Jump to content
 

RMweb not safe?

jburgt
 Share

Recommended Posts

royaloak

royaloak

Posted
Posted

Too flippin' right RMweb isn't safe!! :mad:

 

You can end up wasting hours on here, & there's all sorts of dangerous inspiration, too!! :nono: :shout:

 

:jester:

I dont mind wasting time on here but its the damage it does to my wallet, especially that bloomin 'bargain hunters'thread!  :laugh:

  • Like 1
Link to post
Share on other sites
Guy Rixon

Guy Rixon

Posted
Posted

It already has HTTPS support. You can change the protocol from http to https in the browser's address-bar. What it lacks is a proper certificate of identity for the server(s). Currently, RMWeb uses a self-signed certificate, so you browser quite rightly says that this is not secure. It's insecure in the sense that you have no assurance that the site to which you send your password is really RMWeb.

 

RMWeb should have HTTPS for the log-in pages, to protect the passwords (it may force browsers onto HTTPS for these pages; I haven't checked). It should have a proper certificate to confirm its identity. However, having self-signed HTTPS protecting the passwords is better than not HTTPS at all.

Link to post
Share on other sites
Alien

Alien

Posted
Posted

Too flippin' right RMweb isn't safe!! :mad:

 

You can end up wasting hours on here, & there's all sorts of dangerous inspiration, too!! :nono: :shout:

 

:jester:

 

Certainly not safe. There I was, just reading about unifrogs...............then I found myself whisked away to a secure location and was unable to escape hours [until my credit card finally melted].

 

Its hell being held in Jails.........................or was it Rails.............. :O 

Link to post
Share on other sites
jburgt

jburgt

Posted
  • Author
Posted

I thought this was a decent discussion. I got a message on my browser to contact the webmaster when I visited the RMweb. Not save as my provider said. So why the moderator deleted some of my posts, instead of given me a proper reaction? Or wrote I in the wrong thread?

Link to post
Share on other sites
  • RMweb Gold
Oldddudders

Oldddudders

Posted
  • RMweb Gold
Posted

My iPad and iMac don't register any discomfort about RMweb. I never use my iPhone for Internet stuff as it is impossible to enjoy reading it.

 

A majority of my incoming emails are not considered by Outlook to be from safe senders - because they don't comply with some US standard. Yawn. 

Link to post
Share on other sites
  • RMweb Gold
chris p bacon

chris p bacon

Posted
  • RMweb Gold
Posted

I thought this was a decent discussion. I got a message on my browser to contact the webmaster when I visited the RMweb. Not save as my provider said. So why the moderator deleted some of my posts, instead of given me a proper reaction? Or wrote I in the wrong thread?

 

 

The iPhone/Android posts have been deleted, nothing that matters.

 

I access on an iMac at home and an iPhone 6 and don't get a warning, I don't log in with the phone but just browse with a cuppa at work.

Link to post
Share on other sites
  • RMweb Gold
Oldddudders

Oldddudders

Posted
  • RMweb Gold
Posted

OK, I asked the posters in question to stay on topic. But you also deleted my question about a HTTPS-website. One of the ideas of my Provider.

 

So, since as we have identified most of us - almost all of us? - don't have any sort of security issue with RMweb, why would Andy Y be bothered about some additional gismo? We all - well almost all, presumably - have a firewall, so any nasties that an unsafe website tries to import will be zapped before they land. What is this all about? I have been with RMweb nealy 10 years, and no nonsense has ever landed here. We don't register card details, home addresses, bank a/c details. Where's the risk?

  • Like 1
Link to post
Share on other sites
Andy Y

Andy Y

Posted
Posted

Given that RMWeb holds some information on its members, how will it be affected by the new General Data Protection Regulations (GDPR) which come into effect in May?

It will be fully compliant. It will be clear what information is held, as it is is now - the login name you chose on registration, your email address, the IP address posts are made from, passwords are encrypted and unreadable. And any topics, posts, signatures or messages you have made of course.

Link to post
Share on other sites
Guy Rixon

Guy Rixon

Posted
Posted

So, since as we have identified most of us - almost all of us? - don't have any sort of security issue with RMweb, why would Andy Y be bothered about some additional gismo? We all - well almost all, presumably - have a firewall, so any nasties that an unsafe website tries to import will be zapped before they land. What is this all about? I have been with RMweb nealy 10 years, and no nonsense has ever landed here. We don't register card details, home addresses, bank a/c details. Where's the risk?

