It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

ATS's paradox

page: 1
0
<<   2 >>

log in

join
share:

posted on Feb, 7 2006 @ 02:15 PM
link   
Hi all,

Just thought you'd want to know the following:

1) When users log into ATS, our passwords are transmitted over the Internet as cleartext. Considering the nature of ATS, I thought it may be wise to implement SSL just for logging in...at least. Any middleman interceptor type system could easily access everyones passwords.

2) I'd also suggest dis-allowing the use of ActiveX controls on your site (mostly from advertising). I'm not saying that the advertisers are "spooks", however an Active X control loaded into a browser has full access to your hard disk drive and, well, considering the nature of this site - I don't think people would like that (most people don't even know what ActiveX can do). By default, IE allows Active X controls. Personally, I disallow ALL Active X on my computer as I don't like just "anybody" the ability to browse my hard disk.

Please correct me if I'm wrong


Cheers

JS




posted on Feb, 7 2006 @ 02:40 PM
link   
SSL is a bit extreme


For someone to be able read the packets coming from my computer they would literally need to be either sat on my network "sniffing the wire" as it were or be in control of one of the computers my packet passes through on the net. Both of those are pretty unlikely, im not saying it couldn't happen, only that if it did happen someone reading my ATS password would be the last of my worries


I agree with the active X comment, however i' pretty sure the adverts are vetted pretty well so the chances of something dodgy getting through are pretty small

Steve.



posted on Feb, 7 2006 @ 02:47 PM
link   
Dude, it's ATS....a forum. It's not like it's online banking, Amazon.com or anything like that.

That worst that could happen is someone gets a hold of your password and goes on a shopping spree with you ATS points. You'll probably get all your points back...and they may even let you keep whatever backgound color the perp purchased, free of charge


[edit on 7/2/2006 by SportyMB]



posted on Feb, 7 2006 @ 02:53 PM
link   
If you're that concerned about the ads and security, use a propper ad-blocker and DO NOT use Internet Explorer, get Opera instead.
I currently only see the google ads, and never have to click away pop-up's/under's anymore.

If you're REALLY worried about Active X and spyware, install Debian Linux, and all your worries are over.



posted on Feb, 7 2006 @ 02:56 PM
link   
The Adblock extension for Firefox with Filterset.G works pretty well too.



posted on Feb, 7 2006 @ 03:25 PM
link   
Hi fellow ATS's,

I made this post to inform.

Personally, I'm not concerned as I have blocked ActiveX and the password I use isn't one I use for my online banking.

I made the post regarding the possibility of security issues, being:

1) ActiveX can access your local drive
2) Passwords are in cleartext and many people use the same password for lots of things.

Cheers

JS



posted on Feb, 7 2006 @ 03:36 PM
link   
Cleartext passwords are bad but not as bad as the possiblity of MD5 sum collisions, now that should keep us all up at night (seriously) as sooooo many places use MD5 to store passwords. On the matter of SSL I believe it was discussed previously and not adopted due to the extra load it would put on the servers, and given the high-trafic nature of ATS keeping the servers running as cool as possible is definately a very important thing.



posted on Feb, 7 2006 @ 03:48 PM
link   

MD5 collisions (still being used!) take 45 minutes on a 1.6 GHz P4


it.slashdot.org.../11/15/2037232

It's enough to give you nightmares. MD5 is so wide spread it's scary.



posted on Feb, 7 2006 @ 06:14 PM
link   
Wow, you realize by blocking ads, pop ups, etc that you're cutting off ATS's only source of money?

Thanks for the support!



posted on Feb, 7 2006 @ 06:35 PM
link   
Oh, come on now....give the guy a break.... He's just making an observation.



posted on Feb, 7 2006 @ 06:55 PM
link   

Originally posted by loam
Oh, come on now....give the guy a break.... He's just making an observation.


Why? He, like myself, is being provided with a top notch, high quality, interactive, incredibly amazing discussion forum at what cost? Absolutely nothing. All it took was the five minutes to register and then the dedication, the devotion, the addiction to continue coming back.

The ads do nothing but provide ATS with much needed funding in order to maintain itself, upgrade its servers, and much much more. The pop-ups should only be coming if you're not logged in anyway, and even then it's only four every eight hours. That isn't so bad , now is it? The other ads? Well, they're off to the side and top, and not in the way at all. Why go through the effort to block those and deny ATS the money it needs to sustain its existance?

Plus, in talking with a more tech savvy person about this thread I was informed that it's not Active X that allows popups, but JavaScript or cookies. Personally, I think this crosses the line into slightly too paranoid.



posted on Feb, 7 2006 @ 11:03 PM
link   
I'm not really a tech savvy person, but even still I've come up with what I believe to be a fool proof method of protecting my personal information online.

