PSA: Don't login to Spyderco Forum or send private info until SSL is fixed

Joined
Apr 3, 2007
Messages
2,012
Hi all,

Just a quick PSA to Spyderco and all users of their forums for the sake of protecting your private info.

I saw Kristi's note that SSL is being disabled. Please note that by doing this all traffic through forums is unencrypted, INCLUDING PII(personal identifiable info) and sensitive data i.e. username, email and password. Please don't login or update account info(i.e. address etc) until this is fixed. All your info is going thru public internet in plain text and any intermediate proxy i.e. your ISP, routers CAN SEE those info.

@spyderco/Sal/Kristi - You should add in your notice that until the SSL issue is fixed, the forums user should not attempt to login to their account, or perform any action that would send sensitive/personal info through the site. This is important as your company could be subjected to a lot of liabilities because this is considered a data breach.
 

attila.

Gold Member
Joined
Oct 7, 2012
Messages
273
What if I just try to go to the forum like normal? My browser (iPhone Safari) keeps me logged in. Does that also risk my data?

I wasn't aware of an SSL issue when I attempted to visit earlier today.

Thanks!
 
Joined
Apr 3, 2007
Messages
2,012
What if I just try to go to the forum like normal? My browser (iPhone Safari) keeps me logged in. Does that also risk my data?

I wasn't aware of an SSL issue when I attempted to visit earlier today.

Thanks!

As long as you don’t relogin, i.e. entering your username/email/pw again or submit any change to your account info like contact or address you should be fine. Those info go from your computer/mobile/client across the internet and needs to be encrypted via SSL(watch for the lock icon in the address bar or make sure the address starts with “https”).
If the site still remembers you being logged in, it’s probably because you still have a previous session with the site via your cookie and the server remembers your last state. In most cases you should be fine. Those cookie seldom contain personal info.
Btw every site is different and I haven’t dig into spyderco forums much, so im making some educated guess here.
 

MyLegsAreOk

Gold Member
Joined
Aug 31, 2017
Messages
504
Is spyderco going to fix this? I tried to just google info before I made my second thread in a row and when I clicked ANY linked it said the SSL cert wasn't valid and there was no cache.
 
Joined
Feb 18, 1999
Messages
5,963
I did notice it wasn't working on Monday. Is it fixed yet? Because I logged in yesterday and posted stuff there, and everything seems to be working normally. And I broused this morning and again, everything appears normal and people are posting.

Jim
 
Joined
Apr 27, 2003
Messages
5,738
Might pay to remember that, up until a couple years ago, sites like the Spyderco factory forum that do not process payments or otherwise need things like your real name, phone, and address, never bothered with SSL. Also, even on forums that use it, pages where users have posted photos hosted on non-SSL sites aren't fully secure.
 
Top