Fake news. Now what other great tech advice do you have for the boss?

And get this - your information, on this or any other wesbsite, is far more likely to be compromised via an attack against the AT REST data, not the IN TRANSIT data. So I’d be more worried about the platform than the SSL cert. What is the OS and version, the website software and version, is it patched, is it firewalled.

Your private messages, passwords etc are more likely to be stolen in a database theft after exploiting the website software or server OS, or the computer of someone who has access to the server. There are thousands of examples. Yahoo, LinkedIn, Equifax, Target - we could do this all day.

Lastly, this is a public forum - what you post here is public. And if you are reusing your password here on other sites, nothing will help you - certainly not a SSL cert.

But if you must - here is a real tech tip for you: make sure HTTPS is always in your URL bar.

However, I would agree with OP that it's criminal that there is no default or forced redirect to HTTPS, especially now that Youtube video links now seem to work when on HTTPS.

This site is hosted on a legacy version of PHP and an end-of-life version of vBulletin released in 2005, and not even the latest in its version history. There are probably at least 100 critical exploits that exist in these two versions of software that makes your data vulnerable.

I would advise you share as little personal information as possible, OP.

Just checking, you mean to physically add HTTPS to the existing Calguns URL?
I did that but as soon as I tried to reply to this thread, the URL dropped the HTTPS.

Yes someone can view all your posts by clicking your profile and Find All Posts by

Of course what you post is not particularly private, but passwords and PMs should be relatively so, such that it would take a warrant to be obtained, otherwise stay unable to be accessed in the best case.

Passwords are at least hashed once before being sent over the internet from your browser. It's a static MD5 hash, IIRC, and not based on a seed or nonce, so could be brute-forced with a lookup table. MD5 is not terribly secure anymore.

PMs would be more concerning, and if there is a SQL injection attack vector, all passwords (hashed) could be retrieved and potentially all PM content as well. Always good to clean out the old messages after 30 days or so. Remember, too, if you have email notification for PMs enabled, the system is copying the PM in plaintext over email as well.

The most concerning leak is what posts you view, as metadata for incriminating behavior, should someone care to surveil you. If it's police or a TLA anyway, either a warrant to get the post view history from the DB, or a TLA dropping a Spectre/Meltdown exploit in a VM on the same physical server would allow them to capture DB commits in real time.

You're pretty much screwed if you try to post anything illegal, so adhere to the golden rule of the internet: don't post anything that you wouldn't want public anyway.

There's no such thing as a "secure" website.

OMG the Russians could hack us and find out Californian's own more guns then the Russian Army.

Not sure about replies / posts in public forums, where you are about to post in public anyway. But when replying to private messages you can use https and it will not redirect to http.

Anyhow, you can also add the HTTPS Everywhere add-in to Chrome, and make a rule for calguns.net to always change every url to https, and it will perhaps work in those portions of the site you are most worried about. Worth a look:

Thanks for that info SkyHawk

HTTPS doesn't work for me on this site, never has, I use OSX, Windows, and Linux, and all 3 of the major browsers none of them stay HTTPS they revert to HTTP and there is no cert.

I also use HTTPS everywhere extension, it still doesn't work.

Don't really care as I wasn't planning on posting anything I wouldn't say out loud.

But I was told if I have nothing to hide, let the cops search all they want...

Is password1234 a good one?

Who cares? The FBI has already traced each and every one of you subversives right back to your house and keyboard. I'm not afraid of anything or anybody except my government.