dbw - dirtbikeworld.net Members Forums

Go Back   dbw - dirtbikeworld.net Members Forums > General Forums > Off Track Talk

Off Track Talk Off Topic Stuff, Bench Racing and Other Topics - keep them clean!!!
Proudly Sponsored by www.torpedo7.com.au

Reply
 
Thread Tools Display Modes
  #1  
Old 2 Weeks Ago
Pete40's Avatar
Pete40 Pete40 is offline
dbw Pro Hero
 
Join Date: May 2002
Location: Boggo Rd. Jail
Posts: 12,596
DBW site "not safe"

My phone keeps loading a "lite" version of DBW that logs me out. Says the site is "insecure".

What's the go there? Any real threat?

Anybody else get this happen to them?

Chrome on Android.
Reply With Quote
  #2  
Old 2 Weeks Ago
Tom68's Avatar
Tom68 Tom68 is offline
dbw Pro Hero
 
Join Date: Nov 2007
Location: Melbournes North West Suburbs
Posts: 10,948
Been that way for a while.

Part of the reason newbies aren't getting involved.

Received notification somebody was trying to log in to my account once, no ongoing problem.

Done that online hack check and my password etc is still secure.
Attached Images
File Type: jpg Safe as never.JPG (74.2 KB, 33 views)
__________________
.
Ignorance leads to confidence more often than knowledge does
.
Reply With Quote
  #3  
Old 2 Weeks Ago
DaoRadivo DaoRadivo is offline
DBW Expert
 
Join Date: Oct 2013
Posts: 1,433
There isnít an SSL certificate installed. At least not installed correctly.
__________________
Quote:
Originally Posted by ggchris View Post
Perhaps we should be united by giving a shit about each other? A little kindness? A little recognition that the only currency that is worth anything is happiness and contentment. The exchange rate is fantastic, too... give a little away and you get more back.

Reply With Quote
  #4  
Old 2 Weeks Ago
jgesler jgesler is offline
dbw Pro
 
Join Date: Aug 2005
Location: Sydney
Posts: 12
firstly kudos and well done to the guys running and paying for the upkeep of this website (let me know who you are and if ever meet a slab beer coming your way).

My 5 sec nerdy view:
- The SSL certificate on website is perfect
- The backend webserver <may> accidently be configured to support some legacy old weak crackeable encryptions (TLS 1.0) which is easy to turn off by website admins
- Newer phone/pc browsers like CHROME no longer support TLS 1.0, hence why your mobile flagging issue
- most internet websites thesedays are now meant to permanently be SSL or HTTPS....this website accidently has both HTTP (no encryption security like HTTPS or SSL) though also has HTTPS/SSL, AND does not forward/force HTTP to HTTPS (SSL) which is easy to do in backend config
- if worries you, in front of the DBW website, always type httpS://dirtbikeworld.net... rather than just the url

You can check SSL certificate yourself using this website.

SO lets assume you have logged in at internet cafe or qantas club, gone to http://dbw rather than httpS://dbw, and someone next to you is monitoring your traffic...they capture your DBW username and password; reality is they cant do <that> much damage; can take over your account, maybe create posts, only potential risk is 1 of 2;
1. you have bought products via DBW onlinestore and saved your credit card info, then game on....
2. you have same/similar dbw password for your email account and other personal accounts ...if so then should return internet to shop now (or invest in password manager like 1pass or lastpass)...once they have access to your email then they lock you out of everything including internet banking!

If worried that your email acount may have been compromised in one of internet breaches where people can download your leaked username/password, then you can enter your email address HERE to check...normal suggestions is change your password, make strong and unique, enable MFA etc etc

anyway enough ramblings back to my friend mr glenfiddich...

John
https://www.youtube.com/user/n0garelli
Attached Images
File Type: jpg dbw-summary.jpg (33.7 KB, 22 views)
File Type: jpg dbw-config.jpg (49.4 KB, 19 views)
File Type: jpg dbw-http.jpg (30.9 KB, 19 views)
File Type: jpg pwnd.jpg (38.2 KB, 19 views)
File Type: jpg dbw-pnd-breached.jpg (31.9 KB, 19 views)
Reply With Quote
  #5  
Old 2 Weeks Ago
Pygmygod's Avatar
Pygmygod Pygmygod is offline
dbw Factory Pro
 
Join Date: Jul 2013
Location: Sunbury
Posts: 877
Nice post, would read another
__________________
2007 GasGas EC200
2005 WR250F
Reply With Quote
  #6  
Old 2 Weeks Ago
Pete40's Avatar
Pete40 Pete40 is offline
dbw Pro Hero
 
Join Date: May 2002
Location: Boggo Rd. Jail
Posts: 12,596
Thanks john. I like your style. I understand now.

What's "MFA" stand for? (I see it comes up on the phone as a word, I'd better get googling!!)
Reply With Quote
  #7  
Old 2 Weeks Ago
Pete40's Avatar
Pete40 Pete40 is offline
dbw Pro Hero
 
Join Date: May 2002
Location: Boggo Rd. Jail
Posts: 12,596
Mfa

Multi-factor authentication https://g.co/kgs/CA8UaM
Reply With Quote
  #8  
Old 2 Weeks Ago
Dok's Avatar
Dok Dok is offline
dbw Pro
 
Join Date: Feb 2012
Location: QLD
Posts: 114
Thankyou jgesler, I just put the https:// in front of the url in my bookmark to fix the 'non secure' problem.
This on PC using chrome.
__________________
___________
2013 200 EXC
Reply With Quote
  #9  
Old 2 Weeks Ago
jgesler jgesler is offline
dbw Pro
 
Join Date: Aug 2005
Location: Sydney
Posts: 12
Multi Factor Authenticaiton (MFA) or 2 factor authentication (2FA) is extra protection on top of normal username and password (something that you know), which is normally a one time pin or code that you DONT know that is issued on demand.

Most websites/companies use SMS MFA via your mobile which is easiest. Some integrate with dedicated applications like google authenticator, lastpass authenticator etc

Some banks and comanies even use physical MFA/2FA keyfob or tokens (like yubikey) which can hang on your keyring, which I personally believe most secure.

SMS MFA/2FA security is good but not the most secure, as anyone could go to say telstra or optus shop and port your mobile number over to them, and oce in control of your mobile, can then go to westpac.com.au or gmai.com, click recover account and force to send me a sms to validate themselves...once in your email and banking system, they then work out all your internet online accounts and start changing password and recovery methods and start using them as you....worst I have seen was my mates sister's email, banking and facebook was hacked (got into her email via a click page asking enter credentials), and they updated alot of her facebook photos with alot of very innapropriate pictures, not cool on top of taking her money - low lifes!.

internet is fun and safe!

John
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Husaberg.org "new" site Bushmechanic Husaberg Forum 13 15-05-2014 09:43 PM
One lucky "over teh bars" and one unlucky "Ill just let this one go" Patrick ACT Ride Reports & Local Issues 7 16-08-2012 09:00 PM
"Fringe" & "Lost" TV shows Jawk Off Track Talk 5 18-09-2008 05:21 PM
who's on your "Safe List" twitchy Off Track Talk 31 28-05-2008 07:49 PM
Does the "S" in the Manual _Really_ mean "Replace" Singularo Husqvarna Forum 1 19-05-2005 01:45 PM


All times are GMT +11. The time now is 05:12 AM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2019, vBulletin Solutions, Inc.