like this for chrome is there?

I use KB SSL enforcer.

https://chrome.google.com/webstore/detail/flcpelgcagfhfoegekianiofphddckof
theymos
Administrator
Legendary
*
Offline Offline

Activity: 5194
Merit: 12983


View Profile
July 31, 2011, 11:23:08 PM
 #6
Cookies aren't marked as secure, either, so just visiting forum.bitcoin.org once with HTTP is enough to allow someone to hijack your account. I use NoScript to force HTTPS here.
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Pages: [1]
  Print  
Bitcoin Forum > Other > Meta > Forum Login passwords not protected
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!