It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
ATS's paradox
page: 1share:
Hi all,
Just thought you'd want to know the following:
1) When users log into ATS, our passwords are transmitted over the Internet as cleartext. Considering the nature of ATS, I thought it may be wise to implement SSL just for logging in...at least. Any middleman interceptor type system could easily access everyones passwords.
2) I'd also suggest dis-allowing the use of ActiveX controls on your site (mostly from advertising). I'm not saying that the advertisers are "spooks", however an Active X control loaded into a browser has full access to your hard disk drive and, well, considering the nature of this site - I don't think people would like that (most people don't even know what ActiveX can do). By default, IE allows Active X controls. Personally, I disallow ALL Active X on my computer as I don't like just "anybody" the ability to browse my hard disk.
Please correct me if I'm wrong
Cheers
JS
Just thought you'd want to know the following:
1) When users log into ATS, our passwords are transmitted over the Internet as cleartext. Considering the nature of ATS, I thought it may be wise to implement SSL just for logging in...at least. Any middleman interceptor type system could easily access everyones passwords.
2) I'd also suggest dis-allowing the use of ActiveX controls on your site (mostly from advertising). I'm not saying that the advertisers are "spooks", however an Active X control loaded into a browser has full access to your hard disk drive and, well, considering the nature of this site - I don't think people would like that (most people don't even know what ActiveX can do). By default, IE allows Active X controls. Personally, I disallow ALL Active X on my computer as I don't like just "anybody" the ability to browse my hard disk.
Please correct me if I'm wrong
Cheers
JS
SSL is a bit extreme
For someone to be able read the packets coming from my computer they would literally need to be either sat on my network "sniffing the wire" as it were or be in control of one of the computers my packet passes through on the net. Both of those are pretty unlikely, im not saying it couldn't happen, only that if it did happen someone reading my ATS password would be the last of my worries
I agree with the active X comment, however i' pretty sure the adverts are vetted pretty well so the chances of something dodgy getting through are pretty small
Steve.
For someone to be able read the packets coming from my computer they would literally need to be either sat on my network "sniffing the wire" as it were or be in control of one of the computers my packet passes through on the net. Both of those are pretty unlikely, im not saying it couldn't happen, only that if it did happen someone reading my ATS password would be the last of my worries
I agree with the active X comment, however i' pretty sure the adverts are vetted pretty well so the chances of something dodgy getting through are pretty small
Steve.
Dude, it's ATS....a forum. It's not like it's online banking, Amazon.com or anything like that.
That worst that could happen is someone gets a hold of your password and goes on a shopping spree with you ATS points. You'll probably get all your points back...and they may even let you keep whatever backgound color the perp purchased, free of charge
[edit on 7/2/2006 by SportyMB]
That worst that could happen is someone gets a hold of your password and goes on a shopping spree with you ATS points. You'll probably get all your points back...and they may even let you keep whatever backgound color the perp purchased, free of charge
[edit on 7/2/2006 by SportyMB]
If you're that concerned about the ads and security, use a propper ad-blocker and DO NOT use Internet Explorer, get Opera instead.
I currently only see the google ads, and never have to click away pop-up's/under's anymore.
If you're REALLY worried about Active X and spyware, install Debian Linux, and all your worries are over.
I currently only see the google ads, and never have to click away pop-up's/under's anymore.
If you're REALLY worried about Active X and spyware, install Debian Linux, and all your worries are over.
The Adblock extension for Firefox with Filterset.G works pretty well too.
Hi fellow ATS's,
I made this post to inform.
Personally, I'm not concerned as I have blocked ActiveX and the password I use isn't one I use for my online banking.
I made the post regarding the possibility of security issues, being:
1) ActiveX can access your local drive
2) Passwords are in cleartext and many people use the same password for lots of things.
Cheers
JS
I made this post to inform.
Personally, I'm not concerned as I have blocked ActiveX and the password I use isn't one I use for my online banking.
I made the post regarding the possibility of security issues, being:
1) ActiveX can access your local drive
2) Passwords are in cleartext and many people use the same password for lots of things.
Cheers
JS
Cleartext passwords are bad but not as bad as the possiblity of MD5 sum collisions, now that should keep us all up at night (seriously) as sooooo many
places use MD5 to store passwords. On the matter of SSL I believe it was discussed previously and not adopted due to the extra load it would put on
the servers, and given the high-trafic nature of ATS keeping the servers running as cool as possible is definately a very important thing.
MD5 collisions (still being used!) take 45 minutes on a 1.6 GHz P4
it.slashdot.org.../11/15/2037232
It's enough to give you nightmares. MD5 is so wide spread it's scary.
