no secure login

why?

[edit on 23-5-2008 by Greek]

Why do we need one?

No one is putting personal info about themselves in here.

No payments are being made from here.

The site is openly searchable to all the major search engines, with the exception of RATS.

Anyone with websense would know to use different passwords for different sites.

the username and password is sent without being encrypted first. that means that it can be easily obtainable.

don't you care about the security of the members and yours?

what if the server(s) get hacked? is anything server-side being encrypted at all?

[edit on 28-5-2008 by Greek]

Just if you use firefox for a browser download keyscrambler..it encrypts the password down to the kernel mode.

Here's a blast from the past where the idea was discussed. It is one of SO's threads.


www.abovetopsecret.com...

alienstar,

keylogging prevention has nothing to do with my question.

alienstar,

keylogging prevention has nothing to do with my question.

reply to post by Greek


Why would ATS have one?

I haven't seem one forum, or any site that doesn't hold banking/credit info on the site, for that matter, that does have secure logins.

Did you have a suggestion for us?

oh crap , here we go again

ok you " expurts " - please tell use EXACTLY what a ` secure login ` would acheive

in breif - a ` secure login ` would only protect your password

what can someone do with your ATS pasword ?

1 - they can post " as you "

2 they can read your U2U

and THAT IS IT

if you are so paranoid that you believe that ATS needs ` secure login ` then i doubt you even use the ATS unsecure U2U for anything

and if ` they ` attempt to " post as you " who will it fool ?

bottom line - is that in 6 years of operation and 100K + members has ANYONES id been comprimised ?

There's no such thing as secure anything on the net..not even from all the security programs that claim they protect you.

I finally just accepted it and quit trying to secure and cloak. You have the standard for gov and corporations that are protected by network engineers round the clock. Then there is the standard for the civilian...pretend all the security programs protect you.

I think I am as security conscious as anyone. It was my profession for a while; but I think if we truly want security, we must take responsibility for providing it for ourselves.

If you think it will increase the number of subscribers, posters, etc... then go for it.

I intend to be here until you tire of my online company.

Ain't skeered.

IF someone is targeting you, and attempting to steal your passwords, I suggest that your ATS login is probably the least of your worries.

A more significant worry -- someone is tracking your IP address. That is definitely happening at many of the sites you visit. That is a more revealing signature than anything I can think of -- including all the posts you may be making here and other places.

Originally posted by Greek
the username and password is sent without being encrypted first. that means that it can be easily obtainable.

In the seven years of operation of ATS using the existing legacy of the XMB software, there has been only one occurrence of known account hijacking, and that was due to a published exploit in the core code base.

Since then, the data structure and code base has been so significantly modified as to be a 100% custom solution.

Additionally, we have a third-party security specialist firm constantly monitoring the security logs of our server and proactively ensuring the environment is highly secure.

The idea of a secure socket for ATS (https) has been floated several times, but the added load on the servers and performance degradation all users would experience is overkill in my opinion.