Page 1 of 8 123 ... LastLast
Results 1 to 10 of 72

Thread: TechJamaica is unsafe to a degree

  1. #1
    Join Date
    Feb 2015
    Posts
    23
    Rep Power
    0

    Default TechJamaica is unsafe to a degree

    So im doing some testing and i think, i just joined this forum and though i have a unique password, is it safe to login here?

    Seems that this website passes username in plaintext and encrypts the password. Now hearing that might give you a bit of comfort but it still spits out the MD5 hash for the password. What does this mean?

    This means that if someone else in the world had their password cracked and your password is the same as theirs, then anyone snooping on your network or anyone that hacks this website will still be able to figure out your password by simply copy and pasting the hash and searching a trove of cracked passwords.

    The main points are to use unique passwords for sites like this because forum software is always being targeted and exploited. The owners of this site should certainly take our security more serious by encrypting the traffic. Its not that hard at all. In fact you dont need any technical skills to SSL this site.

    ShopinJA.com is also transmitting their usernames in plaintext and encrypting password but producing the hash in plaintext. Google can now see these security problems and will make your site harder for people to find because of the problem.

  2. #2
    Join Date
    Apr 2004
    Posts
    11,129
    Rep Power
    31

    Default

    Any website or content management system is open to hacks... none or hack proof.
    Some are more secure than some, but will always be open open to attacks.

    Read below as it relates to SMF..........

    All passwords in SMF 1.0 are stored with a salted MD5 and 1.1 uses a salted SHA1, which is much more secure. With both the passwords are pretty safe (with the SHA1 on the newer versions being much more so).

    From an attackers point of view: compromising the contents of the password tables are a waste of time, there are many other far easier ways to attack a complex PHP script like SMF (or any other forum script for that matter). Back in the day when MD5 was used unsalted you could precomp a common wordlist and attack the ciphered passes that way, but salting it makes that approach effectively useless. Even then it was INCREDIBLY time consuming.
    ---
    Stay Connected,..

    FaceBook | Twitter | Instagram

  3. #3
    Join Date
    Jul 2007
    Posts
    16,974
    Rep Power
    33

    Default

    Quote Originally Posted by GPRS Internet View Post
    Any website or content management system is open to hacks... none or hack proof.
    Some are more secure than some, but will always be open open to attacks.

    Read below as it relates to SMF..........
    I dont think he is saying that stuff arent open to hacks. He is just saying Techja seems easier.

    Also is this site using smf? Seems like PhpBB to me.

    Why do forums need high security though? No transaction happens here.
    SLAPPA Phenom II AM3 Overclocking Essentials
    I HAVE HIGHEST OC ON TECHJA 4.2ghz
    4890oc beats gtx 285
    PS3 FAILCAKE
    ps3 only advantage is bluray
    4890 oc roundup
    http://miniprofile.xfire.com/bg/sh/type/0/skugpezz.png
    Mi know dem fear mi!!!!! Gigabyte 790x ud4p
    phenom 2 955@3.8ghz 24/7 stable , 4GB ddr3 1333@1.5ghz ,3850 256MB (temp card) (4890 soon),700 watt dual rail psu, (overclocking rules) my avatar represents my personality

  4. #4
    Join Date
    Apr 2004
    Posts
    11,129
    Rep Power
    31

    Default

    Was referring to what my site uses as he mentioned it...

    Yea.. based on contents here a hack would be useless or for practice..

  5. #5
    Join Date
    Feb 2015
    Posts
    23
    Rep Power
    0

    Default

    Quote Originally Posted by GPRS Internet View Post
    Any website or content management system is open to hacks... none or hack proof.
    Some are more secure than some, but will always be open open to attacks.

    Read below as it relates to SMF..........
    So your basically making excuses for your website?

    Im not attacking your site, im just stating facts. ShopinJA.com has no real security whatsoever besides the simple protection that comes with SMF software. If you care about your users you should provide extra levels of security.

    Maybe you should do a vulnerability scan on your site to see how vulnerable it is. Passwords like i mentioned are important but guess what, attackers can do much worse than steal logins. They can use known exploits in SMF software to infect all your users. Then it goes beyond your website where now users are having their facebook account and bank accounts taken over because they were infected by your site.

    Instead of arguing why dont you take all of this and improve your site. Simple, im tired of people making excuses even after its clear they are wrong. Check your website in depth and find all the vulnerabilities because there are some big ones.