Wow, you realize by blocking ads, pop ups, etc that you're cutting off ATS's only source of money?
Thanks for the support!
Thanks for the support!
Oh, come on now....give the guy a break.... He's just making an observation.
Originally posted by loam
Oh, come on now....give the guy a break.... He's just making an observation.
Why? He, like myself, is being provided with a top notch, high quality, interactive, incredibly amazing discussion forum at what cost? Absolutely nothing. All it took was the five minutes to register and then the dedication, the devotion, the addiction to continue coming back.
The ads do nothing but provide ATS with much needed funding in order to maintain itself, upgrade its servers, and much much more. The pop-ups should only be coming if you're not logged in anyway, and even then it's only four every eight hours. That isn't so bad , now is it? The other ads? Well, they're off to the side and top, and not in the way at all. Why go through the effort to block those and deny ATS the money it needs to sustain its existance?
Plus, in talking with a more tech savvy person about this thread I was informed that it's not Active X that allows popups, but JavaScript or cookies. Personally, I think this crosses the line into slightly too paranoid.
I'm not really a tech savvy person, but even still I've come up with what I believe to be a fool proof method of protecting my personal information
online.
1. I don't do anything online that I wouldn't do in public, so there's no embarassment factor. If I ever make enemies with an admin, they won't find anything in my cookies that makes good gossip.
2. I don't keep financial or other personal info on my computer. I can handle my bills by phone or by automatic bill paying, I save my tax files to disk and then can turbotax till next time I need it- 20 minutes of installation every year hardly kills me. etc etc.
Here are the worst hacking scenarios I can imagine:
1. Somebody who doesn't like me discovers my address, comes after me, and the police end up having to confiscate my favorite knife as evidence.
2. Somebody makes a slightly substandard post using my ATS account.
3. Somebody finds out that I STILL haven't beaten Myst.
4. Somebody copies my term papers from last semester and sells them without sharing the profits.
So ever since I stopped downloading naked pictures of the pope (kidding), I've been able to sleep rather soundly no matter how ATS generates revenue- and more power to 'em if they get a few cents everytime they show me an ad for something I have no intention of buying- doesn't cost me anything.
1. I don't do anything online that I wouldn't do in public, so there's no embarassment factor. If I ever make enemies with an admin, they won't find anything in my cookies that makes good gossip.
2. I don't keep financial or other personal info on my computer. I can handle my bills by phone or by automatic bill paying, I save my tax files to disk and then can turbotax till next time I need it- 20 minutes of installation every year hardly kills me. etc etc.
Here are the worst hacking scenarios I can imagine:
1. Somebody who doesn't like me discovers my address, comes after me, and the police end up having to confiscate my favorite knife as evidence.
2. Somebody makes a slightly substandard post using my ATS account.
3. Somebody finds out that I STILL haven't beaten Myst.
4. Somebody copies my term papers from last semester and sells them without sharing the profits.
So ever since I stopped downloading naked pictures of the pope (kidding), I've been able to sleep rather soundly no matter how ATS generates revenue- and more power to 'em if they get a few cents everytime they show me an ad for something I have no intention of buying- doesn't cost me anything.
Originally posted by loam
Oh, come on now....give the guy a break.... He's just making an observation.
I agree.
Though, I do not think the ads should be removed, but the SSL is a good idea.
-J
Originally posted by cmdrkeenkid
Wow, you realize by blocking ads, pop ups, etc that you're cutting off ATS's only source of money?
Actually, no.
I'd be surprised if any ad on ATS would pay for shows alone. Usually they need to be clicked (like Google AdSense ads) or clicked/browsed/bought something from etc. (tradedoubler for example).
Just by blocking the ads from view doesn't reduce the amount paid from the ads. Though it's true that you can't click something you can't even see - but I doubt that a person who wants to block ads would click on them even if they'd see the ads.
In my opinion just by logging in reduces the amount of ads to a reasonable level, and I trust that the 3 amigos have enough decency and common sense not to utilize the most obnoxious (and effective) ad types.
Originally posted by The Vagabond
3. Somebody finds out that I STILL haven't beaten Myst.
You, my friend are not alone.
(I didn't think anyone else was even still trying! )
I will add this though as it seems a security issue to me, though NOBODY else seems to care about it...
Whjen you log on at ATS it logs you on at PTS and BTS which is Wunderbar! Outstanding! No complaints there...HOWEVER...
when you log out at ATS...you are not always logged out of PTS and BTS as well...so if you don't check...if you don't log out seperately there...well...then someone can come along...learn your user name to read all your posts and identify them with you...make posts under your username...and my all time fav...read your u2u messages!
