Data Breach?

[Greg]

anyone else receiving warnings from chrome when signing in stating that there was a data breach here?

[Stinger]

Nope

[Greg]

Roger,
Open this site in Firefox or Chrome. Both browsers have explicit warnings in the address bar, this site is running without encryption. It's woefully behind the curve. I mentioned this to Admin a year ago and my concerns were brushed aside. Clearly it is an issue so at that time I dedicated the password I use here to only be used here. Just giving a heads-up to others.

[Ray916MN]

Greg,

There is nothing worth encrypting on the site. The only personal information required on the site is your email address. You don't even have to provide your real name. There is no financial information, no birthdate, no phone number, no credit card, no social security number, no home address. You can find much more personal information on the Internet doing a Google Search on your name. You don't have a clue on what SSL (encryption) is used for on the Internet. Running SSL would cost about $300 a year for the site.

Be specific. What security risk is it that you're worried about that implementing SSL will address? The "warning" just indicates the site isn't  using SSL and doesn't have an SSL certificate. There are millions of sites on the Internet which run without SSL, because they contain no significant user data and do no transactions which are necessary to protect with SSL.

Using this site is less of a security risk than driving your car down a public road. Using your license plate anyone can find out where the registered owner lives. It is public information. Using your email address from this site no one can figure out where you live unless you posted your email address and home address publicly somewhere or you posted it privately and someone you shared it with privately, shares it publicly or the place you posted both pieces of information is breached. As your home address is not required to do anything on this site, if you share it on the site and someone you don't want to get it, gets it, that's your fault, not the site's fault. Given how easy it is to get an account on the site and how little personal information is on the site, how much sense does it make to worry about the site being hacked? Unlike your car where you have to give your personal information to register, you don't have to do this on this site. You're worried about risk on this site? Cover the license plate on your vehicles first. It will do much more to protect your personal information than SSL will do on this site.

[Greg]

I disagree with your analysis and comparisons. The storage of the passwords is what is a safety risk. If a person uses a password here that they also use at Chase or TCF, and the password is here is hacked, then that person is at risk.  As I mentioned in my previous post, that is my concern and why I have a site specific password I use for only this site. I wanted to bring this to the attention of others. Secondly,  regarding cost. Kudos to you for running this site. As you know, I have offered to contribute to that in the past,  which you declined.

[Ray916MN]

I disagree with your analysis and comparisons. The storage of the passwords is what is a safety risk. If a person uses a password here that they also use at Chase or TCF, and the password is here is hacked, then that person is at risk.  As I mentioned in my previous post, that is my concern and why I have a site specific password I use for only this site. I wanted to bring this to the attention of others. Secondly,  regarding cost. Kudos to you for running this site. As you know, I have offered to contribute to that in the past,  which you declined.

Find me a security expert that recommends that people use the same password at all the sites they use. Kudos for you for following the universal recommendation of Internet security experts to use different passwords for different sites, regardless of whether the sites use SSL or not, and bringing this recommended security practice to the attention of members of the forum.

Your concern amounts to, implement SSL so you can practice an unsafe computing practice with less risk. My position is just take personal  responsibility for practicing safe computing and don't try to get others to make up for your personal choices.