Jump to content


It's been a freaking week


  • Please log in to reply
41 replies to this topic

nakkipeppu #1 Posted 13 February 2020 - 06:16 PM

    Staff Sergeant

  • Player
  • 34487 battles
  • 433
  • [LGGF] LGGF
  • Member since:
    04-10-2012

.. this site has been running with no security controls whatsoever. I contacted support week ago, and am now following their instructions to rectify the issue.

 

"We understand you have concern over the certificates of the Wargaming Related Sites. 
We have taken note of this concern and raised it to the appropriate department and team. We appreciate notifying us about this matter. 
If you wish to speak more about this then you may do so over at our Forums Page. This is where our community managers frequent to listed to the players."

 

So here I am, speaking more about this over at Forums Page. I'm waiting for community manager to frequent to listed me. I'll just top this every day until it gets fixed, I'll promise I'll shut up when it's fixed.

 

Or maybe that won't happen because this isn't the worldoftanks official forums, but a scam site ? I CANNOT KNOW !



Dava_117 #2 Posted 13 February 2020 - 06:22 PM

    Lieutenant General

  • Moderator
  • 23776 battles
  • 6,180
  • [T-D-U] T-D-U
  • Member since:
    12-17-2014
I can tell the CM about your issue but, apart from sending them to Minsk, seriously doubt our CM can do much...

BravelyRanAway #3 Posted 13 February 2020 - 06:24 PM

    Field Marshal

  • Beta Tester
  • 24985 battles
  • 12,971
  • [H_I_T] H_I_T
  • Member since:
    12-29-2010

What are you frightened of?

You don't put your passwords or other information onto the forum pages. When you need to put credit card info or login info to gain access....you get redirected to a secure page/link..



CmdRatScabies #4 Posted 13 February 2020 - 06:27 PM

    Lieutenant General

  • Player
  • 38551 battles
  • 6,102
  • [-MM] -MM
  • Member since:
    10-12-2015

View Postnakkipeppu, on 13 February 2020 - 06:16 PM, said:

If you wish to speak more about this then you may do so over at our Forums Page. This is where our community managers frequent to listed to the players."

Ah.  CS code for F off and stop bothering us.  :)



nakkipeppu #5 Posted 13 February 2020 - 06:50 PM

    Staff Sergeant

  • Player
  • 34487 battles
  • 433
  • [LGGF] LGGF
  • Member since:
    04-10-2012

View PostDava_117, on 13 February 2020 - 07:22 PM, said:

I can tell the CM about your issue but, apart from sending them to Minsk, seriously doubt our CM can do much...

 

I know, but support asked me to do so. I'm just following instructions.

 

Block Quote

 

What are you frightened of?

You don't put your passwords or other information onto the forum pages. When you need to put credit card info or login info to gain access....you get redirected to a secure page/link..

 

That's what a scammer would say. I have no way telling if everything's fine, or if you're some scammer trying to trick me into thinking that everything's fine.

 

 



BravelyRanAway #6 Posted 13 February 2020 - 07:07 PM

    Field Marshal

  • Beta Tester
  • 24985 battles
  • 12,971
  • [H_I_T] H_I_T
  • Member since:
    12-29-2010

View Postnakkipeppu, on 13 February 2020 - 05:50 PM, said:

 

That's what a scammer would say. I have no way telling if everything's fine, or if you're some scammer trying to trick me into thinking that everything's fine.

 

 

:facepalm:



unhappy__bunny #7 Posted 13 February 2020 - 07:16 PM

    Brigadier

  • Moderator
  • 20855 battles
  • 4,220
  • [-OC-] -OC-
  • Member since:
    08-01-2012

View Postnakkipeppu, on 13 February 2020 - 05:16 PM, said:

.. this site has been running with no security controls whatsoever. I contacted support week ago, and am now following their instructions to rectify the issue.

 

"We understand you have concern over the certificates of the Wargaming Related Sites. 
We have taken note of this concern and raised it to the appropriate department and team. We appreciate notifying us about this matter. 
If you wish to speak more about this then you may do so over at our Forums Page. This is where our community managers frequent to listed to the players."

 

So here I am, speaking more about this over at Forums Page. I'm waiting for community manager to frequent to listed me. I'll just top this every day until it gets fixed, I'll promise I'll shut up when it's fixed.

 

Or maybe that won't happen because this isn't the worldoftanks official forums, but a scam site ? I CANNOT KNOW !

 

What exactly are your concerns? What security controls would you like for the forum? 

 



OIias_of_Sunhillow #8 Posted 13 February 2020 - 07:25 PM

    Colonel

  • Player
  • 26807 battles
  • 3,627
  • [WJDE] WJDE
  • Member since:
    07-20-2011

View Postnakkipeppu, on 13 February 2020 - 05:50 PM, said:

That's what a scammer would say. I have no way telling if everything's fine, or if you're some scammer trying to trick me into thinking that everything's fine.

