Site safety Log Out | Topics | Search
Moderators | Register | Edit Profile

Australian RR Forums » General Discussion » Site safety « Previous Next »

Author Message
Top of pagePrevious messageNext messageBottom of page Link to this message

Larry Kavanagh
Frequent User
Username: shadow_11

Post Number: 746
Registered: 05-2016
Posted on Wednesday, 23 December, 2020 - 08:18:   Edit PostDelete PostView Post/Check IP

Whenever I log into this site my laptop gives me a security warning saying that it's "not secure". Am I doing something wrong or is this the general experience among other users?
Top of pagePrevious messageNext messageBottom of page Link to this message

Jeff Martin
Experienced User
Username: jeff_r_1

Post Number: 175
Registered: 07-2018
Posted on Wednesday, 23 December, 2020 - 10:25:   Edit PostDelete PostView Post/Check IP

It depends on what OS/Browser you're running and you're malware program.
And as you know the site is old and out of date, so it may have problems as things are updated _ such as your browser.

Ironically because there are no ads or pop-ups, it's more secure then a more updated forum.

I'm running W10 and using IE, and I get "not Secure" in the address bar.
Don't worry about.
Top of pagePrevious messageNext messageBottom of page Link to this message

Larry Kavanagh
Frequent User
Username: shadow_11

Post Number: 747
Registered: 05-2016
Posted on Wednesday, 23 December, 2020 - 10:32:   Edit PostDelete PostView Post/Check IP

Thanks Jeff, I'm getting "not secure" in the address bar too. I suspected that the problem was along the lines of what you described, I'll cease being concerned so, thanks for the reassurance.
Top of pagePrevious messageNext messageBottom of page Link to this message

Geoff Wootton
Grand Master
Username: dounraey

Post Number: 2244
Registered: 05-2012
Posted on Wednesday, 23 December, 2020 - 12:06:   Edit PostDelete PostView Post/Check IP

Hi Larry

Great explanation from Jeff. I run firefox browser under W10 and do not get any warnings. Looks like IE is picking up the error.

Geoff
Top of pagePrevious messageNext messageBottom of page Link to this message

David Gore
Moderator
Username: david_gore

Post Number: 3855
Registered: 04-2003
Posted on Wednesday, 23 December, 2020 - 12:43:   Edit PostDelete PostView Post/Check IP

The reason you get a warning of this nature when logging in comes from the internet address for the forum which starts with "http" whereas more recent new addresses with enhanced security features use "https" to indicate a "secure" site however this is not a reliable guide to whether the security measures related to the internet address are regularly updated.

There are certain advantages that are associated with the use of past technology as today's "nasties" have no experience with it as it is rarely used by them and users of a forum like ours are not processing on-line activities or including critical financial details which are the main target for hackers.

As far as I am aware, the "flagging" of our website as insecure is solely reliant on the "http" address and is not the result of actual testing of website security.

.
Top of pagePrevious messageNext messageBottom of page Link to this message

Glen Poolen
Frequent User
Username: wgipps

Post Number: 262
Registered: 03-2018
Posted on Wednesday, 23 December, 2020 - 18:07:   Edit PostDelete PostView Post/Check IP

Correct David - its nothing more than the difference between the 'old' http and the new 'https'.

The biggest problem will be in the medium to longer term when the major search engines and browsers will no longer recognise/permit/allow an non https address.

Having said that, an SSL certificate which provides a https address is (from memory) about $150 per annum.
Top of pagePrevious messageNext messageBottom of page Link to this message

David Gore
Moderator
Username: david_gore

Post Number: 3856
Registered: 04-2003
Posted on Wednesday, 23 December, 2020 - 20:27:   Edit PostDelete PostView Post/Check IP

Glen,

That is a major concern for me unless there is a regular check that the website security measures are both up-to-date and functioning effectively before a certificate renewal is granted.
Top of pagePrevious messageNext messageBottom of page Link to this message

Darryl Watson
Experienced User
Username: inox

Post Number: 144
Registered: 04-2015
Posted on Wednesday, 23 December, 2020 - 23:16:   Edit PostDelete PostView Post/Check IP

Correct me if I'm wrong but shouldn't every body have stopped using Internet Explorer by now?
Top of pagePrevious messageNext messageBottom of page Link to this message

Glen Poolen
Frequent User
Username: wgipps

Post Number: 263
Registered: 03-2018
Posted on Thursday, 24 December, 2020 - 00:06:   Edit PostDelete PostView Post/Check IP

David

My understanding is its not so much about what the website does within itself.

the SSL is an exchange of a small data packet between the site and the SSL certificate offerer to ensure the site isnt playing funny buggers with people who are on it or pretending to be something else.

