HTTP/HTTPS techexams

JinverarJinverar Posts: 94Member ■■□□□□□□□□
Hello group or sysadmins.

when I log into the techexams.net website I have noticed that it's a http no longer https. Any username and passwords can be sniffed from the plain text information transmitted from workstation to server. I could go into more detail here but I'm sure other people have posted and noticed this? Letsencrypt is offering free ssl certs.

Has anyone else noticed this?

Are there any posts with details on the progress the sysadmins are making to fix this?

I'm thinking of moving on due to lack of security or if I build another techexams 2.0 site would people come check it out?

J
Jinverar, TSS

Comments

  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,901Member ■■■■■■■■□□
    you plan on making the same site and just add v2.0 ? I will only come if it looks exactly the same as this current TE site icon_lol.gif
    2020 Goals:
    Courses: SpecterOps Adversary Tactics: Detection
    Certs: AZ-500 (in-progress), MS-500, Pentester Academy - PACES, Pentester Academy - CRTE, OSCP
  • IristheangelIristheangel CCIEx2 (Sec + DC), CCNP RS, CCNA V/S/R/DC, CISSP, CEH, MCSE 2003, A+/L+/N+/S+, and a lot more from m Pasadena, CAPosts: 4,123Mod Mod
    1) It was never HTTPS so you're just noticing what was always there.
    2) TE is in the middle of a huge overhaul by the new owners so you might want to sit tight and wait it out.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • tedjamestedjames Scruffy-looking nerfherdr Posts: 1,063Member ■■■■■■■□□□
    It's been noted here many times, and every time the posts were deleted. Username is in cleartext. It's pretty easy to guess those, anyway. Passwords are MD5 hashed. Wireshark showed me that...
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,501Admin Admin
    As Iristheangel said, TE is undergoing an overhaul and will soon have HTTPS/TLS capability. It is always on the member to use a strong password that would be very difficult to discover from only a salted hash.
Sign In or Register to comment.