    Quote Originally Posted by pezz View Post
    I dont think he is saying that stuff arent open to hacks. He is just saying Techja seems easier.

    Also is this site using smf? Seems like PhpBB to me.

    Why do forums need high security though? No transaction happens here.
    You can check software information at the bottom of the page normally.

    Powered by SMF 1.1.20 | SMF © 2011, Simple Machines
    SimplePortal 2.3.2 © 2008-2010, SimplePortal


    Its not about transactions its about follow-through. Hacker gets your hashed password and email address, cracks the hash, uses the pass to login to your email(if its the same pass) and then continues to takeover things. These things can be prevented by simply applying encryption to your site. If your site isnt a monetary base site then the hacker will move on instead of trying other much more complex methods.

  6. #6
    Join Date
    Apr 2004
    Posts
    11,129
    Rep Power
    31

    Default

    Quote Originally Posted by GeniusDragon View Post
    So your basically making excuses for your website?

    Im not attacking your site, im just stating facts. ShopinJA.com has no real security whatsoever besides the simple protection that comes with SMF software. If you care about your users you should provide extra levels of security.

    Maybe you should do a vulnerability scan on your site to see how vulnerable it is. Passwords like i mentioned are important but guess what, attackers can do much worse than steal logins. They can use known exploits in SMF software to infect all your users. Then it goes beyond your website where now users are having their facebook account and bank accounts taken over because they were infected by your site.

    Instead of arguing why dont you take all of this and improve your site. Simple, im tired of people making excuses even after its clear they are wrong. Check your website in depth and find all the vulnerabilities because there are some big ones.
    Why people always think I'm arguing lol ????
    Where in my reply you get that I'm arguing?....

    Every website will have exploits as I have mentioned..

    I can put many many features into my car or house to make it more secure, but when do you draw the line? and even so It will still be vulnerable.
    My site has never been attacked, not sure about TechJamaica, the security that comes with the Software I'm using I trust is sufficient for my needs.

    Not saying I'm waiting for my site to be hacked before I do something, but at this point in time millions of sites are using far less secure security than SMF and vBulletin so in essence we are all at the mercy of Hackers..

    In your initial post you made no suggestions as to what can be done to help patch things up.. So it gives an impression that you are not here to help, but to point fingers..
    Last edited by GPRS Internet; Feb 18, 2015 at 04:42 PM.
    ---
    Stay Connected,..

    FaceBook | Twitter | Instagram

  7. #7
    Join Date
    Jul 2007
    Posts
    16,974
    Rep Power
    33

    Default

    Quote Originally Posted by GeniusDragon View Post
    So your basically making excuses for your website?

    Im not attacking your site, im just stating facts. ShopinJA.com has no real security whatsoever besides the simple protection that comes with SMF software. If you care about your users you should provide extra levels of security.

    Maybe you should do a vulnerability scan on your site to see how vulnerable it is. Passwords like i mentioned are important but guess what, attackers can do much worse than steal logins. They can use known exploits in SMF software to infect all your users. Then it goes beyond your website where now users are having their facebook account and bank accounts taken over because they were infected by your site.

    Instead of arguing why dont you take all of this and improve your site. Simple, im tired of people making excuses even after its clear they are wrong. Check your website in depth and find all the vulnerabilities because there are some big ones.
    Ahh i see

    Quote Originally Posted by GPRS Internet View Post
    Why people always think I'm arguing lol ????
    Where in my reply you get that I'm arguing?....
    LOL....

    Well you definitely are good at making excuses.
    SLAPPA Phenom II AM3 Overclocking Essentials
    I HAVE HIGHEST OC ON TECHJA 4.2ghz
    4890oc beats gtx 285
    PS3 FAILCAKE
    ps3 only advantage is bluray
    4890 oc roundup
    http://miniprofile.xfire.com/bg/sh/type/0/skugpezz.png
    Mi know dem fear mi!!!!! Gigabyte 790x ud4p
    phenom 2 955@3.8ghz 24/7 stable , 4GB ddr3 1333@1.5ghz ,3850 256MB (temp card) (4890 soon),700 watt dual rail psu, (overclocking rules) my avatar represents my personality

  8. #8
    Join Date
    Feb 2015
    Posts
    23
    Rep Power
    0

    Default

    Quote Originally Posted by GPRS Internet View Post
    Why people always think I'm arguing lol ????
    Where in my reply you get that I'm arguing?....

