As of 20th of June 2014, EMC now has site wide encryption. On the Empireminecraft.com domain only. This means that browsing that logging in is now safe for users on public networks and your passwords are not exposed. If you use HTTPS everywhere (you should) you can set it to default to HTTPS by clicking the popup on the toolbar and clicking "Add site" along with Add New Rules
To a limited extent, yes - Windows XP is no longer receving updates from Microsoft, so any vunerabilites that allow viruses into the PC will no longer be patched. Having said that, as long as you have an antivirus it will be fine. The minecraft login servers have encryption, meaning there is little risk of them being attacked from a MITM attack - Although if your running a PC with Windows XP, chances are the PC is at such an age that it won't run too well.
Well, for some reason it runs really well on minecraft, that's really the only thing I use it for. I do all my other stuff on my Vista computer . And it has an antivirus. I'm currently buying new parts, for a new and better pc. (just ordered my GPU)
Just checked and luckily (But unsurprisingly) all payments and whatnot are done through Paypal, which has HTTPS enforced.
To have a heartbleed bug you need some kind of protection to break into, Empire minecraft has none of that.
What kind of sick people want to hack someones account. It disgusts me, the people who make the apps and the people who use them. What is happening to society.
This is true for any website really. It's not safe to login with anything on public networks. Even if a site has SSL login, most sites will then leave SSL mode, which then still exposes your cookies. So therefor, its not really worth adding SSL login unless you intend to stay encrypted the entire session - which is not really something necessary for EMC or most content sites.
Well, it can actually be interesting. To see how such things work and how passwords are sent et cetera. Of course you should not do bad things with it, but I think I would actually learn how to protect myself by hacking my own account.
So you are saying, just because SSL isn't all that secure it means we shouldn't use it? For a forum that has now 75k+ members, we are getting quiet popular. This means more traffic and more people who want to hack into accounts. I bet about half the people on the forums use the same forum password as there minecraft account. In actuality, they shouldn't be doing this, but that doesn't mean we don't help. Even if SSL isn't that secure, I rather be having SSL knowing that we have a little more protection than we had before rather than just nothing.
My point was that this thread was unfairly targetting EMC, where as the root issue is that public places in general are the problem. I will be installing SSL here over the weekend, but there will still be vulnerabilities in browsing on public networks. The thread should be saying 'don't login anything while on public networks', not targetting EMC. As SSL login alone is not enough. To securely use public networks, you need a VPN.
You sure that SSL is right for us? From what I have read, the two people who maintain it slack off more than the Minecraft developers. Aren't there alternatives out there that are better?
