deskthority

For everyone running sites out there, SSL is in pretty big trouble right now:

http://heartbleed.com
https://www.schneier.com/blog/archives/ ... bleed.html

Make sure to update your OpenSSL. You can check for vulnerability here:

http://filippo.io/Heartbleed/

DT comes up with a testing error. Are we good yet?

I don't think DT uses SSL at all, which is a huge problem in itself...

At least I can't get https://deskthority.net here, in Firefox, wget or curl.

Fair enough. I'm no admin, but this sounds like something folks should know about. I assumed SSL comes into play when logging into accounts or changing passwords.

The same is true for Selectrics…

Due to lack of member interest, we employed some leprechauns to run some of the club business. I need to ask them about that.

Hey, the good news is that since we don't use SSL at all, we're not vulnerable! *

(* Just our passwords)

Any posts of mine that sound really stupid were done by somebody who has my password and was pretending to be me. (...yes... that excuse will do nicely.. )

If I could download all messages, I could delete the contents.

On the other hand: Most Round 5 orders are locked, so no problem there.

I don't think encryption is important because it is protecting our passwords or your orders. Of course that's nice, too.

It'd make surveillance a tiny little bit harder. It'd be a kind of political statement.

scottc wrote:I don't think DT uses SSL at all, which is a huge problem in itself...

At least I can't get https://deskthority.net here, in Firefox, wget or curl.

the ironic thing is DT even has a password policy
> Password must be between 6 and 100 characters long,
> must contain letters in mixed case and must contain numbers.

well ... use DT once on your phone using an open wireless hotspot and your password is just screamed you to everybody else on the network, ready to be heard and your account is gone

for a forum about devices connected to computers, not supporting ssl/tls is a real shame