ATS SSL

Something that has bugged me for a while is that there is no port 443 SSL running for the ATS Website. I would really like to know why...

Is it

a.) SSL is hard fer us
b.) We don't want people to work too hard to know your username and password
c.) We were able to opt out of having the NSA's software on our servers as long as it was clear text
d.) We are broke and can't afford a cheap cert
e.) It's what our Chinese masters make us do and we don't question them

Just a little more than curious.

Ah, huh?

a reply to: Apollumi

I totally agree.

We have had suspect advertisers who have used the site (thanks to the mods for reacting quickly) but not having SSL leaves ATS (and us) open to many forms of 'man in the middle' attacks.

I'm aware that the mods are pretty good but would personally feel more confident if I could be assured that the site is being delivered to me as served out by ATS.

a reply to: Apollumi

I think SSL should be a no-brainer for a site like ATS.

There are a number of actors on the Internet that I would prefer not to have access to the clear text of my ATS browsing. Although my posts are public, the topics that I browse and other activity I have here could disclose a lot of information about the way I think, and what interests I have.

Either way, that's not the kind of data I want to leak to the world.

-dex

I think of things like I experienced at one job. My boss had a computer science degree and for the life of me I'm not sure how he got it. For example, he had an ethernet cable run from the Internet facing switch into the core switch in the server room. I kid you not.

I found it pretty quick after I first came to work there because I was using my personal laptop and I'm paranoid as hell. For good reason. Right off the bat I'm seeing alerts going off. There were packets in the internal network coming from the Russian Federation and Beijing. It took me a couple days to convince him I could make it work without doing that.

Anyway. Months later I was helping troubleshoot problems with the payment vendor's VPN device dropping (another problem created by my boss) and in the packet captures I could see all of the customer data in clear text coming from the mainframe. The user home address, credit card numbers, everything. I thought if they had just used SSL, SSH, or anything but clear text. No telling how much data went overseas to bad people.

Lol, the servers, callcenter, noc, and the whole shebang was in one big subnet also.

Anywhoooo. I'd feel better if they put a little cheap SSL cert in place. Or even an unsigned cert. In these days of government wanting access to your every thought I think I'd trust an unsigned more.

There is a fix for this in firefox, at least. Makes your connection secure.

type about:config in the url address bar.

It will warn you about breaking stuffs, just agree.

search for security.insecure_field_warning.contextual.enabled in the search box thingy

it will be set to True. Double click it, to set it to False. It will become bold, to show that it is a user set setting.

Now when you access ATS you are 100% secure. You can tell by the "This Connection is not Secure. Logins entered here could be compromised" warning has gone away.

Thank me later, U2U me to send me some bitcoins if you want.

Sometimes people I had met in the office would want to come and chat with me and show me their immense knowledge of all things IT. They'd even try to mess with my computer on occasion or try to bypass network security. I'd just ban them from my office or get them fired if they were to much of a pain. True story.

originally posted by: badw0lf
There is a fix for this in firefox, at least. Makes your connection secure.

type about:config in the url address bar.

It will warn you about breaking stuffs, just agree.

search for security.insecure_field_warning.contextual.enabled in the search box thingy

it will be set to True. Double click it, to set it to False. It will become bold, to show that it is a user set setting.

Now when you access ATS you are 100% secure. You can tell by the "This Connection is not Secure. Logins entered here could be compromised" warning has gone away.

Thank me later, U2U me to send me some bitcoins if you want.

originally posted by: Apollumi
Sometimes people I had met in the office would want to come and chat with me and show me their immense knowledge of all things IT. They'd even try to mess with my computer on occasion or try to bypass network security. I'd just ban them from my office or get them fired if they were to much of a pain. True story.

originally posted by: badw0lf
There is a fix for this in firefox, at least. Makes your connection secure.

type about:config in the url address bar.

It will warn you about breaking stuffs, just agree.

search for security.insecure_field_warning.contextual.enabled in the search box thingy

it will be set to True. Double click it, to set it to False. It will become bold, to show that it is a user set setting.

Now when you access ATS you are 100% secure. You can tell by the "This Connection is not Secure. Logins entered here could be compromised" warning has gone away.

Thank me later, U2U me to send me some bitcoins if you want.

We had a code locked office door to keep the computing lecturers out. They didn't like it when we trashed their classrooms when they had blasted windows out with pirated cd-keys or installed pirated software.

Couldnt get them sacked though, their BUC's were idiots too.

Is it just me or did anyone else notice that absolutely no staff responded to this thread?

lol!