 

Suppose that web site X has accounts with passwords but does not provided an encrypted connection for sending the passwords. Some members of the site use the same password that they use for other sites with more important content, like banks or their utility suppliers, their place of work (many people are smart enough not to do this, but many others do make the mistake). Said members log on to X on a public networks (e.g. at cafes) and their passwords are read by criminals who are scanning the traffic on those networks. The criminals then try the harvested passwords on well-known sites and get access.

 

That's the risk. It's independent of any information of value stored on RMWeb.

 

Note that I am not asserting that RMWeb lacks encryption for password exchange, just that I haven't seen how it's done.

Link to post
Share on other sites
  • RMweb Premium
phil-b259

phil-b259

Posted
  • RMweb Premium
Posted

Suppose that web site X has accounts with passwords but does not provided an encrypted connection for sending the passwords. Some members of the site use the same password that they use for other sites with more important content, like banks or their utility suppliers, their place of work (many people are smart enough not to do this, but many others do make the mistake). Said members log on to X on a public networks (e.g. at cafes) and their passwords are read by criminals who are scanning the traffic on those networks. The criminals then try the harvested passwords on well-known sites and get access.

 

That's the risk. It's independent of any information of value stored on RMWeb.

 

Note that I am not asserting that RMWeb lacks encryption for password exchange, just that I haven't seen how it's done.

 

Then don't have the same password for here as you do for your bank, etc

 

Sheesh what happened to personal responsibility? - its not as if there aren't enough reminders out there about people being proactive in protecting themselves.

 

It may sound harsh but if someone is dumb enough to use their RMweb password for other (and arguably more important sites), then gets hacked as a result - its their own stupid fault.

Link to post
Share on other sites
Guest

Guest

Posted
Posted

I have to agree with the above... if I was daft enough to use the same login for frivolous stuff like RMWeb as well as rather more serious stuff like banking, I would hold no-one responsible for my stupidity except for myself. Sadly, I suspect that today's culture of HAVING to blame someone for everything that goes wrong in your life is in effect here.

Folk need to use common sense. I have a healthy amount of that, but perhaps it needs to be taught in schools as a life skill, as it is sorely lacking elsewhere.

There. That's today's moan out of the way.

  • Like 1
Link to post
Share on other sites
jburgt

jburgt

Posted
  • Author
Posted

As said here, I use different keywords. Of course that’s much safer. My question was, is a HTTPS website version better than a HTTP website? My provider advise the first.

  • Like 1
Link to post
Share on other sites
  • RMweb Premium
phil-b259

phil-b259

Posted
  • RMweb Premium
Posted

As said here, I use different keywords. Of course that’s much safer. My question was, is a HTTPS website version better than a HTTP website? My provider advise the first.

Two thoughts on this.

 

Firstly internet providers / browser software makers may simply repeating 'best practice' guildelines parrot fashion rather than actually giving any thought to the issue.

 

Secondly said organisations may take the view that given the way an increasing number of folk seem to have difficulty in staying safe online it is better to make the HTTPS recomedation anyway.

 

The bottom line is that given the nature of RMweb - and in particular the lack of information it collects (as opposed to what users my decide to upload by themselves and for which they remain liable as it were), the use of HTTPS is not necessary.

Link to post
Share on other sites
  • 3 months later...
  • RMweb Premium
Mallard60022

Mallard60022

Posted
  • RMweb Premium
Posted (edited)

I have to agree with the above... if I was daft enough to use the same login for frivolous stuff like RMWeb as well as rather more serious stuff like banking, I would hold no-one responsible for my stupidity except for myself. Sadly, I suspect that today's culture of HAVING to blame someone for everything that goes wrong in your life is in effect here.

Folk need to use common sense. I have a healthy amount of that, but perhaps it needs to be taught in schools as a life skill, as it is sorely lacking elsewhere.

There. That's today's moan out of the way.

Sorely lacking elsewhere? Why is that? Is it because people are "dumb" and "stupid" as mentioned earlier or "daft enough" as you suggest, or because they don't have the experience that you and some others have and maybe they are older and do not understand these 'problems'?

Schools already provide young people withg plenty of IT experience and that age group will be enabled with more life skills than you or me, it is more than obvious that many older folk need support, not mocking. We should not forget that many of these old folk worked to provide the level of lifestyle many of us are now lucky enough to enjoy and perhaps they need a little more respect and support rather than being termed daft!

There's my little moan done then.

Phil. Proudly an old fart.

Edited by Mallard60022
  • Like 1
Link to post
Share on other sites
Talltim

Talltim

Posted
Posted

While there should be no banking etc info on RMWeb, sometimes info hacked from various places can combine to become a security issue. For example, I'm sure more than one person has sent their address via PM to other members.

This article shows that basic info from one place can lead to gaining info from other more important places, eventually leading to real loss https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...