    Every website will have exploits as I have mentioned..

    I can put many many features into my car or house to make it more secure, but when do you draw the line? and even so It will still be vulnerable.
    My site has never been attacked, not sure about TechJamaica, the security that comes with the Software I'm using I trust is sufficient for my needs.

    Not saying I'm waiting for my site to be hacked before I do something, but at this point in time millions of sites are using far less secure security than SMF and vBulletin so in essence we are all at the mercy of Hackers..

    In you initial post you made no suggestions as to what can be done to help patch things up.. So it gives an impression that you are not here to help, but to point fingers..
    What version is the SMF software that your running compared to the latest version that includes patches for vulnerabilities?

    You have SMF 1.1.20

    Latest version is SMF 2.0.9

    I made you aware of the situation. Its not my job to tell you how to fix your own stuff. Your a grown man, i assume, so why are you saying, "In you initial post you made no suggestions as to what can be done to help patch things up.. So it gives an impression that you are not here to help, but to point fingers.."

    Your deflecting the issue instead of simply ASKING what can you do if your not tech savy. All it would take is simple questions instead of sarcastic undertones in your responses.

    You have ads on the site that's your making money from and your asking people to advertise on it when its way out of date. I believe this place to be a place of solution and if people are ALWAYS finding a problem with your communication abilities, maybe you should fix that too.

    If you dont have anything constructive to add to the conversation then kindly stop responding.

  9. #9
    Join Date
    Jul 2007
    Posts
    16,974
    Rep Power
    33

    Default

    Quote Originally Posted by GeniusDragon View Post
    What version is the SMF software that your running compared to the latest version that includes patches for vulnerabilities?

    You have SMF 1.1.20

    Latest version is SMF 2.0.9

    I made you aware of the situation. Its not my job to tell you how to fix your own stuff. Your a grown man, i assume, so why are you saying, "In you initial post you made no suggestions as to what can be done to help patch things up.. So it gives an impression that you are not here to help, but to point fingers.."

    Your deflecting the issue instead of simply ASKING what can you do if your not tech savy. All it would take is simple questions instead of sarcastic undertones in your responses.

    You have ads on the site that's your making money from and your asking people to advertise on it when its way out of date. I believe this place to be a place of solution and if people are ALWAYS finding a problem with your communication abilities, maybe you should fix that too.

    If you dont have anything constructive to add to the conversation then kindly stop responding.
    I dont think he owns techjamaica though >.>
    SLAPPA Phenom II AM3 Overclocking Essentials
    I HAVE HIGHEST OC ON TECHJA 4.2ghz
    4890oc beats gtx 285
    PS3 FAILCAKE
    ps3 only advantage is bluray
    4890 oc roundup
    http://miniprofile.xfire.com/bg/sh/type/0/skugpezz.png
    Mi know dem fear mi!!!!! Gigabyte 790x ud4p
    phenom 2 955@3.8ghz 24/7 stable , 4GB ddr3 1333@1.5ghz ,3850 256MB (temp card) (4890 soon),700 watt dual rail psu, (overclocking rules) my avatar represents my personality

  10. #10
    Join Date
    Apr 2004
    Posts
    11,129
    Rep Power
    31

    Default

    This is a tech forum... if you point out a problem, if you know the solution it's in every-ones best interest for you to post info as to how to fix the problem..
    Unless my perception of a tech forum is totally wrong..

    Quote Originally Posted by pezz View Post
    LOL....

    Well you definitely are good at making excuses.
    I always look at things from all angles.. not just one angle as most people living in boxes..
    So people here always tend to have issues with things I say if It don't mesh with what they say...

    The dude made post that their are security issues here and on my site... thanks for pointing out the issues, but what are the solutions, he offered none, seems his agenda is he wants us to run to him asking for a fix (which he may then charge for lol)

    All those banks that got hacked and lost over $1 Billion did you send out a warning to them as well.. lol

    The man say me must refrain from posting if I don't have anything constructive.. OK TechJamaica police..
    I'm still waiting for you to post a solution to the problems you outlined..
    Last edited by GPRS Internet; Feb 18, 2015 at 04:52 PM.
    ---
    Stay Connected,..

    FaceBook | Twitter | Instagram

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •