Jump to content


It's been a freaking week


  • Please log in to reply
41 replies to this topic

Overlord93 #21 Posted 13 February 2020 - 07:59 PM

    Sergeant

  • Beta Tester
  • 13218 battles
  • 249
  • [CROFT] CROFT
  • Member since:
    01-08-2011

View PostCmdRatScabies, on 13 February 2020 - 06:56 PM, said:

Maybe you should boycott the forums and never post again?


Edited by Overlord93, 13 February 2020 - 08:00 PM.


unhappy__bunny #22 Posted 13 February 2020 - 08:03 PM

    Brigadier

  • Moderator
  • 21385 battles
  • 4,513
  • [-OC-] -OC-
  • Member since:
    08-01-2012

View Postnakkipeppu, on 13 February 2020 - 06:54 PM, said:

 

https://us.forums.blizzard.com/en/wow/

https://steamcommuni...om/discussions/

https://forum.supercell.com/

https://forums.battlefield.com/en-us/

 

I can go on. EVERYBODY implements SSL on their public forums.

 

And it's almost certainly because they have a security policy that states that their public services use strong encryption. And they have controls and teams that handle reported security issues.

 

I don't really care about the forums, but I DO care that if somebody reports a found security issue (in this case, it absolutely takes minutes to fix, as you already HAVE a wildcard certificate, you don't need to even buy one), it doesn't get handled at all. I'm worried that you don't have any kind of process for fixing found or reported security issues.

18:55 Added after 1 minute
I challenge you to redirect this conversation to your CISO and see if s/he thinks it's not a big deal.


Fair point about those forums. I did check after I posted and certainly Steam have SSL on theirs.

Will try to see if this can be raised via a CM. Just don't expect an immediate answer though.



nakkipeppu #23 Posted 13 February 2020 - 08:14 PM

    Staff Sergeant

  • Player
  • 35081 battles
  • 441
  • [LGGF] LGGF
  • Member since:
    04-10-2012

View Postunhappy_bunny, on 13 February 2020 - 09:03 PM, said:


Fair point about those forums. I did check after I posted and certainly Steam have SSL on theirs.

Will try to see if this can be raised via a CM. Just don't expect an immediate answer though.

 

Thank you. I know you can't do more, and CM can't probably do anything either but to pass this along.

 

 



BravelyRanAway #24 Posted 13 February 2020 - 08:16 PM

    Field Marshal

  • Beta Tester
  • 25705 battles
  • 13,752
  • [H_I_T] H_I_T
  • Member since:
    12-29-2010

View Postnakkipeppu, on 13 February 2020 - 07:14 PM, said:

 

Thank you. I know you can't do more, and CM can't probably do anything either but to pass this along.

 

 

You still haven't answered......what can you lose on the forum.



Olias_0f_Sunhillow #25 Posted 13 February 2020 - 08:20 PM

    Colonel

  • Player
  • 27249 battles
  • 3,785
  • [WJDE] WJDE
  • Member since:
    07-20-2011

View PostBravelyRanAway, on 13 February 2020 - 07:16 PM, said:

You still haven't answered......what can you lose on the forum.

 

 

Reputation.



nakkipeppu #26 Posted 13 February 2020 - 08:20 PM

    Staff Sergeant

  • Player
  • 35081 battles
  • 441
  • [LGGF] LGGF
  • Member since:
    04-10-2012

View PostBravelyRanAway, on 13 February 2020 - 09:16 PM, said:

You still haven't answered......what can you lose on the forum.

 

It's irrelevant on what I can lose on the forum.

 

The relevant part is that it's not getting fixed. And if it's not fixed on forums when reported, will it get fixed where it matters when reported ?



Private_Miros #27 Posted 13 February 2020 - 08:26 PM

    Field Marshal

  • Player
  • 29639 battles
  • 11,793
  • [EMU87] EMU87
  • Member since:
    07-09-2011

View Postnakkipeppu, on 13 February 2020 - 07:20 PM, said:

 

It's irrelevant on what I can lose on the forum.

 

The relevant part is that it's not getting fixed. And if it's not fixed on forums when reported, will it get fixed where it matters when reported ?

 

Yes, because if no investment is done where it isn't needed, why should it be done when needed?

