HTTP can be sniffed

Discussion in 'Site Discussions & Suggestions' started by Youkai, Jun 12, 2015.

Thread Status:
Not open for further replies.
  1. Youkai
    OP

    Youkai Demon

    Member
    2,159
    247
    Jul 1, 2004
    Germany
    Germany , NRW
    As I am learning to become an IT guy I started to learn packet sniffer which seem to be VERY easy nowadays ....

    Now just for fun I logged into GBATemp while having the packet sniffer running and say what, the Password and Username is send in PLAIN TEXT !
    So if you are every connected to an Open W-Lan Hotspot NEVER login to GBATemp !!! it takes about 2 seconds to get your username and Password.


    Maybe someone from the Administration Team could fix this and add an encryption ?
     
  2. TecXero

    TecXero Technovert

    Member
    2,814
    906
    Apr 13, 2014
    United States
    Mainframe
    I never really thought about the security on here. I use an unique passcode for this site and I don't consider my account or any of its information important. I guess a person could get my email address, but nothing else. I mean, yeah security is important, but this site isn't exactly high priority for me, and I'd assume most other users.
     
  3. Brewzip

    Brewzip Advanced Member

    Newcomer
    54
    17
    Feb 6, 2015
    Italy
    Use the HTTPS version of the site instead of the HTTP one.
     
    pelago likes this.
  4. Youkai
    OP

    Youkai Demon

    Member
    2,159
    247
    Jul 1, 2004
    Germany
    Germany , NRW
    I never knew there is a https version oO?
    why the hell are there two XD

    //seems to be secure ;) at least not as easy as reading some plain text which could do any child.
     
  5. T-hug

    T-hug Always like this.

    pip Chief Editor
    9,046
    4,010
    Oct 24, 2002
    England
  6. Duo8

    Duo8 I don't like video games

    Member
    3,438
    1,138
    Jul 16, 2013
    Costello was asked about HTTPS once and he said that the login info is not important enough.
    Still he added HTTPS some months ago and finished it (all page content) with V5. Though I don't know if HTTPS is the default or not.
     
  7. Brewzip

    Brewzip Advanced Member

    Newcomer
    54
    17
    Feb 6, 2015
    Italy
    The default one for the site is HTTP.
    Probably Costello keeps both because there are some other works to do to V5.

    However, I don't think this is that kind of situation. Maybe the current solution is simply not optimized, because it's not considered a priority. For me, it's a bad practice.
    In this state, the site has the advantage of compatibility with old browser that doesn't support HTTPS. But having two version is less secure.

    I noticed another "bad procedure", not related to security, but SEO.
    After so many years, the site can still be visited using two identical versions (www and non www).
    One of gbatemp.net and www.gbatemp.net should send a redirect 301 to the other.
     
  8. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,445
    4,762
    Mar 17, 2010
    Norway
    Alola
    It's only less secure if you use the HTTP version.
    Anyway, it doesn't really matter, it's not the kind of account that's interesting to skiddies :P
     
  9. Costello

    Costello Headmaster

    Administrator
    12,389
    5,595
    Oct 24, 2002
    that's not even a subject.
    HTTP *is* sniffable, no matter how hard you try, if you don't use HTTPS you are exposing yourself.
    If you are worried that people on your wifi network might be sniffing your packets, just use the HTTPS version.
     
    Minox likes this.
Thread Status:
Not open for further replies.