When will ‘not secure’ retrobike site be made secure?

mk one":dg58dxin said:
Some strange comments.

I doubt very much any passwords are stored in plain text, even if they were to then find that persons bank, their account name and number, then to hack a banks site is certainly imaginative. Banks offer customer support due to security breaches anyway.

To add another point, encrypted passwords are usually fairly easy to decrypt, so it is more about gaining access to the password file than how easy it is to read once there.
Scenario 1
1. Assume your RB password and email, bank etc passwords are the same or similar.
2. I get your RB password.
3. Now I know your email. That alone opens up Pandora's box.
4. From your email I know your bank, contacts, etc.
5. "Oh hey honey, it's me, mk one. Bank says our account has been hacked. You need to change the password here at fake_website.com."

Scenario 2
1. Assume admin's login is http as well. Assume passwords are stored in plain text in database.
2. I get admin's password.
3. Now I have everyone's passwords, emails.

Sensitive data exposure (which includes plain text passwords) is number three in Top 10 Web Application Security Risks
https://owasp.org/www-project-top-ten/O ... a_Exposure
 
I meant strange that no admin have commented in this thread about the questions raised here
 
Re:

If anyone is reusing passwords they are fully to blame for any fallout that occurs. This is just a public forum about old bikes... if you have sensitive information, don't post it on a forum about old bikes!
 
Re: Re:

al-onestare":cfu4pcrv said:
Anyone checked if the copyright has expired?
The copyright has not expired. Generally speaking, publisher's copyright lasts for twenty-five years after the date of publication. Author's copyright lasts for their lifetime plus a further 75 years after their death.
 
Back
Top