1. I don't do anything online that I wouldn't do in public, so there's no embarassment factor. If I ever make enemies with an admin, they won't find anything in my cookies that makes good gossip.

2. I don't keep financial or other personal info on my computer. I can handle my bills by phone or by automatic bill paying, I save my tax files to disk and then can turbotax till next time I need it- 20 minutes of installation every year hardly kills me. etc etc.

Here are the worst hacking scenarios I can imagine:

1. Somebody who doesn't like me discovers my address, comes after me, and the police end up having to confiscate my favorite knife as evidence.

2. Somebody makes a slightly substandard post using my ATS account.

3. Somebody finds out that I STILL haven't beaten Myst.

4. Somebody copies my term papers from last semester and sells them without sharing the profits.

So ever since I stopped downloading naked pictures of the pope (kidding), I've been able to sleep rather soundly no matter how ATS generates revenue- and more power to 'em if they get a few cents everytime they show me an ad for something I have no intention of buying- doesn't cost me anything.



posted on Feb, 8 2006 @ 01:46 AM
link   

Originally posted by loam
Oh, come on now....give the guy a break.... He's just making an observation.



I agree.

Though, I do not think the ads should be removed, but the SSL is a good idea.

-J



posted on Feb, 8 2006 @ 06:10 AM
link   

Originally posted by cmdrkeenkid
Wow, you realize by blocking ads, pop ups, etc that you're cutting off ATS's only source of money?


Actually, no.

I'd be surprised if any ad on ATS would pay for shows alone. Usually they need to be clicked (like Google AdSense ads) or clicked/browsed/bought something from etc. (tradedoubler for example).
Just by blocking the ads from view doesn't reduce the amount paid from the ads. Though it's true that you can't click something you can't even see - but I doubt that a person who wants to block ads would click on them even if they'd see the ads.

In my opinion just by logging in reduces the amount of ads to a reasonable level, and I trust that the 3 amigos have enough decency and common sense not to utilize the most obnoxious (and effective) ad types.



posted on Feb, 8 2006 @ 08:19 AM
link   

Originally posted by The Vagabond
3. Somebody finds out that I STILL haven't beaten Myst.


You, my friend are not alone.




(I didn't think anyone else was even still trying!
)

I will add this though as it seems a security issue to me, though NOBODY else seems to care about it...

Whjen you log on at ATS it logs you on at PTS and BTS which is Wunderbar! Outstanding! No complaints there...HOWEVER...

when you log out at ATS...you are not always logged out of PTS and BTS as well...so if you don't check...if you don't log out seperately there...well...then someone can come along...learn your user name to read all your posts and identify them with you...make posts under your username...and my all time fav...read your u2u messages!


That is how I first discovered it...when I was not logged onto ATS one morniong but went to PTS from the ATS home page and voila! I had a u2u waiting...I was like WTF? ANd then I learned my logging out of ATS was NOT logging me out everywhere else.

*sigh*

I also then found by opening IE (I am on AOL usually) and going to the history I could also open u2u messages from the history bar there after logging off of ATS...because I was still logged on PTS/BTS

bummer...I hate having to be so careful...be I must.



posted on Feb, 8 2006 @ 09:50 AM
link   
Javascript and cookies, yo


I have some good news for you Vagabond!


Originally posted by The Vagabond
1. I don't do anything online that I wouldn't do in public, so there's no embarassment factor. If I ever make enemies with an admin, they won't find anything in my cookies that makes good gossip.


While this is a good idea anyway, you don't have to worry about any admin finding anything in your cookies that would make good gossip unless they knew what they were looking for and what the cookie name is. Unless scripting languages have changed drastically over the past 3 years, you have to know the name of a cookie to access it, and even if you guess the right name, you still typically have to connect it to a website.


2. I don't keep financial or other personal info on my computer. I can handle my bills by phone or by automatic bill paying, I save my tax files to disk and then can turbotax till next time I need it- 20 minutes of installation every year hardly kills me. etc etc.


Good call.


Here are the worst hacking scenarios I can imagine:

1. Somebody who doesn't like me discovers my address, comes after me, and the police end up having to confiscate my favorite knife as evidence.

That's not hacking, that's breaking and entering.



2. Somebody makes a slightly substandard post using my ATS account.


Hopefully you'll catch that you posted on myATS, and be able to edit it out.


3. Somebody finds out that I STILL haven't beaten Myst.

...Bad news, that doesn't require any hacking ability, just access to ATS.


4. Somebody copies my term papers from last semester and sells them without sharing the profits.


Without sharing the profits? No sympathy here, little buddy.



So ever since I stopped downloading naked pictures of the pope (kidding),


The ActiveX controls being spoken of are what drives several ads, not what allows them to show up. Some well known examples of ActiveX controls would be Flash and Shockwave. The reason you'll get that banner at the top of your browser if you don't have Flash or Shockwave installed when you come to ATS isn't because they're using those to pop the ads up, it's because the actual ads were programmed in Flash or Shockwave.

If you're thrifty but still want to protect your computer from unwanted access, I highly recommend Zone Alarm, a free personal firewall. There's a thread somewhere on BTS talking about this program, and it works very well, especially for the price.

As for those google ads, they can be awesome for doing research on the thread you're viewing. Highly recommended as well



posted on Feb, 8 2006 @ 10:33 AM
link   
cmdrkeenkid:

I suggest you come back to planet earth and are somewhat surprised by your response, considering you are a moderator. Why?

Firstly, I suggest you READ my first post.

1) I didn't suggest blocking ALL ads (as you have intimated). I specified ActiveX advertisements. If ads are using ActiveX then they are using either:

a) A well known control (ie flash etc), so this "should" be OK (let's hope)
b) They are using their own ActiveX control, in which case the only way to see what the control is doing is to ask them for the source code for the control...and I don't think they are going to let you have a look at the source code now...do you? So, in essence, it is a security risk (as all embedded ActiveX controls are).

2) "All it took was the five minutes to register and then the dedication, the devotion, the addiction to continue coming back."

You forgot to mention my connections, resources, knowledge and posts that I have contributed to this site too. I'm also surprised you missed this, considering you would have obviously done research on my postings...I'd suggest you read the "tag line" for this site again...it's about denying something


3) I'm sorry, did I mention that I was pi$$ed off with pop-ups?

4) I was talking about security.

Remember the motto - deny ignorance!

Remember the basics - read a post and do research before you make assumptions and go off at a tangent!

Cheers

JS



posted on Feb, 8 2006 @ 10:47 AM
link   
Who said I was addressing just you, jumpspace? I was addressing everyone who has a problem with our very minimal amount of ads. Yes, you suggested blocking the ActiveX ones, but others mentioned blocking more ads.

If you're going through the effort to say that having ActiveX embedded controls are a risk, you may as well just disconnect your computer from the outside world. Having it connected to the internet or another computer is a security risk, as a skilled hacker wouldn't need to use the ActiveX controls to get into your computer. The only secure computer is one not connected to the internet.


Originally posted by jumpspace
You forgot to mention my connections, resources, knowledge and posts that I have contributed to this site too. I'm also surprised you missed this, considering you would have obviously done research on my postings...


Not every one contributes though, do they? Some people come with questions. Others come to just chat. It's good though that you come with answers. And no, I didn't do any "research on your postings." Where you got that idea I do not know. Though I do think this goes back to my overtly paranoid statement



3) I'm sorry, did I mention that I was pi$$ed off with pop-ups?
4) I was talking about security.


No, but others mentioned them, so I was addressing them. That's fine and well to talk about security, but there's also no need to go overboard.



Remember the motto - deny ignorance!
Remember the basics - read a post and do research before you make assumptions and go off at a tangent!


I read your post, and everyone else's posts. So, in replying to them, did I really go off on a tagent? So before you make vain assumptions that I was only addressing you, maybe you could deny ignorance and see that I was replying to others as well.


[edit on 2/8/2006 by cmdrkeenkid]



posted on Feb, 8 2006 @ 11:16 AM
link   
cmdrkeenkid:

Ahhh...you can't get out of this one now


You said:

>Who said I was addressing just you, jumpspace?

Well, you also said:

>Wow, you realize by blocking ads, pop ups, etc that you're cutting off ATS's only source of money?
>Thanks for the support!


From this, it's pretty obvious that "you're" means "you are" which is pointing at me. Also "thanks for the support" is obviously directed at me and supports the first statement.

You were talking to me directly, but don't worry - I wasn't offended. I'm a tuff nut and I can handle pretty well anything


It's interesting too that loam and theshadowknows also defended me (thanks guys) so it seems they misunderstood you too.

On top of that, when they defended me with "Oh, come on now....give the guy a break.... He's just making an observation." you responded by saying "why?"...once again, support your original statement.

No hard feelings, just thought I'd point out the fact that you original post was primarily directed at me and not everyone. It's all about "face" now I suppose


Cheers

JS



posted on Feb, 8 2006 @ 11:19 AM
link   

Originally posted by jumpspace
From this, it's pretty obvious that "you're" means "you are" which is pointing at me. Also "thanks for the support" is obviously directed at me and supports the first statement.


The plural of the word "you" anyone? Anyone, really, does anyone know?


The "thanks for support" was directed at anyone blocking ATS's few ads.

[edit on 2/8/2006 by cmdrkeenkid]



new topics

top topics



 
0
<<   2 >>

log in

join