home News forums Reviews Trade links

Go Back   The DVC Boards at MouseOwners.com - the place to talk DVC and Walt Disney World > TECH SUPPORT > Tech Support
 Register FAQ Calendar Search Today's Posts Mark Forums Read

 Notices

Reply
 
Thread Tools Display Modes

Old 07-16-2018, 10:38 AM   #11
carolina_yankee
Administrator
 
carolina_yankee's Avatar
 
Join Date: Feb 2006
Location: New Jersey
Posts: 27,369
Default

Funny thing - Safari doesn't seem to care.

Nor does Chrome.

Dirk
__________________
carolina_yankee is offline   Reply With Quote
Old 07-16-2018, 11:14 AM   #12
all4disney
Studio
 
all4disney's Avatar
 
Join Date: Jan 2015
Location: A 3 hour flight away from WDW
Posts: 83
Default

I also don't see a high risk, but just as a data point, my version of Chrome also shows that the site connection is not secure.

Version 67.0.3396.99 (Official Build) (64-bit)

"The site isn't using a private connection. Someone might be able to see or change the information you send or get through this site...contact the site owner to ask that they secure the site and your data with HTTPS."
all4disney is offline   Reply With Quote
Old 07-16-2018, 12:36 PM   #13
administrator
Ms. Personality
 
administrator's Avatar
 
Join Date: Sep 2005
Location: ATX
Posts: 10,000,029
Default

Not to make light of this situation (but I am).... If you are worried about (completely non-financial) information or opinions that you post on a Disney fan forum, then you probably should't be contributing to a Disney fan forum. Oh nooooo: someone might steal my password and post that I actually hate Disney! Seriously, there's nothing on here worth stealing.

We have had two serious security problems here. One was caused by a virus that sometimes redirected people to a pr0n site (it was fixed as soon as it was discovered), but the second and larger one was caused by a formerly trusted administrator/douchebag who used his access to steal user data and attempt to completely wipe out the site.

Which was the bigger problem? Yep, you got it: the thieving and mentally unstable douchebag.

We have bigger issues with spam from Asia and the former Soviet bloc countries -- and RTB scams -- than we do with "unsecured site" issues. Just saying.

As an aside, you should probably be using a password program/app anyway.

And if the fact that MO is not a secure site *really* bothers you, well, there are other Disney fan sites out there, including the one belonging to said mentally-unstable douchebag. I understand his site is SSL encrypted....
administrator is offline   Reply With Quote
Old 07-16-2018, 01:53 PM   #14
unveilmyeyes
Studio
 
Join Date: Nov 2017
Posts: 77
Default

Quote:
Originally Posted by carolina_yankee View Post
Funny thing - Safari doesn't seem to care.
Dirk
iOS or Mac? When I log out on my iPhone and click the username field for logging in, the website name in Safari changes to red text and says "Website not secure".

But it really doesn't matter how our browser views the website, the fact is the website is using http protocol, and not https. Changing your browser won't help.
unveilmyeyes is offline   Reply With Quote
Old 07-16-2018, 01:54 PM   #15
unveilmyeyes
Studio
 
Join Date: Nov 2017
Posts: 77
Default

Quote:
Originally Posted by administrator View Post
And if the fact that MO is not a secure site *really* bothers you, well, there are other Disney fan sites out there, including the one belonging to said mentally-unstable douchebag. I understand his site is SSL encrypted....
Instead of wanting to fix the problem, you are daring people to leave? If it's a lack of knowledge on your part, there are probably a lot of people here willing to help you out.
unveilmyeyes is offline   Reply With Quote
Old 07-16-2018, 02:23 PM   #16
all4disney
Studio
 
all4disney's Avatar
 
Join Date: Jan 2015
Location: A 3 hour flight away from WDW
Posts: 83
Default

It's potentially only a problem if you use the same username and password for this site that you also use for, say, your gmail account. If you are using public wifi, it would be pretty easy for someone to see your login credentials when you log in to Mouseowners. They could then try that username/password combination on some popular email sites and potentially get access to your email.

I have no idea what the mentally unstable douchebag Disney site is, but I like using this site, so I will make sure my username and password here are not at all similar to my important email or financial website credentials.
all4disney is offline   Reply With Quote
Old 07-16-2018, 02:42 PM   #17
carolina_yankee
Administrator
 
carolina_yankee's Avatar
 
Join Date: Feb 2006
Location: New Jersey
Posts: 27,369
Default

Please remember that the site is run by volunteers and barely covers costs, if that. It's a use-at-will site that is perfectly safe if you practice proper internet hygiene.

Any site improvements are always going to be a balance between the owner's time/dollars and potential payback. As it is, members make far more money off of MO than the owners when you look at the Rent/Trade boards.

Dirk
__________________
carolina_yankee is offline   Reply With Quote
Old 07-16-2018, 02:48 PM   #18
administrator
Ms. Personality
 
administrator's Avatar
 
Join Date: Sep 2005
Location: ATX
Posts: 10,000,029
Default

Quote:
Originally Posted by unveilmyeyes View Post
Instead of wanting to fix the problem, you are daring people to leave? If it's a lack of knowledge on your part, there are probably a lot of people here willing to help you out.
No. I'm saying that given the nature of the site (Disney fan site with no identifying info collected other than email addresses, pws, and IP addresses), people with common sense have very little to worry about vis-a-vis "security" here.

Why don't you tell me what you would hope to achieve by enabling SSL encryption here. How will it help the site for you to send encrypted posts?
administrator is offline   Reply With Quote
Old 07-16-2018, 03:02 PM   #19
tink711
Add-on Aficionado
 
tink711's Avatar
 
Join Date: Sep 2013
Location: North Carolina
Posts: 6,366
Default

Deleted
__________________

Always dreaming of my next visit ...





tink711 is offline   Reply With Quote
Old 07-16-2018, 03:10 PM   #20
unveilmyeyes
Studio
 
Join Date: Nov 2017
Posts: 77
Default

Quote:
Originally Posted by carolina_yankee View Post
Please remember that the site is run by volunteers and barely covers costs, if that.
Dirk
Which is why I'm surprised an admin was hostile to potential offers to help. It's their decision to make, but telling us to go to a competing website (when we like it here better), rather than investigate possible solutions or even mention that it's been looked at but too expensive, etc would have come off as less harsh. I don't think these posts were meant as criticisms but as questions and offers to help.

There's a lot of reasons why all websites are moving towards https, it's not just for banking sites anymore:
https://developers.google.com/web/fu...nsit/why-https

Last edited by unveilmyeyes; 07-16-2018 at 03:23 PM.
unveilmyeyes is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 05:39 PM.

MouseOwners. "MouseOwners" is a registered servicemark. This is an unofficial fan site and is not affiliated in any way with The Walt Disney Company, the Disney Vacation Club, Disney Vacation Development, or any of their affiliates or subsidiaries. All Disney images The Walt Disney Company.
Powered by Forum Software