The SSL verifies that the data packet exchanged is correct as it is registered.

If i recall, it was as simple as buying your SSL certificate for your site from your hosting company. As an example, i just used goDaddy and they offered the certificate for an extra fee ($150 for mine from memory) paid annually as an add on to my website that they hosted.
Top of pagePrevious messageNext messageBottom of page Link to this message

David Gore
Moderator
Username: david_gore

Post Number: 3857
Registered: 04-2003
Posted on Thursday, 24 December, 2020 - 06:15:   Edit PostDelete PostView Post/Check IP

Darryl,

Internet Explorer has had a name change - it is now called Microsoft Edge and is the default browser installed with Windows 10.
Top of pagePrevious messageNext messageBottom of page Link to this message

Darryl Watson
Experienced User
Username: inox

Post Number: 145
Registered: 04-2015
Posted on Thursday, 24 December, 2020 - 18:42:   Edit PostDelete PostView Post/Check IP

Hi David,
I know that Edge is now the default broswer for Windows but I am pretty sure that it's a replacement for, and not the same, as IE.
I believe that Microsoft will class IE as "end of life" in March 2021
Regards,
Top of pagePrevious messageNext messageBottom of page Link to this message

Alan Dibley
Frequent User
Username: alsdibley

Post Number: 284
Registered: 10-2009
Posted on Monday, 18 January, 2021 - 19:41:   Edit PostDelete PostView Post/Check IP

The security of this website (or lack of it) is illustrated by an email which I recently received. The subject line was my password for this site, which would not pass any tests of quality. The sender threatened to send videos of me watching porn on my computer - taken from my camera on my PC - together with screen-shots of the porn. He claims to have hacked my list of contacts too, and suggests that he could send the "nasties" to eight of my contacts as a lesson. He wants me to send a bunch of BitCoin to a scrambled address as a surety against publication.

This fails to impress me for more than one reason, the second of which is that I don't have a camera on my PC (why would I have one?).

So yes, the site is not secure, but anything that anyone could want to see is here for the asking, so who cares.

But don't use the same password for your banking log-in. You wouldn't do that would you?

Alan D.
Top of pagePrevious messageNext messageBottom of page Link to this message

David Gore
Moderator
Username: david_gore

Post Number: 3863
Registered: 04-2003
Posted on Monday, 18 January, 2021 - 21:05:   Edit PostDelete PostView Post/Check IP

I am sure our Administrator would like to be advised of any incidents as reported by Alan above to allow investigation of the circumstances involved.

Personally, I would be interested in finding out if your password was accessed and retrieved from this forum or, more likely in my estimation from your comment, the surreptitious installation of a keylogger on your computer included in a download from an infected site.

The fact your computer does not have a camera and no other member has reported a similar incident suggests this forum may not have been the source of your password as detailed in the email concerned.

I suggest you should check the status of your computer security software to ensure it is both up-to-date and actively monitoring your activity continuously.
Top of pagePrevious messageNext messageBottom of page Link to this message

Alan Dibley
Frequent User
Username: alsdibley

Post Number: 285
Registered: 10-2009
Posted on Monday, 18 January, 2021 - 21:25:   Edit PostDelete PostView Post/Check IP

Hi David, ...but this is the only site on which I use this password. I have virus checking and network protection, all kept up-to-date so I reckon this RR site is a prime suspect. "He" has not suggested he knows any other passwords. And I avoid any possible infected sites, I hope.

Maybe other folk have just dismissed the threat and not bothered to report it?

Alan D.
Top of pagePrevious messageNext messageBottom of page Link to this message

David Gore
Moderator
Username: david_gore

Post Number: 3864
Registered: 04-2003
Posted on Tuesday, 19 January, 2021 - 10:04:   Edit PostDelete PostView Post/Check IP

Alan,

A "keylogger" records and transmits every keystroke you make on your computer to an external computer for storage and retrieval by individuals with ill-intent.

Keylogger malware records login details and related passwords plus other related information each time they are entered into an infected computer.

Most computer security software will detect and neutralise a wide range of known keyloggers if they are kept up to date on a regular basis.
Top of pagePrevious messageNext messageBottom of page Link to this message

Glen Poolen
Frequent User
Username: wgipps

Post Number: 265
Registered: 03-2018
Posted on Tuesday, 19 January, 2021 - 11:15:   Edit PostDelete PostView Post/Check IP

my 2 cents -

those blackmail emails have been going around for some time. The are one of the modern versions of the Nigerian letter scams.

its highly unlikely to be a site problem if there is only 1 person who has been 'hacked'.

