There is no alternative to SSL, and no they dont slack off lol. more than 2 people maintain encryption
I think you may be confused a little bit - SSL login is used to encrypt the datastreams (mainly Username and password) to A. stop them being taken with a Man in the middle attack and B. to stop elements being inserted into the page to pretend to be the login page that feed back to a server. People can't do a lot with Cookies - They don't contain login information (If they do the person who programmed them should be fired and banned from ever working in IT again) and they are difficult to forge with multiple points of protection built into them. I picked up on the point you pointed out we should be using VPN's - VPNs use very similar Encryption algorithms to HTTPS AES128 or AES256 ETC (Proof https://i.imgur.com/VmdPCyb.png & https://i.imgur.com/I0IpToK.png) I am glad however you are inserting HTTPS soon on the site, will certainly make it a safer place to log in too.
The point was, if your on the same network as the user to sniff their password, you have the same IP as them. From there you can forge the UA and have same IP as user, and use their cookie, and be logged in to the website they are browsing also. From cookies alone you can gain the same level of access the user browsing the site has... About the only thing SSL login is going to help protect you from is them then resetting your password IF the site requires typing the old password - and not all do...
It is safe to play on Internet Explore now on all Windows versions even xp, Microsoft sent an update out to everyone, once you update you will no longer have that bug in the internet explorer, Just to be safe i would suggest to use any other browser like Firefox, or chrome, I use Firefox and have no problems with it,
http://www.buzzfeed.com/chrisstokelwalker/the-internet-is-being-protected-by-two-guys-named-st A few quotes. Ok, so it is mainly maintained by two people, but seven or eight active people total lol. Eight people can't find all the flaws in such a hugely used system, especially when they don't even clean it up. Why not wait for this LibreSSL to produce a better product, or wait for a competitor that has a sizable team to produce something better?
Am i sick? I hack to show companies that their security sucks. If i hack a FB account , All i do is make a post like 'Hacked by !NS!GN!A' and then log out of the account. I have never ever touched personal data and i do not intend to. I would never touch any data on the account because that is wrong.
First of all, you don't hack. Second of all, if you did hack any company, you would not have money to do anything, ever again. All of your possessions would be confiscated, and all of your accounts would be shut down.
How stupid do you think I am... I would never hack anything other than my friends' FB accounts or my Brother's laptop passwords when he forgets them. I get Facebook passwords using NMap and NETscrape to sniff cookies after I have redirected them to my laptop, by cracking the router's password and redirecting all connection data to me.
OpenSSL/LibreSSL is just the implementation of a it, but its still very stable and extremely rare something like this happens. They generally don't touch the SSL stack too much. And although its 2 maintaining/8 active contribs, tons more still can 'review' changes and catch flaws. That's how Open Source works. Plus I still would rather trust openssl over an alternative at this point. One bug like this doesnt mean the whole thing is crumbling. The fact it took this long for such a serious issue to be found says more for its hardening than it does to hurt it. Someone "rebelling" and forking it "to make it better" is going to be rougher and more chance to screw up. Don't get me wrong, I love the roughneck "get shit done" approach and believe in it strongly, but when it comes to security of this level... I'll side with the safer and stabler approach. SSL is too big of a deal to trust some unheard of untested fork.
Any updates on when this is going to arrive? It's been several weeks and still no signs of any encryption.
things liek this are why you should never recycle passwords. most of you arent old enough to remember the old bios computers but back in those days any nerd (pokes aikar) could steal your pw only way to be safe for the less inclined of us was multiple passwords. nowadays i bet half you use the same minecraft pw as your email meaning you just left open a giant data source
Where on the site is SSL activated? I can't seem to force chrome onto https on either Emc.gs, Empire.us, or Empireminecraft.com, at the home screen or login.
