1. Click here to enter the drawing for your chance to win an Ontario Knives Spec Plus SP8 Machete Survival Knife & Ka-Bar Dozier Folding Hunter, , Bladeforums.com swag or memberships!

    Be sure to read the rules before entering, then help us decide next week's giveaway by hitting the poll in that thread! Entries close at midnight, Saturday Sept 7!

    Once the entries close, we'll live stream the drawing on Sunday, Sept 8 at 5PM Eastern. Tune in to our YouTube channel TheRealBladeForums for a chance to win bonus prizes!

    Questions? Comments? Post in the discussion thread here

PSA: Don't login to Spyderco Forum or send private info until SSL is fixed

Discussion in 'Spyderco' started by insta9ves, May 6, 2019.

  1. insta9ves

    insta9ves

    Apr 3, 2007
    Hi all,

    Just a quick PSA to Spyderco and all users of their forums for the sake of protecting your private info.

    I saw Kristi's note that SSL is being disabled. Please note that by doing this all traffic through forums is unencrypted, INCLUDING PII(personal identifiable info) and sensitive data i.e. username, email and password. Please don't login or update account info(i.e. address etc) until this is fixed. All your info is going thru public internet in plain text and any intermediate proxy i.e. your ISP, routers CAN SEE those info.

    @spyderco/Sal/Kristi - You should add in your notice that until the SSL issue is fixed, the forums user should not attempt to login to their account, or perform any action that would send sensitive/personal info through the site. This is important as your company could be subjected to a lot of liabilities because this is considered a data breach.
     
    lieferung likes this.
  2. Dfunk1210

    Dfunk1210

    592
    Apr 7, 2015
    Yea, I noticed this yesterday when I tried to browse some info there.
     
  3. attila.

    attila. Gold Member Gold Member

    144
    Oct 7, 2012
    What if I just try to go to the forum like normal? My browser (iPhone Safari) keeps me logged in. Does that also risk my data?

    I wasn't aware of an SSL issue when I attempted to visit earlier today.

    Thanks!
     
  4. jazzz

    jazzz

    437
    Feb 1, 2009
    I hope not. I can’t even get on to log off.
     
  5. insta9ves

    insta9ves

    Apr 3, 2007
    As long as you don’t relogin, i.e. entering your username/email/pw again or submit any change to your account info like contact or address you should be fine. Those info go from your computer/mobile/client across the internet and needs to be encrypted via SSL(watch for the lock icon in the address bar or make sure the address starts with “https”).
    If the site still remembers you being logged in, it’s probably because you still have a previous session with the site via your cookie and the server remembers your last state. In most cases you should be fine. Those cookie seldom contain personal info.
    Btw every site is different and I haven’t dig into spyderco forums much, so im making some educated guess here.
     
  6. MyLegsAreOk

    MyLegsAreOk Gold Member Gold Member

    342
    Aug 31, 2017
    Is spyderco going to fix this? I tried to just google info before I made my second thread in a row and when I clicked ANY linked it said the SSL cert wasn't valid and there was no cache.
     
  7. Chris "Anagarika"

    Chris "Anagarika"

    Mar 7, 2001
    Yes.

    Kristi is working on it.
     
  8. James Y

    James Y

    Feb 18, 1999
    I did notice it wasn't working on Monday. Is it fixed yet? Because I logged in yesterday and posted stuff there, and everything seems to be working normally. And I broused this morning and again, everything appears normal and people are posting.

    Jim
     
  9. The Deacon

    The Deacon

    Apr 27, 2003
    Might pay to remember that, up until a couple years ago, sites like the Spyderco factory forum that do not process payments or otherwise need things like your real name, phone, and address, never bothered with SSL. Also, even on forums that use it, pages where users have posted photos hosted on non-SSL sites aren't fully secure.
     

Share This Page