If many/most/all users were hacked or sent blackmail type emails as described, then its a site problem.

Sorry Alan but my guess is the problem is at your end.
Top of pagePrevious messageNext messageBottom of page Link to this message

Trevor Hodgekinson
Frequent User
Username: wm20

Post Number: 216
Registered: 11-2006
Posted on Tuesday, 19 January, 2021 - 11:19:   Edit PostDelete PostView Post/Check IP

I use obsolete computers as well and have no security problems.
To date nothing related to this site so I would expect that as has already been suggested , you have a key logger or there is a site spoofing this site to harvest passwords.

My computer security was done on the suggestions of a riding pal who wrote the security for a major government site that has never been hacked and to date every illegal access has been flagged & the guilty party dealt with
1) most important set up your computer in multi user mode .
2) set yourself up without root access thus nothing can be downloaded that will alter or install anything that is an add on or modifies any routine on your computer without the root ( Administrator ) user authorizing it .
I was flabbergasted by the number of times a pop up turns up asking for this permission when it should not have.
3) set up multiple email accounts and in particular a dummy one for joining web groups & forums then set the prefferences for that account to delete all incoming emails , or put flag them as spam / trash etc
4) never ever use any free email host ( gmail-yahoomail etc )
5) set up multiple email accounts & aliases with your ISP and use them for specific purposes , so I have one for my bank, a different one for Paypal , another for joining forums, another for each hobby like motorcycling, Rolls Royces, government / tax , gardening , friends & family , etc
This is very handy because I get spoof emails supposedly from my bank, addressed to me in person that look 100% authentic, but they come into the wrong email address so I know they are fake
6) never use the account that the ISP gave you to start with for anything other than visiting their web site and / or setting up other email accounts
7) install multiple browsers and do not allow any of them to remember passwords or user names .
If necessary store them in a fake document stored as a PDF.
Cut & paste the user name then type in the password.
Open this document before you go to what ever web site you are going to log into.
Store the passwords within other words.
I use a parts list so a string of random numbers & letters with a few funny symbols will not look out of place .
Eg;- Wm20 stand washer # BSA_66-9901-S4e-#15(42)_1952on
User name Wm20 password _66-9901-S4e-#
Then at a latter date it becomes -9901-S4e-#15(
Keep them all the same length so all you have to remember is the starting letter
Top of pagePrevious messageNext messageBottom of page Link to this message

Trevor Hodgekinson
Frequent User
Username: wm20

Post Number: 217
Registered: 11-2006
Posted on Tuesday, 19 January, 2021 - 11:30:   Edit PostDelete PostView Post/Check IP

And what I forgot
Never ever link your phone number to anything on the net.
Just thought about this when Evilbay just asked for my phone number to " help keep my account secure "
Depending upon where you live, but in OZ you can not get a Sim card unless you have a verified address ( most use the post office app )
Top of pagePrevious messageNext messageBottom of page Link to this message

Alan Dibley
Frequent User
Username: alsdibley

Post Number: 286
Registered: 10-2009
Posted on Tuesday, 19 January, 2021 - 20:03:   Edit PostDelete PostView Post/Check IP

Thanks Trevor, I've printed your advice and have promised myself that it's a project for a "lockdown" day (or two, or three).

Alan D.
Top of pagePrevious messageNext messageBottom of page Link to this message

Trevor Hodgekinson
Frequent User
Username: wm20

Post Number: 218
Registered: 11-2006
Posted on Wednesday, 20 January, 2021 - 09:15:   Edit PostDelete PostView Post/Check IP

Got my first computer in 1995 and "cleaning it: was almost a monthly event using 3 or 4 different apps.
Having to do full disc wipes & reinstalls was again a routine event.
Set it up as mentioned above in 1999.
Since that day not a problem with my computer or originating from my computer .
The other biggie is purging everything Microsloth from it.
The only microsloth app I have is windows media player and it generates more requests for root access than everything else on the computer added together .
The main browsing computer is an I-Mac with a 3 partition hard drive running Linnux on one, OS 10 on the other and all data on the third . This computer is an old mac Cheesegrater running OS 9 & 10 on small dries with all data on a separate drive with a couple of mirrors for back up.
This is my "hobbie" computer that gets used for all of the RR, Motorcycle & gardening forums + has the email accounts for said same activitites.
Thus when busy I don't look at it because what is on it is not needed day to day.
The other thing I did not mention is the modems get turned off when I am not here, on line and he email apps are set to manual collection.
If you are not connected then it is hard to be infultrated .
The house & workshop is hard wired and the only wifi connection is from the modum to the I Mac so I can just turn the modum off when it is not needed.
I used to pull the ethernet cable out of the modum before getting the new WiFi one to keep it out of the network .
Top of pagePrevious messageNext messageBottom of page Link to this message

