1. Same story, different day...........year ie more of the same fiat floods the world
    Dismiss Notice
  2. There are no markets
    Dismiss Notice
  3. Week of 6/24/2017 Closing prices & Chg Over Last Wk---- Gold $1256.40 Silver $16.64 Oil $43.01 USD $96.94
  4. "Spreading the ideas of freedom loving people on matters regarding high finance, politics, constructionist Constitution, and mental masturbation of all types"
    Dismiss Notice

Using HTTPS on the GIM website?

Discussion in 'Site Activity/Suggestions' started by Crockett, Jul 6, 2017.



  1. Crockett

    Crockett Seeker

    Joined:
    Mar 31, 2010
    Messages:
    258
    Likes Received:
    340
    Trophy Points:
    63
    For consideration . . .

    I was doing a thorough annual review of my computer/internet security at home, seeing what’s new, seeing what kind of changes I should be doing for my own protection.

    IMO, for a group of people who are as security conscious as GIMers, it seems that the site should be using secure “https” (SSL public key encryption) rather than simply “http”.

    Though the website doesn’t handle sensitive information, and is not used for E-commerce, I think GIM user privacy would be enhanced as communications between our computer and the web server would be encrypted. So . . . for example if someone were to intercept the login communication, they wouldn't be able to see our login password.

    From what I have read performance should not decrease at all as GIM2 is not a site used for downloading large files.

    Con - the SSL certificate cost.

    Here are a few informative websites.
     
    <SLV> likes this.
  2. Crockett

    Crockett Seeker

    Joined:
    Mar 31, 2010
    Messages:
    258
    Likes Received:
    340
    Trophy Points:
    63
    Hmmm I see "Let’s Encrypt" is a free, automated, and open Certificate Authority.
     
    gringott likes this.
  3. Alton

    Alton Gold Member Gold Chaser

    Joined:
    Apr 1, 2010
    Messages:
    2,211
    Likes Received:
    3,344
    Trophy Points:
    113
    Location:
    Michiana
    Though it's a good idea to move to https it may worth considering what your government has done:

    WikiLeaks Releases Documents on Two CIA Projects Targeting Network Protocols - Sputnik International

    Article quote:
    "According to WikiLeaks, the BothanSpy is an implant targeting the SSH client program for Microsoft Windows platform, stealing user credentials form active SSH sessions.

    The WikiLeaks whistleblowing platform released on Thursday a new package of CIA documents from the so-called Vault 7 project, in particular the documents on two separate CIA projects aimed at stealing users' login details for remote access to a server of a website.

    "Today, July 6th 2017, WikiLeaks publishes documents from the BothanSpy and Gyrfalcon projects of the CIA. The implants described in both projects are designed to intercept and exfiltrate SSH credentials but work on different operating systems with different attack vectors," WikiLeaks said in a statement.

    SSH is a cryptographic network protocol which gives the user a secure remote access to a website's server. The SSH credentials are the login details, namely the server address, port number, the username and the password.

    According to WikiLeaks, the BothanSpy is an implant targeting the SSH client program for Microsoft Windows platform, stealing user credentials form active SSH sessions. The data is then either exfiltrated to a CIA-controlled server, or encrypted and saved for later exfiltration by other means.

    Gyrfalcon, in its turn, is an implant that targets Linux platforms and can steal the credentials, encrypting the information for later exfiltration.

    WikiLeaks released three documents that appear to be the CIA's tool documentation and user manuals for both projects as evidence.

    The whistleblowing website released the first patch from the Vault 7 project in March, with the first full part comprising 8,761 documents. The previous release, dedicated to the CIA spying geo-location malware for WiFi-enabled devices, dubbed ELSA, took place on June 28."
     
  4. the_shootist

    the_shootist The war is here on our doorstep! Midas Member Site Supporter ++

    Joined:
    May 31, 2015
    Messages:
    14,168
    Likes Received:
    13,966
    Trophy Points:
    113
    Occupation:
    Oxygen Breather
    Location:
    Somewhere out there!
    Did anyone think that anything that can be created can't be defeated? There is no such thing as totally secure internet!
     

Share This Page