Is it just me?

Sal Glesser said:
Kristi is looking into it.

sal
Click to expand...
Hi Sal,

I saw Kristi's note that SSL is being disabled. Please note that by doing this all traffic through forums is unencrypted, INCLUDING PII(personal identifiable info) and sensitive data i.e. username, email and password. You should add in your notice that until the SSL issue is fixed, the forums user should not attempt to login to their account, or perform any action that would send sensitive/personal info through the site. This is important as your company could be subjected to a lot of liabilities because this is considered a data breach.
 
While I agree that giving warning is educational and better be there, anyone sending sensitive information without SSL is doing so at own’s risk. It has been always a good health check on the security before doing so.
 
Chris "Anagarika" said:
While I agree that giving warning is educational and better be there, anyone sending sensitive information without SSL is doing so at own’s risk. It has been always a good health check on the security before doing so.
Click to expand...
A large percentage of population(maybe 99+%) doesn't even know about this though, so it's generally a good advise even if it serves to educate people more on basic security to protect their info. While not really applicable to the forums, the main www site is an ecommerce site and if they are taking credit card transaction, they need to be PCI compliant. This would be considered a breach if the same issue would happen on their ecommerce site, which some forum users may also use.
 
insta9ves said:
A large percentage of population(maybe 99+%) doesn't even know about this though, so it's generally a good advise even if it serves to educate people more on basic security to protect their info. While not really applicable to the forums, the main www site is an ecommerce site and if they are taking credit card transaction, they need to be PCI compliant. This would be considered a breach if the same issue would happen on their ecommerce site, which some forum users may also use.
Click to expand...

The main site is not affected. It seems we’re looking at it from different angles but actually we’re in agreement. ;)

jazzz said:
Can anyone get on the forum yet? I can’t. It’s been days.
Click to expand...

Yes, if you can live without SSL for time being.
 
Got into the forum site yesterday and today using Windows 7 w/Firefox.

However, when I enter my password, I do get a popup telling me that the site is NOT secure. Get a the lock w/a slash through it in the web address which confirms this. On the other hand, the main Spyderco website (where you can place an order for knives) is not so affected. I do not get a "not secure" warning and the there's a little green lock (w/o a slash) shown next to the web address for that.

So, the sites apparently operate separately even though they use the same username and password for both.
 
Last edited:
Yup. I kinda like not having the forum available for a while. I haven't been worried about missing a sprint announcement.
 
Is there a work around to see it? Using a browser that lets you view it without SSL? Or is there no traffic anyway because most people aren't able to get in?
 
Well I went to log in and password was incorrect. Tried a few variations I use - all incorrect. So I decide to say screw it and reset my password. Hit reset, yet I am not receiving an email to reset it. Nothing in the inbox, nothing in the spam folder, so I am unable to log in.
 
You must log in or register to reply here.
Back
Top