 

A visit to your doctor may be a recommendation.



BravelyRanAway #9 Posted 13 February 2020 - 07:30 PM

    Field Marshal

  • Beta Tester
  • 24985 battles
  • 12,971
  • [H_I_T] H_I_T
  • Member since:
    12-29-2010

View PostOIias_of_Sunhillow, on 13 February 2020 - 06:25 PM, said:

 

A visit to your doctor may be a recommendation.

But....but....what if he's not a real doctor?:ohmy:



nakkipeppu #10 Posted 13 February 2020 - 07:34 PM

    Staff Sergeant

  • Player
  • 34487 battles
  • 433
  • [LGGF] LGGF
  • Member since:
    04-10-2012

View Postunhappy_bunny, on 13 February 2020 - 08:16 PM, said:

 

What exactly are your concerns? What security controls would you like for the forum? 

 

 

Short term, I want the SSL certificate on the webserver running the forums, so I my sessions are encrypted, and that I can be sure that I'm connected to a server that belongs to wargaming, proved by a trusted root certificate that's issued to wargaming.

 

Long term, I want to be ensured that WG takes it's security seriously as I've entrusted you to hold a lot of my personal data and credit card details. IT HAS BEEN A WEEK. This isn't my moms knitting blog, how can I be sure that all the important stuff is secure, if nobody gives a #%¤& about some other corner of their services ? How long it does it take to correct a reported security issue with one of your services ?

 

I'm terribly sorry if I come off as rude, but some dude hijacked my session and added all the rude remarks into this post.



BravelyRanAway #11 Posted 13 February 2020 - 07:36 PM

    Field Marshal

  • Beta Tester
  • 24985 battles
  • 12,971
  • [H_I_T] H_I_T
  • Member since:
    12-29-2010

View Postnakkipeppu, on 13 February 2020 - 06:34 PM, said:

Long term, I want to be ensured that WG takes it's security seriously as I've entrusted you to hold a lot of my personal data and credit card details.

Your personal data and credit card details are not held on the forum.



nakkipeppu #12 Posted 13 February 2020 - 07:38 PM

    Staff Sergeant

  • Player
  • 34487 battles
  • 433
  • [LGGF] LGGF
  • Member since:
    04-10-2012

View PostBravelyRanAway, on 13 February 2020 - 08:36 PM, said:

Your personal data and credit card details are not held on the forum.

 

No, but they are held by a company that can't get a certificate installed on nginx within a week.

 

Would you trust a doctor who doesn't wash his hands after he takes a dump to do a surgery on you ?


Edited by nakkipeppu, 13 February 2020 - 07:40 PM.


BravelyRanAway #13 Posted 13 February 2020 - 07:41 PM

    Field Marshal

  • Beta Tester
  • 24985 battles
  • 12,971
  • [H_I_T] H_I_T
  • Member since:
    12-29-2010

View Postnakkipeppu, on 13 February 2020 - 06:38 PM, said:

 

No, but they are held by a company that can't get a certificate installed on nginx within a week.

Why do they need to?.......it's been like this years and there is nothing to lose here. 

Much ado about nothing.



Private_Miros #14 Posted 13 February 2020 - 07:44 PM

    Field Marshal

  • Player
  • 27185 battles
  • 10,520
  • [EMU87] EMU87
  • Member since:
    07-09-2011

View Postnakkipeppu, on 13 February 2020 - 06:38 PM, said:

 

No, but they are held by a company that can't get a certificate installed on nginx within a week.

 

Would you trust a doctor who doesn't wash his hands after he takes a dump to do a surgery on you ?

 

Joke's on you to log in then. Or use the internet. At least for anything not using ID-based two factor authentication.



unhappy__bunny #15 Posted 13 February 2020 - 07:47 PM

    Brigadier

  • Moderator
  • 20855 battles
  • 4,220
  • [-OC-] -OC-
  • Member since:
    08-01-2012

View Postnakkipeppu, on 13 February 2020 - 06:34 PM, said:

 

Short term, I want the SSL certificate on the webserver running the forums, so I my sessions are encrypted, and that I can be sure that I'm connected to a server that belongs to wargaming, proved by a trusted root certificate that's issued to wargaming.

 

Long term, I want to be ensured that WG takes it's security seriously as I've entrusted you to hold a lot of my personal data and credit card details. IT HAS BEEN A WEEK. This isn't my moms knitting blog, how can I be sure that all the important stuff is secure, if nobody gives a #%¤& about some other corner of their services ? How long it does it take to correct a reported security issue with one of your services ?

