HTTP/HTTPS techexams

JinverarJinverar Member Posts: 95 ■■■□□□□□□□
Hello group or sysadmins.

when I log into the techexams.net website I have noticed that it's a http no longer https. Any username and passwords can be sniffed from the plain text information transmitted from workstation to server. I could go into more detail here but I'm sure other people have posted and noticed this? Letsencrypt is offering free ssl certs.

Has anyone else noticed this?

Are there any posts with details on the progress the sysadmins are making to fix this?

I'm thinking of moving on due to lack of security or if I build another techexams 2.0 site would people come check it out?

J
Jinverar, TSS

Comments

  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    you plan on making the same site and just add v2.0 ? I will only come if it looks exactly the same as this current TE site icon_lol.gif
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    1) It was never HTTPS so you're just noticing what was always there.
    2) TE is in the middle of a huge overhaul by the new owners so you might want to sit tight and wait it out.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • tedjamestedjames Member Posts: 1,182 ■■■■■■■■□□
    It's been noted here many times, and every time the posts were deleted. Username is in cleartext. It's pretty easy to guess those, anyway. Passwords are MD5 hashed. Wireshark showed me that...
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    As Iristheangel said, TE is undergoing an overhaul and will soon have HTTPS/TLS capability. It is always on the member to use a strong password that would be very difficult to discover from only a salted hash.
Sign In or Register to comment.