Cruisers Forum
 


Join CruisersForum Today

Reply
 
Thread Tools Rate Thread Display Modes
Old 28-11-2010, 07:58   #31
cruiser

Join Date: Oct 2007
Posts: 751
Quote:
Originally Posted by SailFastTri View Post
It seems you're raising alarms about everyone else's connection but haven't addressed legitimate questions about what's under your direct control.
Our site, like most, doesn't do enough. All purchase transactions are completely secure and that's the biggest threat for something like ActiveCaptain. That said, I'm working on putting everything under https because of these recent developments.

Of course, if users would follow the advice we've been promoting of using WPA routers or VPN tunnels, the threats would be minimized for all internet use including our site.
__________________

__________________
ActiveCaptain is offline   Reply With Quote
Old 28-11-2010, 10:33   #32
Eternal Member
 
capt_douglas's Avatar

Join Date: May 2003
Location: Ft. Lauderdale, FL
Boat: Vancouver 36 cutter????
Posts: 620
Send a message via Skype™ to capt_douglas
Interesting and informative discussion, so thanks all for the comments.

No system is completely secure, as many of you realize. Whether I do my internet business via a computer in an internet cafe, via my personal laptop ethernet to a local service, or wifi (free or WEP), there's always a risk of your data being compromised.

The best we can do is to be aware, take all precautions, and understand that we must pick and choose where to do out personal or financial business.
__________________

__________________
Capt. Douglas Abbott
USCG/MCA IV/M.I./C.I. 500-ton Oceans
capt_douglas is offline   Reply With Quote
Old 03-12-2010, 10:06   #33
cruiser

Join Date: Oct 2007
Posts: 751
Quote:
Originally Posted by ActiveCaptain View Post
Our site, like most, doesn't do enough. All purchase transactions are completely secure and that's the biggest threat for something like ActiveCaptain. That said, I'm working on putting everything under https because of these recent developments.
Geez, I'm quoting myself now...

We just finished cutting over our entire site. All transactions happen with https using our new secure and certified IP's. Any previously bookmarked URL's will automatically switch to https when they connect. Although the risk on ActiveCaptain was pretty low - I guess someone could see the lat/lot where you were looking or the articles you were reading.
__________________
ActiveCaptain is offline   Reply With Quote
Old 05-12-2010, 05:54   #34
Registered User

Join Date: Feb 2008
Posts: 2,062
Quote:
Originally Posted by ActiveCaptain View Post
Geez, I'm quoting myself now...

We just finished cutting over our entire site. All transactions happen with https using our new secure and certified IP's. Any previously bookmarked URL's will automatically switch to https when they connect. Although the risk on ActiveCaptain was pretty low - I guess someone could see the lat/lot where you were looking or the articles you were reading.
IMHO that's overkill. As you noted, is it really a concern if someone sees what lat/long you were looking at? If you just keep the user-login and e-commerce sections encrypted it would be adequate.

Also, it looks like you already do this -- but to prevent session hijacks sites should also use session cookies rather than embedding the session info in the URL.
__________________
SailFastTri is offline   Reply With Quote
Old 05-12-2010, 07:20   #35
cruiser

Join Date: Oct 2007
Posts: 751
Quote:
Originally Posted by SailFastTri View Post
IMHO that's overkill.
I don't think so. It shows that we care about our user's security. There's a new messaging system in ActiveCaptain and no one should feel like their private messages are being read because they're on an open network. We're a huge resource of reviews and many times people want their reviews separated from their email address (which we do). But now, no one sniffing the network traffic can put it together either.

In software development it's called "eating your own dog food". If I'm going to raise concerns about network security, we should be an example and try to protect our users.
__________________
ActiveCaptain is offline   Reply With Quote
Old 05-12-2010, 07:43   #36
Registered User
 
Auspicious's Avatar

Join Date: Jun 2003
Location: Chesapeake Bay
Boat: HR 40
Posts: 1,793
Send a message via Skype™ to Auspicious
Quote:
Originally Posted by ActiveCaptain View Post
In software development it's called "eating your own dog food". If I'm going to raise concerns about network security, we should be an example and try to protect our users.
I think that's the most important issue. Jeff is standing by what he is recommending for others. It's good to be consistent.
__________________
S/V Auspicious
AuspiciousWorks
Beware cut and paste sailors
Auspicious is offline   Reply With Quote
Old 05-12-2010, 09:03   #37
Registered User

Join Date: May 2008
Posts: 1,971
When I was having my offshore custom boat built, the builder submitted the deck layup schedule to an engineering firm. They reported back that it was "overkill".

Since the cost and weight difference between "acceptable" and "overkill" was negligible, the builder and I agreed that we didn't have a problem with "overkill". I thought about that a few months ago when 10ft waves were breaking onto that deck.

While ocean waves don't seem to be any more dangerous than last year, the security situation on the Internet is much worse than a few years ago and it's reasonable to assume that even worse is to come. Interesting piece in the New York Times today about the Chinese government's very successful attacks and thefts on both government and commercial sites - partly because a top Chinese government official googled himself and didn't like what he saw.

Jeff, thanks for going for "overkill".

Carl
__________________
CarlF is offline   Reply With Quote
Old 13-12-2010, 15:14   #38
Registered User
 
Islander's Avatar

Join Date: Jan 2008
Posts: 166
Hotmail now offers HTTPS connection

You can now configure Hotmail to use a fulltime https connection, i.e. not just at sign-in. This will protect your Hotmail sessions from firesheep-type intrusions.

Go to your Inbox and click on "Options" in the upper right corner, select "More options ...".

Under "Customizing Hotmail" select "Advanced privacy settings" then select "Go to HTTPS settings" and select "use HTTPS automatically".

Click the Save button. That's it.

Cheers.
__________________

__________________
Islander is offline   Reply With Quote
Reply

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Security While Away from Your Boat betachz Liveaboard's Forum 108 15-10-2010 05:31
WiFi Antenna Installation Issue Zydeco Marine Electronics 30 12-08-2010 18:13
WiFi Security nhschneider Marine Electronics 6 08-12-2009 18:43
boatyard security shellback Off Topic Forum 18 23-05-2007 11:01
WiFi security onboard? elf Marine Electronics 31 14-12-2006 09:24



Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -7. The time now is 07:18.


Google+
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Social Knowledge Networks
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.

ShowCase vBulletin Plugins by Drive Thru Online, Inc.