HTTP/HTTPS techexams

JinverarJinverar Member Posts: 95 ■■■□□□□□□□
Hello group or sysadmins.

when I log into the techexams.net website I have noticed that it's a http no longer https. Any username and passwords can be sniffed from the plain text information transmitted from workstation to server. I could go into more detail here but I'm sure other people have posted and noticed this? Letsencrypt is offering free ssl certs.

Has anyone else noticed this?

Are there any posts with details on the progress the sysadmins are making to fix this?

I'm thinking of moving on due to lack of security or if I build another techexams 2.0 site would people come check it out?

J
Jinverar, TSS

Comments

  • chrisonechrisone Senior Member Member Posts: 2,070 ■■■■■■■■■□
    you plan on making the same site and just add v2.0 ? I will only come if it looks exactly the same as this current TE site icon_lol.gif
    Certs: CISSP, OSCP, CRTP, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), BlackHills InfoSec: Breaching the Cloud (completed), eLearnSecurity: WAPTv3 (completed), eLearnSecurity: IHRP (completed), eLearnSecurity: THPv2 (in-progress)
    Certs: VHL: Advanced+ (completed), OSCP (completed), AZ-500 (failed 1st attempt), eLearnSecurity: eWPT (failed 2x, no further attempts), eLearnSecurity: eCIR (complete), eLearnSecurity: eCHTPv2
  • IristheangelIristheangel CCIEx2 (Sec + DC), CCNP RS, CCNA V/S/R/DC, CISSP, CEH, MCSE 2003, A+/L+/N+/S+, and a lot more from m Pasadena, CAMod Posts: 4,133 Mod
    1) It was never HTTPS so you're just noticing what was always there.
    2) TE is in the middle of a huge overhaul by the new owners so you might want to sit tight and wait it out.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • tedjamestedjames Scruffy-looking nerfherdr Member Posts: 1,159 ■■■■■■■■□□
    It's been noted here many times, and every time the posts were deleted. Username is in cleartext. It's pretty easy to guess those, anyway. Passwords are MD5 hashed. Wireshark showed me that...
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,767 Admin
    As Iristheangel said, TE is undergoing an overhaul and will soon have HTTPS/TLS capability. It is always on the member to use a strong password that would be very difficult to discover from only a salted hash.
Sign In or Register to comment.