That is how I first discovered it...when I was not logged onto ATS one morniong but went to PTS from the ATS home page and voila! I had a u2u waiting...I was like WTF? ANd then I learned my logging out of ATS was NOT logging me out everywhere else.
*sigh*
I also then found by opening IE (I am on AOL usually) and going to the history I could also open u2u messages from the history bar there after logging off of ATS...because I was still logged on PTS/BTS
bummer...I hate having to be so careful...be I must.
Javascript and cookies, yo
I have some good news for you Vagabond!
While this is a good idea anyway, you don't have to worry about any admin finding anything in your cookies that would make good gossip unless they knew what they were looking for and what the cookie name is. Unless scripting languages have changed drastically over the past 3 years, you have to know the name of a cookie to access it, and even if you guess the right name, you still typically have to connect it to a website.
Good call.
That's not hacking, that's breaking and entering.
Hopefully you'll catch that you posted on myATS, and be able to edit it out.
...Bad news, that doesn't require any hacking ability, just access to ATS.
Without sharing the profits? No sympathy here, little buddy.
The ActiveX controls being spoken of are what drives several ads, not what allows them to show up. Some well known examples of ActiveX controls would be Flash and Shockwave. The reason you'll get that banner at the top of your browser if you don't have Flash or Shockwave installed when you come to ATS isn't because they're using those to pop the ads up, it's because the actual ads were programmed in Flash or Shockwave.
If you're thrifty but still want to protect your computer from unwanted access, I highly recommend Zone Alarm, a free personal firewall. There's a thread somewhere on BTS talking about this program, and it works very well, especially for the price.
As for those google ads, they can be awesome for doing research on the thread you're viewing. Highly recommended as well
I have some good news for you Vagabond!
Originally posted by The Vagabond
1. I don't do anything online that I wouldn't do in public, so there's no embarassment factor. If I ever make enemies with an admin, they won't find anything in my cookies that makes good gossip.
While this is a good idea anyway, you don't have to worry about any admin finding anything in your cookies that would make good gossip unless they knew what they were looking for and what the cookie name is. Unless scripting languages have changed drastically over the past 3 years, you have to know the name of a cookie to access it, and even if you guess the right name, you still typically have to connect it to a website.
2. I don't keep financial or other personal info on my computer. I can handle my bills by phone or by automatic bill paying, I save my tax files to disk and then can turbotax till next time I need it- 20 minutes of installation every year hardly kills me. etc etc.
Good call.
Here are the worst hacking scenarios I can imagine:
1. Somebody who doesn't like me discovers my address, comes after me, and the police end up having to confiscate my favorite knife as evidence.
That's not hacking, that's breaking and entering.
2. Somebody makes a slightly substandard post using my ATS account.
Hopefully you'll catch that you posted on myATS, and be able to edit it out.
3. Somebody finds out that I STILL haven't beaten Myst.
...Bad news, that doesn't require any hacking ability, just access to ATS.
4. Somebody copies my term papers from last semester and sells them without sharing the profits.
Without sharing the profits? No sympathy here, little buddy.
So ever since I stopped downloading naked pictures of the pope (kidding),
The ActiveX controls being spoken of are what drives several ads, not what allows them to show up. Some well known examples of ActiveX controls would be Flash and Shockwave. The reason you'll get that banner at the top of your browser if you don't have Flash or Shockwave installed when you come to ATS isn't because they're using those to pop the ads up, it's because the actual ads were programmed in Flash or Shockwave.
If you're thrifty but still want to protect your computer from unwanted access, I highly recommend Zone Alarm, a free personal firewall. There's a thread somewhere on BTS talking about this program, and it works very well, especially for the price.
As for those google ads, they can be awesome for doing research on the thread you're viewing. Highly recommended as well
cmdrkeenkid:
I suggest you come back to planet earth and are somewhat surprised by your response, considering you are a moderator. Why?
Firstly, I suggest you READ my first post.
1) I didn't suggest blocking ALL ads (as you have intimated). I specified ActiveX advertisements. If ads are using ActiveX then they are using either:
a) A well known control (ie flash etc), so this "should" be OK (let's hope)
b) They are using their own ActiveX control, in which case the only way to see what the control is doing is to ask them for the source code for the control...and I don't think they are going to let you have a look at the source code now...do you? So, in essence, it is a security risk (as all embedded ActiveX controls are).