 

I'm terribly sorry if I come off as rude, but some dude hijacked my session and added all the rude remarks into this post.

 

How many game forums use SSL certificates?

Can you buy anything from the forum? 

When you signed up to the forum did you enter any CC, bank, or other personal data?

 

I think you are just making a fuss over nothing. 



Overlord93 #16 Posted 13 February 2020 - 07:48 PM

    Sergeant

  • Beta Tester
  • 13214 battles
  • 249
  • [CROFT] CROFT
  • Member since:
    01-08-2011

Don't worry i had one of my websites (ecommerce site for custom furniture) run fine few months with expired SSL certificate, no one complained and customer didn't even notice.



Bulldog_Drummond #17 Posted 13 February 2020 - 07:52 PM

    Field Marshal

  • Player
  • 34777 battles
  • 11,469
  • [DRATT] DRATT
  • Member since:
    08-10-2014

View Postnakkipeppu, on 13 February 2020 - 05:16 PM, said:

 

If you wish to speak more about this then you may do so over at our Forums Page. This is where our community managers frequent to listed to the players."

 

 

No one can say that WG staff lack a sense of humour



nakkipeppu #18 Posted 13 February 2020 - 07:54 PM

    Staff Sergeant

  • Player
  • 34487 battles
  • 433
  • [LGGF] LGGF
  • Member since:
    04-10-2012

View Postunhappy_bunny, on 13 February 2020 - 08:47 PM, said:

 

How many game forums use SSL certificates?

Can you buy anything from the forum? 

When you signed up to the forum did you enter any CC, bank, or other personal data?

 

I think you are just making a fuss over nothing. 

 

https://us.forums.blizzard.com/en/wow/

https://steamcommuni...om/discussions/

https://forum.supercell.com/

https://forums.battlefield.com/en-us/

 

I can go on. EVERYBODY implements SSL on their public forums.

 

And it's almost certainly because they have a security policy that states that their public services use strong encryption. And they have controls and teams that handle reported security issues.

 

I don't really care about the forums, but I DO care that if somebody reports a found security issue (in this case, it absolutely takes minutes to fix, as you already HAVE a wildcard certificate, you don't need to even buy one), it doesn't get handled at all. I'm worried that you don't have any kind of process for fixing found or reported security issues.

18:55 Added after 1 minute
I challenge you to redirect this conversation to your CISO and see if s/he thinks it's not a big deal.

CmdRatScabies #19 Posted 13 February 2020 - 07:56 PM

    Lieutenant General

  • Player
  • 38551 battles
  • 6,102
  • [-MM] -MM
  • Member since:
    10-12-2015

View Postnakkipeppu, on 13 February 2020 - 07:54 PM, said:

 

https://us.forums.blizzard.com/en/wow/

https://steamcommuni...om/discussions/

https://forum.supercell.com/

https://forums.battlefield.com/en-us/

 

I can go on. EVERYBODY implements SSL on their public forums.

 

And it's almost certainly because they have a security policy that states that their public services use strong encryption. And they have controls and teams that handle reported security issues.

 

I don't really care about the forums, but I DO care that if somebody reports a found security issue (in this case, it absolutely takes minutes to fix, as you already HAVE a wildcard certificate, you don't need to even buy one), it doesn't get handled at all. I'm worried that you don't have any kind of process for fixing found or reported security issues.

18:55 Added after 1 minute
I challenge you to redirect this conversation to your CISO and see if s/he thinks it's not a big deal.

Maybe you should boycott the forums and never post again?



BravelyRanAway #20 Posted 13 February 2020 - 07:58 PM

    Field Marshal

  • Beta Tester
  • 24985 battles
  • 12,971
  • [H_I_T] H_I_T
  • Member since:
    12-29-2010

View Postnakkipeppu, on 13 February 2020 - 06:54 PM, said:

 

https://us.forums.blizzard.com/en/wow/

https://steamcommuni...om/discussions/

https://forum.supercell.com/

https://forums.battlefield.com/en-us/

 

I can go on. EVERYBODY implements SSL on their public forums.

 

And it's almost certainly because they have a security policy that states that their public services use strong encryption. And they have controls and teams that handle reported security issues.

 

I don't really care about the forums, but I DO care that if somebody reports a found security issue (in this case, it absolutely takes minutes to fix, as you already HAVE a wildcard certificate, you don't need to even buy one), it doesn't get handled at all. I'm worried that you don't have any kind of process for fixing found or reported security issues.

18:55 Added after 1 minute
I challenge you to redirect this conversation to your CISO and see if s/he thinks it's not a big deal.

Do explain exactly how this causes a security issue for you and what you can lose?






1 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users