Glen Poolen
Frequent User
Username: wgipps

Post Number: 266
Registered: 03-2018
Posted on Wednesday, 20 January, 2021 - 09:46:   Edit PostDelete PostView Post/Check IP

I dont mean to be rude but goodness Trevor. That is near paranoia.

By your description, it doesnt seem you use your computer for state secrets or high finance and their age suggests that you dont use them for graphics or high use RAM.

You need to do all that just so sombeody doesnt try to steal a password to a text forum or 2 you enjoy.

My 78 yo mum uses her computer a lot. She does her banking, facebook, photos, emails to friends, reads the news and online articles etc etc. If she said she needed to do all that just so she can use facebook with what are left of her friends, i would have her committed.

Common sense, up to date software and sound internet practices get everyone else by.
Top of pagePrevious messageNext messageBottom of page Link to this message

Trevor Hodgekinson
Frequent User
Username: wm20

Post Number: 219
Registered: 11-2006
Posted on Thursday, 21 January, 2021 - 13:52:   Edit PostDelete PostView Post/Check IP

It is not paranoia , just common sense security
Remember Norton was convicted for creating & distributing computer viruses to increase the uptake of his anti virus soft wear.
Relying on brand new softwear and a third party to protect you is a fools errand .
I value my privacey so if you google me you get nothing, I don't exist electronically & that is the way I like it .
Google my screen names and there are hundreds of pages but none lead to me AFAIK.
As well as providing a reasonable level of security, it helps me to manage my on line life.
When times are busy I simply don't look at the hobby email accounts so I am not overwhelmed with stuff that can wait till latter.

Way back in the 70's I had a major collision and during the recovery managed to loose ( or have stolen ) my tote bag with my wallet , bankbooks, address book keys to 3 houses & the plant etc.
I did not miss it for 3 weeks as I was imobile so only noticed it was missing when going back for another operation.
During that 3 weeks some one had accessed my credit card accounts and bank account so the $ 22,000 had all been withdrawn and the 3 credit cards were maxed out.
It took 15 years to get Combank accept a crime was committed & refund the $ 22,000 by which time house prices had doubled but the courts did not extend the verdict to the lost interest.
The credit card companies all wiped the debt strait away.
So yes I do take security very seriously.

Right now thousands of people are being defrauded because they answered what looked like a real email from their bank, credit provider , tax office or ISP .

So look at this forum.
Safe bet every one on here has a RR or Bentley and a web bot will have no trouble identifing who has a valuable one & who like me has a sorry rust pile.
The from Face Ache you can then find out where they live where they work ( if that was not gleaned from here already ) where they are and when no one will e home for an extended period
SO the crooks turn up with a tilt tray with a sign on the side making it look like it belongs to a specialist RR business and the neighbours will not think it out of place and your pride & joy will be on ebay as a pile of parts before you get home.
This happens daily and is very difficult for police because there is no connection between you & the person who stole your car /. bike / boat /. caravan / computer / etc etc etc.

I was on face book for a short while then I attended a public lecture on cyber security for the individual .
The lecturer explained exactly how this is done then proceeded to hack volunteers from the audience.
Within a few minutes she had found out their entire extended family where they all worked, roughly what the earned, where they lived the schools their children attended what motor vehicles they owned and most frightening where most of them were right then.
Enough for me I cancelled my face book account and changed my phone number .

As for secrets, I have been the club plate officer, permits officer , then club registrar & now authorised person for 2 vehicle clubs.
As such I have all of their personal details & vehicle details, stuff that is worth a fortune to identity thieves, a very good reason to have good security.
On top of that I use to write service manuals & wit my wife translate a lot of manuals from Mandrin & Cantonese into readable English . More stuff that needs to be secure.

As for graphic arts, I use CS3 on OS 9 in a ram disc.
There is a lot of better stuff out there but only for newbies who do not know how to work with the app and need subroutines like auto red eye correction .

Security is like backing up
People who know what they are doing & do it properly get called paranoid by those who don't, till those who don't get caught out.