2) "All it took was the five minutes to register and then the dedication, the devotion, the addiction to continue coming back."
You forgot to mention my connections, resources, knowledge and posts that I have contributed to this site too. I'm also surprised you missed this, considering you would have obviously done research on my postings...I'd suggest you read the "tag line" for this site again...it's about denying something
3) I'm sorry, did I mention that I was pi$$ed off with pop-ups?
4) I was talking about security.
Remember the motto - deny ignorance!
Remember the basics - read a post and do research before you make assumptions and go off at a tangent!
Cheers
JS
I suggest you come back to planet earth and are somewhat surprised by your response, considering you are a moderator. Why?
Firstly, I suggest you READ my first post.
1) I didn't suggest blocking ALL ads (as you have intimated). I specified ActiveX advertisements. If ads are using ActiveX then they are using either:
a) A well known control (ie flash etc), so this "should" be OK (let's hope)
b) They are using their own ActiveX control, in which case the only way to see what the control is doing is to ask them for the source code for the control...and I don't think they are going to let you have a look at the source code now...do you? So, in essence, it is a security risk (as all embedded ActiveX controls are).
2) "All it took was the five minutes to register and then the dedication, the devotion, the addiction to continue coming back."
You forgot to mention my connections, resources, knowledge and posts that I have contributed to this site too. I'm also surprised you missed this, considering you would have obviously done research on my postings...I'd suggest you read the "tag line" for this site again...it's about denying something
3) I'm sorry, did I mention that I was pi$$ed off with pop-ups?
4) I was talking about security.
Remember the motto - deny ignorance!
Remember the basics - read a post and do research before you make assumptions and go off at a tangent!
Cheers
JS
Who said I was addressing just you, jumpspace? I was addressing everyone who has a problem with our very minimal amount of ads. Yes, you
suggested blocking the ActiveX ones, but others mentioned blocking more ads.
If you're going through the effort to say that having ActiveX embedded controls are a risk, you may as well just disconnect your computer from the outside world. Having it connected to the internet or another computer is a security risk, as a skilled hacker wouldn't need to use the ActiveX controls to get into your computer. The only secure computer is one not connected to the internet.
Not every one contributes though, do they? Some people come with questions. Others come to just chat. It's good though that you come with answers. And no, I didn't do any "research on your postings." Where you got that idea I do not know. Though I do think this goes back to my overtly paranoid statement
No, but others mentioned them, so I was addressing them. That's fine and well to talk about security, but there's also no need to go overboard.
I read your post, and everyone else's posts. So, in replying to them, did I really go off on a tagent? So before you make vain assumptions that I was only addressing you, maybe you could deny ignorance and see that I was replying to others as well.
[edit on 2/8/2006 by cmdrkeenkid]
If you're going through the effort to say that having ActiveX embedded controls are a risk, you may as well just disconnect your computer from the outside world. Having it connected to the internet or another computer is a security risk, as a skilled hacker wouldn't need to use the ActiveX controls to get into your computer. The only secure computer is one not connected to the internet.
Originally posted by jumpspace
You forgot to mention my connections, resources, knowledge and posts that I have contributed to this site too. I'm also surprised you missed this, considering you would have obviously done research on my postings...
Not every one contributes though, do they? Some people come with questions. Others come to just chat. It's good though that you come with answers. And no, I didn't do any "research on your postings." Where you got that idea I do not know. Though I do think this goes back to my overtly paranoid statement
3) I'm sorry, did I mention that I was pi$$ed off with pop-ups?
4) I was talking about security.
No, but others mentioned them, so I was addressing them. That's fine and well to talk about security, but there's also no need to go overboard.
Remember the motto - deny ignorance!
Remember the basics - read a post and do research before you make assumptions and go off at a tangent!
I read your post, and everyone else's posts. So, in replying to them, did I really go off on a tagent? So before you make vain assumptions that I was only addressing you, maybe you could deny ignorance and see that I was replying to others as well.
[edit on 2/8/2006 by cmdrkeenkid]
cmdrkeenkid:
Ahhh...you can't get out of this one now
You said:
>Who said I was addressing just you, jumpspace?
Well, you also said:
>Wow, you realize by blocking ads, pop ups, etc that you're cutting off ATS's only source of money?
>Thanks for the support!
From this, it's pretty obvious that "you're" means "you are" which is pointing at me. Also "thanks for the support" is obviously directed at me and supports the first statement.
You were talking to me directly, but don't worry - I wasn't offended. I'm a tuff nut and I can handle pretty well anything
It's interesting too that loam and theshadowknows also defended me (thanks guys) so it seems they misunderstood you too.
