Sylmar Hang Gliding Association Forum Index Sylmar Hang Gliding Association
Get High...Go Far...Tell Us About It
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Make sure your SHGA password isn't used anywhere else

 
Post new topic   Reply to topic    Sylmar Hang Gliding Association Forum Index -> Support - Helpdesk
View previous topic :: View next topic  
Author Message
OP



Joined: 27 May 2009
Posts: 1134
Location: SFV

PostPosted: Sun Sep 08, 2013 5:30 pm    Post subject: Make sure your SHGA password isn't used anywhere else Reply with quote Add User to Ignore List

It's incredibly insecure. It broadcasts the username and password in plane text in easily sniffed packets.

Back to top
View user's profile Send private message
JD



Joined: 25 Apr 2008
Posts: 1668

PostPosted: Mon Sep 09, 2013 7:06 am    Post subject: Reply with quote Add User to Ignore List

Thanks OP. How did you access this information? Is this something that anyone could do using Freeware like Wireshark?
Back to top
View user's profile Send private message
OP



Joined: 27 May 2009
Posts: 1134
Location: SFV

PostPosted: Mon Sep 09, 2013 3:27 pm    Post subject: Reply with quote Add User to Ignore List

Yea that's freeware. Wireshark is shown in the jpeg. Try it on yourself to see how easy it is.




Surprised
Back to top
View user's profile Send private message
JD



Joined: 25 Apr 2008
Posts: 1668

PostPosted: Mon Sep 09, 2013 5:31 pm    Post subject: Reply with quote Add User to Ignore List

OP wrote:
Yea that's freeware. Wireshark is shown in the jpeg. Try it on yourself to see how easy it is....

Thanks OP. See you at the Dahlston
Back to top
View user's profile Send private message
Chip
Site Admin


Joined: 28 Apr 2005
Posts: 643
Location: Sylmar, CA

PostPosted: Mon Sep 09, 2013 7:59 pm    Post subject: Reply with quote Add User to Ignore List

Uh, easy enough when you on the same network or using the same computer you are using to sniff. Otherwise you need to intercept them. So not as easy as you might be leading others to believe.

Sure it would be nice to move to phpBB3 where we can use something other than the default MD5 hash encryption method. But we'll need to re-write a significant portion of the web site to work with mySQL since phpBB3 does not work with msaccess (our current DB).

About a year and a half ago, I successfully tested the upgrade from phpBB2 to 3. It was relatively easy but because the new forum uses a new login hash the SHGA pilot login section would need re-written at a minimum.

Step up anytime you are willing to put in the hours
Back to top
View user's profile Send private message Visit poster's website
OP



Joined: 27 May 2009
Posts: 1134
Location: SFV

PostPosted: Wed Sep 11, 2013 2:12 pm    Post subject: Reply with quote Add User to Ignore List

Just a warning to those who use a single password for everything. If share a common wifi network, I can get your info. So if we are both on the wifi in the lz, I can easily read your username and password.

Just a word to all who do this:
Oh look free unprotected wifi at the coffee shop. Let me log into SHGA, facebook, email and my bank. They could figure out who you are and "go chop your dollar." http://bit.ly/QGmW2U

Migrating looks like a huge hassle. This works great for our purposes. Thanks for running this thing for us chip.
Back to top
View user's profile Send private message
Chip
Site Admin


Joined: 28 Apr 2005
Posts: 643
Location: Sylmar, CA

PostPosted: Sun Sep 15, 2013 8:34 am    Post subject: Reply with quote Add User to Ignore List

Strongly suggest that everyone use a password manager like RoboForm, LastPass, Keepass.

Most of them have some sort of password generator that randomizes the password and can keep track of the password changes for each site you visit.

I'm using RoboForm, but many people are using LastPass and like it for its dual factor authentication options. Either way, a password manager is a good way of having passwords that are separate for every place on the internet you visit and you only need to remember one master password.

Easy to install, takes a bit of trust to go completely in, but once you start using one, you'll wonder why it took you so long to start using one.

Concerned that you cannot use it if you aren't at the computer you installed it on? Don't be. All of them have a way to view the password online after you authenticate with the correct credentials. Most good password managers also work with your smart phone too.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Sylmar Hang Gliding Association Forum Index -> Support - Helpdesk All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group