HTTP/HTTPS techexams
Jinverar
Member Posts: 95 ■■■□□□□□□□
Hello group or sysadmins.
when I log into the techexams.net website I have noticed that it's a http no longer https. Any username and passwords can be sniffed from the plain text information transmitted from workstation to server. I could go into more detail here but I'm sure other people have posted and noticed this? Letsencrypt is offering free ssl certs.
Has anyone else noticed this?
Are there any posts with details on the progress the sysadmins are making to fix this?
I'm thinking of moving on due to lack of security or if I build another techexams 2.0 site would people come check it out?
J
when I log into the techexams.net website I have noticed that it's a http no longer https. Any username and passwords can be sniffed from the plain text information transmitted from workstation to server. I could go into more detail here but I'm sure other people have posted and noticed this? Letsencrypt is offering free ssl certs.
Has anyone else noticed this?
Are there any posts with details on the progress the sysadmins are making to fix this?
I'm thinking of moving on due to lack of security or if I build another techexams 2.0 site would people come check it out?
J
Jinverar, TSS
Comments
-
chrisone
Member Posts: 2,278 ■■■■■■■■■□
you plan on making the same site and just add v2.0 ? I will only come if it looks exactly the same as this current TE site
Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
Iristheangel
Mod Posts: 4,133 Mod
1) It was never HTTPS so you're just noticing what was always there.
2) TE is in the middle of a huge overhaul by the new owners so you might want to sit tight and wait it out. -
tedjames
Member Posts: 1,182 ■■■■■■■■□□
It's been noted here many times, and every time the posts were deleted. Username is in cleartext. It's pretty easy to guess those, anyway. Passwords are MD5 hashed. Wireshark showed me that... -
JDMurray
Admin Posts: 13,090 Admin
As Iristheangel said, TE is undergoing an overhaul and will soon have HTTPS/TLS capability. It is always on the member to use a strong password that would be very difficult to discover from only a salted hash.