You are not logged in.

Website Not Secure?

Applications: [GameMaster: OPEN] | [Volunteer Testers: OPEN]


This forum will be permanently shut down on Friday 13.07.2018
Please copy or save all important information from old forum before they will be deactivated
We have moved to new board. https://forum.runesofmagic.gameforge.com/Come join us.

regentego

Professional

  • "regentego" started this thread

Posts: 1,686

Location: AZ

Occupation: Manager

  • Send private message

1

Saturday, August 25th 2012, 5:32am

Website Not Secure?

I was reading EU forums and learned that the RoM website is not secure. However an FM stated the payment section is encrypted. But everytime we log in we are putting our login info on an unsecured site?

I really hope this isn't the case. If it is I won't buy diamonds till this is corrected. Essentially all of our account names and passwords can be obtained easily. Anyone who knows more about this then I do I would appreciate some insight.

gigilomann

XxXGigilomannXxX

Posts: 2,213

Location: The one and only, Ohio.

Occupation: I Do Work

Mood: Love

  • Send private message

2

Saturday, August 25th 2012, 6:05am

Wouldn't surprise me any, prolyl where the hackers before got their info.
For you to live or die is in my hands, In Gigi we trust.

-"Retired as one of the best, Will always be remembered for KT, RT->RT Dia, and GCH"- -Palenque- -XxXGigilomannXxX- -P/K/S-

regentego

Professional

  • "regentego" started this thread

Posts: 1,686

Location: AZ

Occupation: Manager

  • Send private message

3

Saturday, August 25th 2012, 6:16am

For anyone interested in reading this they posted the code showing the website is completely open

https://forum.runesofmagic.com/showthread.php?t=483784

GarySandstorm

Professional

Posts: 656

Location: Cape Town: South Africa

Occupation: Engineering Technician

  • Send private message

4

Saturday, August 25th 2012, 11:52am

Very interesting indeed. Will definitely refrain from using that now >.>

shopguy

Intermediate

Posts: 345

  • Send private message

5

Saturday, August 25th 2012, 6:26pm

Yes, it is a dumb thing if true (didn't test it myself), and something they should fix ASAP. However, to keep this in prospective, it should not be an issue for most people. As long as you are not on a public network, or using your neighbors wi-fi, it would be very dificult for someone to see your traffic -- and they would have to be specifically targetting you. So, for example, even at a Starbucks wi-fi spot, I doubt the network admins are targetting you to get your account info.

It is still very bad though, and yes they really really need to fix this ASAP.

regentego

Professional

  • "regentego" started this thread

Posts: 1,686

Location: AZ

Occupation: Manager

  • Send private message

6

Saturday, August 25th 2012, 8:25pm

Quoted from "shopguy;566523"

Yes, it is a dumb thing if true (didn't test it myself), and something they should fix ASAP. However, to keep this in prospective, it should not be an issue for most people. As long as you are not on a public network, or using your neighbors wi-fi, it would be very dificult for someone to see your traffic -- and they would have to be specifically targetting you. So, for example, even at a Starbucks wi-fi spot, I doubt the network admins are targetting you to get your account info.

It is still very bad though, and yes they really really need to fix this ASAP.


Honestly the PS3 and Sony secure site getting hacked made me weary, RoMs website is unsecured, all is takes is one banned person with too much knowledge to get our info.

gstnet

Trainee

Posts: 148

  • Send private message

7

Saturday, August 25th 2012, 9:59pm

Quoted from "regentego;566543"

Honestly the PS3 and Sony secure site getting hacked made me weary, RoMs website is unsecured, all is takes is one banned person with too much knowledge to get our info.


The word "unsecured" is really just marketing ploy propagated by VeriSign and other SSL merchants. Even properly setup public WiFi spot is not that unsafe any more even if you do NOT use SSL connection (the problem with public WiFi is that you cannot know who is controlling the actual device). SSL connection does have it's benefits but unless someone very close to you targets you specifically, or someone takes over DNS for this domain, those benefits do not come into play here.

Bakken

Professional

Posts: 710

Location: Canada

  • Send private message

8

Saturday, August 25th 2012, 10:07pm

dude thats just lame

a lot of the people who were hacked were inactive though, could just be coincidence.


CharlieBananas

AGGROPIT

Posts: 779

Location: USA

Occupation: Student

  • Send private message

9

Saturday, August 25th 2012, 10:17pm

To be fair, is any site really "secure" nowadays?

MEGAKICK

Trainee

Posts: 160

Location: Ontario, Canada

  • Send private message

10

Saturday, August 25th 2012, 10:59pm

Quoted from "regentego;566543"

Honestly the PS3 and Sony secure site getting hacked made me weary, RoMs website is unsecured, all is takes is one banned person with too much knowledge to get our info.


You'd be surprised at how easy it actually is... with the right know-how that is :p
And then Keanu Reeves walks in, and he's all like 'Whoa', and we're all like 'Whoa, it's Keanu Reeves!'
Xdrchris - 52/44 R/K - Breakteam (retired)
Easternpray - 63/60 M/D - Alliance
Zanar - 67/62/67 R/K/S - <3 noto

"I didn't even know Kim Jong was Il!"