On top of that, when they defended me with "Oh, come on now....give the guy a break.... He's just making an observation." you responded by saying "why?"...once again, support your original statement.
No hard feelings, just thought I'd point out the fact that you original post was primarily directed at me and not everyone. It's all about "face" now I suppose
Cheers
JS
Ahhh...you can't get out of this one now
You said:
>Who said I was addressing just you, jumpspace?
Well, you also said:
>Wow, you realize by blocking ads, pop ups, etc that you're cutting off ATS's only source of money?
>Thanks for the support!
From this, it's pretty obvious that "you're" means "you are" which is pointing at me. Also "thanks for the support" is obviously directed at me and supports the first statement.
You were talking to me directly, but don't worry - I wasn't offended. I'm a tuff nut and I can handle pretty well anything
It's interesting too that loam and theshadowknows also defended me (thanks guys) so it seems they misunderstood you too.
On top of that, when they defended me with "Oh, come on now....give the guy a break.... He's just making an observation." you responded by saying "why?"...once again, support your original statement.
No hard feelings, just thought I'd point out the fact that you original post was primarily directed at me and not everyone. It's all about "face" now I suppose
Cheers
JS
Originally posted by jumpspace
From this, it's pretty obvious that "you're" means "you are" which is pointing at me. Also "thanks for the support" is obviously directed at me and supports the first statement.
The plural of the word "you" anyone? Anyone, really, does anyone know?
The "thanks for support" was directed at anyone blocking ATS's few ads.
[edit on 2/8/2006 by cmdrkeenkid]
new topics
-
Geddy Lee in Conversation with Alex Lifeson - My Effin’ Life
People: 39 minutes ago -
God lived as a Devil Dog.
Short Stories: 55 minutes ago -
Happy St George's day you bigots!
Breaking Alternative News: 2 hours ago -
TLDR post about ATS and why I love it and hope we all stay together somewhere
General Chit Chat: 3 hours ago -
Hate makes for strange bedfellows
US Political Madness: 5 hours ago -
Who guards the guards
US Political Madness: 8 hours ago -
Has Tesla manipulated data logs to cover up auto pilot crash?
Automotive Discussion: 10 hours ago
top topics
-
Hate makes for strange bedfellows
US Political Madness: 5 hours ago, 14 flags -
whistleblower Captain Bill Uhouse on the Kingman UFO recovery
Aliens and UFOs: 15 hours ago, 11 flags -
Who guards the guards
US Political Madness: 8 hours ago, 10 flags -
1980s Arcade
General Chit Chat: 17 hours ago, 7 flags -
Deadpool and Wolverine
Movies: 17 hours ago, 4 flags -
TLDR post about ATS and why I love it and hope we all stay together somewhere
General Chit Chat: 3 hours ago, 3 flags -
Has Tesla manipulated data logs to cover up auto pilot crash?
Automotive Discussion: 10 hours ago, 2 flags -
Happy St George's day you bigots!
Breaking Alternative News: 2 hours ago, 2 flags -
God lived as a Devil Dog.
Short Stories: 55 minutes ago, 1 flags -
Geddy Lee in Conversation with Alex Lifeson - My Effin’ Life
People: 39 minutes ago, 0 flags
active topics
-
Happy St George's day you bigots!
Breaking Alternative News • 16 • : BedevereTheWise -
Candidate TRUMP Now Has Crazy Judge JUAN MERCHAN After Him - The Stormy Daniels Hush-Money Case.
Political Conspiracies • 728 • : Justoneman -
New whistleblower Jason Sands speaks on Twitter Spaces last night.
Aliens and UFOs • 43 • : Ophiuchus1 -
British TV Presenter Refuses To Use Guest's Preferred Pronouns
Education and Media • 115 • : FlyersFan -
"We're All Hamas" Heard at Columbia University Protests
Social Issues and Civil Unrest • 244 • : KrustyKrab -
-@TH3WH17ERABB17- -Q- ---TIME TO SHOW THE WORLD--- -Part- --44--
Dissecting Disinformation • 618 • : daskakik -
Republican Voters Against Trump
2024 Elections • 287 • : some_stupid_name -
Hate makes for strange bedfellows
US Political Madness • 31 • : ByeByeAmericanPie -
God lived as a Devil Dog.
Short Stories • 1 • : FlyersFan -
SC Jack Smith is Using Subterfuge Tricks with Donald Trumps Upcoming Documents Trial.
Dissecting Disinformation • 108 • : Threadbarer