 

Do you use a seatbelt in your computer chair?


Edited by Private_Miros, 13 February 2020 - 08:26 PM.


__Eric__ #28 Posted 13 February 2020 - 08:40 PM

    Lieutenant

  • Player
  • 39979 battles
  • 1,860
  • [T-D-U] T-D-U
  • Member since:
    03-15-2013

View Postnakkipeppu, on 13 February 2020 - 05:50 PM, said:

 

I know, but support asked me to do so. I'm just following instructions.

 

 

That's what a scammer would say. I have no way telling if everything's fine, or if you're some scammer trying to trick me into thinking that everything's fine.

 

 

 

View PostBravelyRanAway, on 13 February 2020 - 06:07 PM, said:

:facepalm:


BravelyScamAway :trollface:



BravelyRanAway #29 Posted 13 February 2020 - 08:40 PM

    Field Marshal

  • Beta Tester
  • 25705 battles
  • 13,752
  • [H_I_T] H_I_T
  • Member since:
    12-29-2010

View Postnakkipeppu, on 13 February 2020 - 07:20 PM, said:

 

It's irrelevant on what I can lose on the forum.

It shows you have no idea what you're talking about.



nakkipeppu #30 Posted 13 February 2020 - 08:50 PM

    Staff Sergeant

  • Player
  • 35081 battles
  • 441
  • [LGGF] LGGF
  • Member since:
    04-10-2012

View PostPrivate_Miros, on 13 February 2020 - 09:26 PM, said:

 

Yes, because if no investment is done where it isn't needed, why should it be done when needed?

 

Do you use a seatbelt in your computer chair?

 

When I'm sitting in my chair, I'm not governed by any sort of management system, and I can just decide what kind of safety controls I can be arsed to apply to my life. Companies with certifications (which they absolutely do have, if they're allowed to handle money and payments) do not have such luxury. At that size, fostering a culture where issues can be passed along purely whether or not a person handling the issue feels like it will at some point fail in spectacular fashion. 

 

I'd rather have them not fail, because they do hold my credit card details, phone number and street address.



BravelyRanAway #31 Posted 13 February 2020 - 08:58 PM

    Field Marshal

  • Beta Tester
  • 25705 battles
  • 13,752
  • [H_I_T] H_I_T
  • Member since:
    12-29-2010

View Postnakkipeppu, on 13 February 2020 - 07:50 PM, said:

 

 (which they absolutely do have, if they're allowed to handle money and payments) do not have such luxury. 

Log out and then try to log back in.....you will be brought to a secure page to log in.

Go to pay WG money.........................you will be brought to a secure page to make your payment.

Go to support to complain...................you will be brought to a secure page to make your complaint.



Pansenmann #32 Posted 13 February 2020 - 09:04 PM

    Field Marshal

  • Player
  • 38385 battles
  • 14,693
  • [WJDE] WJDE
  • Member since:
    08-17-2012

iirc I raised that issue too via ticket some time ago

but then - noscript and other tools filter out the one or other occasional facebook / tracking stuff in peoples signatures ;)



nakkipeppu #33 Posted 13 February 2020 - 09:20 PM

    Staff Sergeant

  • Player
  • 35081 battles
  • 441
  • [LGGF] LGGF
  • Member since:
    04-10-2012

View PostBravelyRanAway, on 13 February 2020 - 09:58 PM, said:

Log out and then try to log back in.....you will be brought to a secure page to log in.

Go to pay WG money.........................you will be brought to a secure page to make your payment.

Go to support to complain...................you will be brought to a secure page to make your complaint.

 

I would not be posting here if it didn't

 

If you pointed out to your landlord that there are some wiring just hanging out there from your ceiling and he answered you "lol, don't worry about it. It's not probably connected anyway", does that give you impression that he'll get the important stuff fixed promptly and properly ?

 

I really can't explain this more clearly - if you don't care, then sure, don't care - it's your business. If you feel like ridiculing me for wanting them to act like a proper business, and get their *%#¤ together, do it if it makes you feel better. It's not my loss.



CmdRatScabies #34 Posted 13 February 2020 - 09:22 PM

    Lieutenant General

  • Player
  • 39085 battles
  • 6,418
  • [-MM] -MM
  • Member since:
    10-12-2015

View PostPrivate_Miros, on 13 February 2020 - 08:26 PM, said:

Do you use a seatbelt in your computer chair?