It is a free world and you are more than entitled to your opinions .
I have been riding BSA's since I was 12 so have a very thick hide that nothing will insult me .

The final comment I will make is I delivered wine to an ex-IBM geek . Now I am a bit of a have -a-chat so we got talking. He was originally bitter about being tosssed onto the scrap heap & was doing nothing till a yatch club member friend asked him if he could have a look at his computer .
He found it full of mal wear, key loggers and other stuff which eventually got traced to "free games" his daughter was downloading. From that he got a reputation and eventually started charging for computer clean ups & reorganizations to the point he was making more than he was at IBM.
We sat on his patio in his appartment in Crown St Sydney, sipping on one of his bonus bottles of red.
He did a network scan and came up with around 4 or 5 pages of networks then proceeded to hack into about 50 of them just to show me how easy it was to do & how stupid people were .
What was amazing was just how many still had the default admin names & passwords on their modems .

Now perhaps you make so much money you can afford to be wiped out or pay a very expensive lawyer to sort out identity fraud but I can't .
Top of pagePrevious messageNext messageBottom of page Link to this message

Graham Phillips
Frequent User
Username: playtime

Post Number: 352
Registered: 03-2019
Posted on Thursday, 21 January, 2021 - 14:13:   Edit PostDelete PostView Post/Check IP

G'day everyone,....

Well I don't use my real name on any forum ect online.

Here is the only place my name is real but then there is NO other way to find me from here.



Graham.
Top of pagePrevious messageNext messageBottom of page Link to this message

David Gore
Moderator
Username: david_gore

Post Number: 3867
Registered: 04-2003
Posted on Thursday, 21 January, 2021 - 20:05:   Edit PostDelete PostView Post/Check IP

As a moderator of this forum, I also do not have access to member's personal details other than a very small number who have given me their contact details privately and I have destroyed this information as soon as it was no longer needed.

My real name is used here as this is widely known in the Australian R-R Owners' Club due to my approaching 30 years participation after assuming custodianship of DRH14434 in 1993. This car later became a casualty of a prolonged divorce property settlement and its whereabouts are no longer known.
Top of pagePrevious messageNext messageBottom of page Link to this message

Trevor Hodgekinson
Frequent User
Username: wm20

Post Number: 220
Registered: 11-2006
Posted on Friday, 22 January, 2021 - 08:43:   Edit PostDelete PostView Post/Check IP

Well Graham, have anther look at what is in your profile then google your name & town and see what comes up.

With a family name like yours the go is to use phonetic spelling
Filips sounds the same to the human ear but makes no sense to hacking soft wear.
Generally I swap my 4 names around on forums or miss spell them some times both .
The problem is most people are honest so it is hard for them to look at something like an application form and think "How could a criminal use this information ?"
For a while I had to get a Google account so I filled the PI section with trash information that would make me a female 150 years old .
The dummy email address I used to verify the Google one suddenly got flooded with spam about retirement homes , pension investments ,hormone replacement , males in the dummy postcode looking for partners & funeral plans.

And like you David, the safest way to secure information is not to have it in the first place so details get removed when people leave the clubs or sell their vehicles.
The actual files are data bases with the details spread across 3 encripted password proteted files ( only stops children ).
Thus the information makes no sense till it is brought together into a fourth container file to print out the forms for the RMS & insurance companies.
FWIW the RMS use a similar system where each piece of information is stored in a separate file using your customer number as the identifier.
So to print out your rego form the computer searches all of the databases for your customer number then pulls the ones that are flagged for the printed rego papers out & prints them on the page. It also records the time & date of the search , who did it & what they did with it.
And the customer number that is on your paperwork is not the customer number used internally by the computer , just in case some one hacks into the system with a pile of customer numbers.
The RMS computer is more secure than the Tax office computer.
The weak link is Service NSW who have no idea about computer security at all which should be obvious as at least 2 times a year you hear that the system has been hacked and you only hear about the successful hacks that either have been stumbled across by the media or have been leaked by people who do know about security & are appalled by the lack of it .

Sorry to hear about your car.
I had to sell down the most valuable items in my collection when SWMBO & I split

Add Your Message Here
Post:
Bold text Italics Underline Create a hyperlink Insert a clipart image

Username: Posting Information:
This is a public posting area. Enter your username and password if you have an account. Otherwise, enter your full name as your username and leave the password blank. Your e-mail address is optional.
Please quote Chassis Numbers for all vehicles mentioned.
Password:
E-mail:
Action: