Heartbleed Vulnerability
#1
Drifting
Thread Starter
Heartbleed Vulnerability
I was checking with Norton's Heartbleed Vulnerability tool and it could not verify whether rennlist.com was safe from this vulnerability. Can you verify whether it is or not?
I think it worthwhile that you make an announced on the site's welcome page regarding this matter.
Thank you.
I think it worthwhile that you make an announced on the site's welcome page regarding this matter.
Thank you.
#4
Still plays with cars.
Lifetime Rennlist
Member
Checking .....
#5
Racer
Join Date: Aug 2009
Location: Montreal, Canada
Posts: 281
Likes: 0
Received 0 Likes
on
0 Posts
Heartbleed is a bug in SSL/TLS (used by HTTPS). Rennlist.com does not use HTTPS, so it is not affected. If you look into the URL address bar with rennlist.com, there is no padlock.
Since you are concerned about privacy... When you login rennlist.com, you use HTTP only. So your username and password are passed along, not encrypted. The viewing of your "private" messages is NOT encrypted. Same for everything on rennlist.com.
Everytime your submit/view information on a non-https site, the information is sent/received accross the network. Anybody between your browser (Internet Explorer) and the HTTP server scanning the packets can see the information in clear. Very similar as taping a telephone line.
Pierre
Since you are concerned about privacy... When you login rennlist.com, you use HTTP only. So your username and password are passed along, not encrypted. The viewing of your "private" messages is NOT encrypted. Same for everything on rennlist.com.
Everytime your submit/view information on a non-https site, the information is sent/received accross the network. Anybody between your browser (Internet Explorer) and the HTTP server scanning the packets can see the information in clear. Very similar as taping a telephone line.
Pierre
#6
IB Staff
Thanks Pierre, you beat me to the punch.
ps, long time no see, old friend!
cheers,
robb
ps, long time no see, old friend!
cheers,
robb