Only of Saturdays.  As a treat.

20:24 Added after 1 minute

View Postnakkipeppu, on 13 February 2020 - 08:20 PM, said:

 

It's irrelevant on what I can lose on the forum.

 

The relevant part is that it's not getting fixed. And if it's not fixed on forums when reported, will it get fixed where it matters when reported ?

Actually it is quite relevant.  If it doesn't need fixing then why fix it?

 

Actually.  Have you thought of a job in the WG balancing dept?


Edited by CmdRatScabies, 13 February 2020 - 09:26 PM.


BravelyRanAway #35 Posted 13 February 2020 - 10:14 PM

    Field Marshal

  • Beta Tester
  • 25705 battles
  • 13,752
  • [H_I_T] H_I_T
  • Member since:
    12-29-2010

View Postnakkipeppu, on 13 February 2020 - 08:20 PM, said:

 

I really can't explain this more clearly - 

That's because you have no idea what you're talking about.



Major_cjs #36 Posted 13 February 2020 - 11:06 PM

    Lieutenant Сolonel

  • Player
  • 3945 battles
  • 3,488
  • [T-D-U] T-D-U
  • Member since:
    10-27-2013
Even if I personally can't be arsed with things like these i'm thankful that others can. 
 

Homer_J #37 Posted 13 February 2020 - 11:49 PM

    Field Marshal

  • Moderator
  • 33920 battles
  • 38,444
  • [WJDE] WJDE
  • Member since:
    09-03-2010

View Postunhappy_bunny, on 13 February 2020 - 06:47 PM, said:

 

How many game forums use SSL certificates?

Can you buy anything from the forum? 

When you signed up to the forum did you enter any CC, bank, or other personal data?

 

I think you are just making a fuss over nothing. 

It has become pretty standard for all websites even if you don't interact with them.

 

View PostBravelyRanAway, on 13 February 2020 - 06:58 PM, said:

Do explain exactly how this causes a security issue for you and what you can lose?

It's a security issue for WG if someone performs a man in the middle attack on one of their staff and takes over their forum session.



Hayton #38 Posted 13 February 2020 - 11:55 PM

    Corporal

  • Player
  • 54342 battles
  • 158
  • Member since:
    03-27-2011

OP does have a point though. For a company this size to have a forum that Google warns is "not secure" doesn't make sense. Why not just get the certificate and make the forum secure, as you might expect from a brand that would like to be considered trustworthy. 

 

It does make you wonder that if they are not concerned about the security of their entire product ,which includes the forum, then are they really concerned and diligent about the security of  your sensitive data.  Personally though, I couldn't really give a toss about any of it.



CmdRatScabies #39 Posted 14 February 2020 - 12:00 AM

    Lieutenant General

  • Player
  • 39085 battles
  • 6,418
  • [-MM] -MM
  • Member since:
    10-12-2015

View PostHomer_J, on 13 February 2020 - 11:49 PM, said:

It's a security issue for WG if someone performs a man in the middle attack on one of their staff and takes over their forum session.

Someone could pass themselves off as a Mod and start moving posts from "off topic" into "gameplay"?

 

:)


Edited by CmdRatScabies, 14 February 2020 - 12:01 AM.


Overlord93 #40 Posted 14 February 2020 - 12:22 AM

    Sergeant

  • Beta Tester
  • 13218 battles
  • 249
  • [CROFT] CROFT
  • Member since:
    01-08-2011

The only real damage risk in my experience is when you improperly set up PHP allowing bots and hackers to write files on your server and if they put phishing page on your server, you're gonna get banned by google(no one using chrome or firefox browser will be able to vist your site)m happened to me once, its not the end of the world tho, once you secure the server and remove virus content/pages you can make an appeal to google and back to buisness in few days.

 

Still tho OP is right, with https://www.sslforfree.com/ being a thing, there's no reason for WG webmasters not to install one.

Edit: Blah i remembered a reason, it can be huge pain in the [edited]if the website is already built to use "http" and changing it to "https" in some cases can break most of the site and all the links, assets and references to assets.


Edited by Overlord93, 14 February 2020 - 12:26 AM.





1 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users