Re: HTTPS for passwords in the year 2013
Posted by badon on Jun 04, 2013; 9:51pm
URL: https://support.nabble.com/HTTPS-for-passwords-in-the-year-2013-tp7584662p7584678.html
Nabble's login form does not use SSL. So, anyone who logs in to Nabble has almost certainly had their login credentials logged by someone malicious. They will use those credentials to try to login to other websites (email accounts, bank accounts, etc), because many people reuse the same passwords, or trivial variations of them that can be brute-forced. Very often, those credentials are used to commit crimes. The trail ends at the victimized Nabble user, so the real criminal gets away with it. Maybe some people are comfortable with that. I'm not.
I'm not an administrator, I'm a regular user. My message had a missing word that caused this confusion. I don't know how that happened, but with no security, someone could have altered my message in a man-in-the-middle attack. I think my PC just ate the word, like if I was typing it at the same moment a popup got in the way, and I resumed typing after dismissing the popup without realizing something got lost. However, there's no way to know, because Nabble has no modern security features. I don't know who is using my account right now, and I don't know who is reading my messages, or trying to strip away my anonymity and privacy.
These problems were solved 20 years ago, but Nabble has been left behind. If you want to learn more about some of the most important basic security concepts in the context of web browsers, you can start with the Wikipedia article about SSL (just do a search for it). Then, you might want to skip over to finding information about "man in the middle" attacks (variously abbreviated as MITM, and MITMA), which should give you an idea of how HTTPS can work to thwart them. Once you have a good idea of why browser security is important, I recommend using the Perspectives add-on/extension for FireFox. It defeats most of the weaknesses in current security protocols (certificate signing authorities), which can allow some of the most potent forms of man in the middle attacks.