Calguns.net  

Home My iTrader Join the NRA Donate to CGSSA Sponsors CGN Google Search
CA Semiauto Ban(AW)ID Flowchart CA Handgun Ban ID Flowchart CA Shotgun Ban ID Flowchart
Go Back   Calguns.net > CALGUNS.NET > Announcements and Suggestions
Register FAQ Members List Calendar Mark Forums Read

Announcements and Suggestions This is a place for suggestions, news and updates about the site.

Reply
 
Thread Tools Display Modes
  #1  
Old 04-17-2017, 3:20 PM
freebug's Avatar
freebug freebug is offline
Senior Member
 
Join Date: Jun 2012
Posts: 576
iTrader: 16 / 100%
Default No HTTPS?

How come Calguns can't move to HTTPS especially for sign in and sign out? I get all sorts of browser warning that this site isn't secure (which it isn't).
__________________
- 80% AR Fan
- 300BLK all the way
Reply With Quote
  #2  
Old 04-17-2017, 3:59 PM
SkyHawk's Avatar
SkyHawk SkyHawk is offline
☆☆ More Cowbell ☆☆
CGN Contributor
 
Join Date: Sep 2012
Location: Overhead Orbit
Posts: 8,122
iTrader: 114 / 100%
Default

They have a CA signed cert.

Bookmark this - always use it to start your session.
https://www.calguns.net/calgunforum/index.php

Be advised that youtube embeds wont work on some browsers if you are using calguns via SSL.
__________________
.



"Texans always move them!"
General Robert E. Lee, May 6, 1864 - Battle of the Wilderness
Reply With Quote
  #3  
Old 04-18-2017, 9:25 AM
Picturepro's Avatar
Picturepro Picturepro is offline
Member
 
Join Date: Feb 2014
Location: South OC
Posts: 447
iTrader: 7 / 100%
Default

why would you want or not want the https?

I have both open and do not see a difference
Reply With Quote
  #4  
Old 04-18-2017, 9:31 AM
SkyHawk's Avatar
SkyHawk SkyHawk is offline
☆☆ More Cowbell ☆☆
CGN Contributor
 
Join Date: Sep 2012
Location: Overhead Orbit
Posts: 8,122
iTrader: 114 / 100%
Default

Quote:
Originally Posted by Picturepro View Post
why would you want or not want the https?

I have both open and do not see a difference
IMO, no good reason to use https here unless you are conspiring to commit crimes via PM or sharing credit card or banking info via Pm, or you reuse your calguns password on your online banks accounts.

Everything you post here other than PM is public, and hackers dont get passwords very often from packet sniffing. They use keystroke loggers or they go for unsalted password databases. A browser is never going to warn you of a real hack on your information. Transport encryption is sort of low on the totem pole when it comes to security, and it's importance is over-hyped.

The bigger question is, is your info encrypted at rest here (almost certainly not, save for your pwd which may or may not be properly salted). It is far easier to attack a stationary target than one in transport, and you have no control over how your info is stored at the far end nor any knowledge. And so many people have keystroke loggers and screen scrapers on their own machines but have no idea.

A browser SSL warning or non-warning is a shiny penny; just because you see a green url bar tells you very, very little about your security on that site.

But if you have more tinfoil than you know what to do with, fold up a hat and use the https calguns, and tell yourself you are smart and secure. Repeat regularly while staring into a mirror...

__________________
.



"Texans always move them!"
General Robert E. Lee, May 6, 1864 - Battle of the Wilderness

Last edited by SkyHawk; 04-18-2017 at 9:41 AM..
Reply With Quote
  #5  
Old 04-18-2017, 9:41 AM
bool1tholz bool1tholz is offline
Member
 
Join Date: Oct 2013
Posts: 347
iTrader: 5 / 100%
Default

If you use public WiFi https can help reduce the amount of some vectors of attack from less skilled attackers.

For example... Not using https may make you more vulnerable to "side jacking" where someone steals the cookies in your request and replays it to impersonate you.
Reply With Quote
  #6  
Old 04-18-2017, 9:46 AM
SkyHawk's Avatar
SkyHawk SkyHawk is offline
☆☆ More Cowbell ☆☆
CGN Contributor
 
Join Date: Sep 2012
Location: Overhead Orbit
Posts: 8,122
iTrader: 114 / 100%
Default

Quote:
Originally Posted by bool1tholz View Post
If you use public WiFi https can help reduce the amount of some vectors of attack from less skilled attackers.

For example... Not using https may make you more vulnerable to "side jacking" where someone steals the cookies in your request and replays it to impersonate you.
The only problem with using public wi-fi is most folks have no idea if they are connecting to a hackers wi-fi, in which case SSL will not always help you. You do know there are proxies that can decrypt/recrypt SSL while sitting in the middle? And unless you know exactly what to do when presented with a certificate warning (most people do not), then it is not so helpful. And the hacker will try and get you to install his cert on the 'welcome to public wi-fi' redirect page when you connect.

https://www.websense.com/content/sup...sl_enable.aspx
Quote:
When you enable SSL decryption for your end users, SSL-encrypted traffic is decrypted, inspected, and then re-encrypted before it is sent to its destination.
I guess there are people still using Firesheep to grab un-encrypted cookies but sophisticated hackers have moved on to man in the middle decrypt/recrypt.

Yes Public wi-fi is ripe for shenanigans, but it starts with you connecting to public wi-fi. Once you are a client on a hackers network all bets are off. The best play on public wifi is to be very wary, expect that you are transmitting in the clear and act accordingly.

I never, ever connect my laptop to public wifi. I will occasionally connect IPad to pub wifi, but not typically because I carry my own cellular hotspot.
__________________
.



"Texans always move them!"
General Robert E. Lee, May 6, 1864 - Battle of the Wilderness

Last edited by SkyHawk; 04-18-2017 at 10:02 AM..
Reply With Quote
  #7  
Old 04-18-2017, 10:06 AM
bool1tholz bool1tholz is offline
Member
 
Join Date: Oct 2013
Posts: 347
iTrader: 5 / 100%
Default

I don't disagree that you are open to MITM attacks anytime using public WiFi. That's why I used weasel words like "may" and mentioned that applied to less skilled attackers.
Yeah it takes next to no skill to impersonate a public WiFi hotspot.
I was just pointing out there is some possible value to using https.

Quote:
Originally Posted by SkyHawk View Post
The only problem with using public wi-fi is you have no idea if you are connecting to a hackers wi-fi, in which case SSL will not always help you. You do know there are proxies that can decrypt/recrypt SSL while sitting in the middle? And unless you know exactly what to do when presented with a certificate warning (most people do not), then it is not so helpful. And the hacker will try and get you to install his cert on the 'welcome to public wi-fi' redirect page when you connect.

https://www.websense.com/content/sup...sl_enable.aspx


Yes Public wi-fi is ripe for shenanigans, but it starts with you connecting to public wi-fi.
At least use a VPN when using public WiFi.

Calguns seems to use a virtualized apache server gateway in front of their server terminating the SSL before offloading to the web server. Not the best setup to handle any volume of https traffic. So without reconfiguration or throwing more money at it I don't think all the calguns users could use https simultaneously without capacity issues anyway.
Reply With Quote
  #8  
Old 04-18-2017, 10:29 AM
SkyHawk's Avatar
SkyHawk SkyHawk is offline
☆☆ More Cowbell ☆☆
CGN Contributor
 
Join Date: Sep 2012
Location: Overhead Orbit
Posts: 8,122
iTrader: 114 / 100%
Default

I agree with you, https is an absolute must on pub wifi - especially shopping or banking. Just don't trick yourself into thinking it is the end all solution, and if possible avoid those activities on pub wifi.

And in any case, even on public wifi I am not concerned about using Calguns in the clear - seriously, not at all. No more concerned than I would be logging into candycrush in the clear. If you have sensitive information stored or you are sharing sensitive info on an internet discussion forum, or re-using your Morgan Stanley password on Calguns, you're doing it wrong. Nothing will save you.
__________________
.



"Texans always move them!"
General Robert E. Lee, May 6, 1864 - Battle of the Wilderness

Last edited by SkyHawk; 04-18-2017 at 10:33 AM..
Reply With Quote
  #9  
Old 04-18-2017, 10:32 AM
Picturepro's Avatar
Picturepro Picturepro is offline
Member
 
Join Date: Feb 2014
Location: South OC
Posts: 447
iTrader: 7 / 100%
Default

awesome thanks guy
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -8. The time now is 12:10 PM.




Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Proudly hosted by GeoVario the Premier 2A host.
Calguns.net, the 'Calguns' name and all associated variants and logos are ® Trademark and © Copyright 2002-2016, Calguns.net an Incorporated Company All Rights Reserved.