open All Channels
seplocked EVE General Discussion
blankseplocked So sick and tired of having to log in every time *nerdrage*
 
This thread is older than 90 days and has been locked due to inactivity.


 
Author Topic

Tobias Sjodin
Habitual Euthanasia
Pandemic Legion
Posted - 2010.11.22 17:20:00 - [1]
 

Seriously, there are forums that were made in the 90'ies that supported simple cookies that work. Having to log in every damn time to make a post is infuriating. *gRAaaaaAHh*


red iffunk
Gallente
Decadence.
Posted - 2010.11.22 17:24:00 - [2]
 

*logging in to say "hi"*

and yes, +1

tgl3
Red Federation
RvB - RED Federation
Posted - 2010.11.22 18:36:00 - [3]
 

It is kind of annoying...

Yuki Kulotsuki
Posted - 2010.11.22 18:45:00 - [4]
 


Cinnamon Candy
Posted - 2010.11.22 18:48:00 - [5]
 

Edited by: Cinnamon Candy on 22/11/2010 18:47:59
Europe is behind the US on most technology things vOv especially Iceland, they're like 15 years behind. Maybe when they get GPS they'll start driving on the right side of the road.

baltec1
Posted - 2010.11.22 18:54:00 - [6]
 

Originally by: Cinnamon Candy
Edited by: Cinnamon Candy on 22/11/2010 18:47:59
Europe is behind the US on most technology things vOv especially Iceland, they're like 15 years behind. Maybe when they get GPS they'll start driving on the right side of the road.


But iceland can control volcanos...

Magnus Orin
Minmatar
Wildly Inappropriate
Goonswarm Federation
Posted - 2010.11.22 18:55:00 - [7]
 

I absolutely agree.

Especially due to the fact that my password is annoyingly complicated to deter hacks as well...

I just reactivated with the 5 free day thingy (which wont even extend to the first portion of the new expansion!? wtf is up with that) and I could hardly remember my password... Thank goodness I had it stored in my PW vault on my blackberry :)

Othran
Brutor Tribe
Posted - 2010.11.22 19:21:00 - [8]
 

Edited by: Othran on 22/11/2010 19:29:26
Edited by: Othran on 22/11/2010 19:21:51
sidejacking 4tw obviously Rolling Eyes

This table is quite a nice summary of the issues caused by "simple cookies that work".

Edit - full "report" which table was taken from : http://www.digitalsociety.org/2010/11/online-services-security-report-card/ Do note that this is utterly trivial stuff done daily to probably thousands of people - hell there's even a Firefox plugin to help Laughing

Lurana Lay
Gallente
Posted - 2010.11.22 21:26:00 - [9]
 

Resetting forum settings constantly is annoying too.

Malaclypse Muscaria
Posted - 2010.11.22 21:43:00 - [10]
 

Originally by: Othran
This table is quite a nice summary of the issues caused by "simple cookies that work".

Facebook does not provide SSL login yet? And they nonetheless have this "Facebook Connect" thing allowing their users to authenticate on other websites using their Facebook credentials?

*head explodes*

Ebisu Kami
Posted - 2010.11.22 21:46:00 - [11]
 

Edited by: Ebisu Kami on 22/11/2010 21:46:24
Originally by: Magnus Orin
I absolutely agree.

Especially due to the fact that my password is annoyingly complicated to deter hacks as well...

I just reactivated with the 5 free day thingy (which wont even extend to the first portion of the new expansion!? wtf is up with that) and I could hardly remember my password... Thank goodness I had it stored in my PW vault on my blackberry :)


Oh yeah, right, cookies containing your PWs on your PC and textfiles with PWs on your Blackberry are totally going to make you hacker-proof.

BinaryIdiot
Dreddit
Test Alliance Please Ignore
Posted - 2010.11.22 22:00:00 - [12]
 

Originally by: Othran
Edited by: Othran on 22/11/2010 19:29:26
Edited by: Othran on 22/11/2010 19:21:51
sidejacking 4tw obviously Rolling Eyes

This table is quite a nice summary of the issues caused by "simple cookies that work".

Edit - full "report" which table was taken from : http://www.digitalsociety.org/2010/11/online-services-security-report-card/ Do note that this is utterly trivial stuff done daily to probably thousands of people - hell there's even a Firefox plugin to help Laughing
If you send data through non-SSL channels then, of course, you're exposed. You know the password you use to login to eveonline.com? If someone was running a program to sniff your data they would see it in clear text. A password exposure is worse than an authentication token exposure.

The obvious solution is to:
1. Correctly implement cookies to keep browser sessions.
2. Enable SSL or require SSL.

Originally by: Ebisu Kami
Edited by: Ebisu Kami on 22/11/2010 21:46:24
Originally by: Magnus Orin
I absolutely agree.

Especially due to the fact that my password is annoyingly complicated to deter hacks as well...

I just reactivated with the 5 free day thingy (which wont even extend to the first portion of the new expansion!? wtf is up with that) and I could hardly remember my password... Thank goodness I had it stored in my PW vault on my blackberry :)


Oh yeah, right, cookies containing your PWs on your PC and textfiles with PWs on your Blackberry are totally going to make you hacker-proof.
Cookies DO NOT and SHOULD NEVER contain your password.

BinaryIdiot
Dreddit
Test Alliance Please Ignore
Posted - 2010.11.22 22:02:00 - [13]
 

Originally by: Yuki Kulotsuki
Soon™
Care to elaborate? There is nothing in that list that suggests this change...

BeanBagKing
Terra Incognita
Intrepid Crossing
Posted - 2010.11.22 22:06:00 - [14]
 

Originally by: BinaryIdiot
Originally by: Yuki Kulotsuki
Soon™
Care to elaborate? There is nothing in that list that suggests this change...


Quote:
New Forums to EVE Gate
Read about the hottest topics and latest events in the new full-featured forum system, now integrated directly into EVE Gate.

BinaryIdiot
Dreddit
Test Alliance Please Ignore
Posted - 2010.11.22 22:11:00 - [15]
 

Originally by: BeanBagKing
Originally by: BinaryIdiot
Originally by: Yuki Kulotsuki
Soon™
Care to elaborate? There is nothing in that list that suggests this change...


Quote:
New Forums to EVE Gate
Read about the hottest topics and latest events in the new full-featured forum system, now integrated directly into EVE Gate.

Those are forums for your corps and alliances. They have nothing to do with the main eve forums...

Triple Entendre
Atrocity.
Posted - 2010.11.22 22:12:00 - [16]
 

Originally by: Tobias Sjodin
Seriously, there are forums that were made in the 90'ies that supported simple cookies that work. Having to log in every damn time to make a post is infuriating. *gRAaaaaAHh*




Spider-Sense suggests someone snagged Sjodin's snipe.

Lanais Suleia
Posted - 2010.11.22 22:35:00 - [17]
 

Given that Gate applies negative atmospheric pressure gently to the reproductive organs of diminutive equus, I can't say having new forums based on it excites me in any way.

Othran
Brutor Tribe
Posted - 2010.11.22 22:52:00 - [18]
 

Originally by: BinaryIdiot
Originally by: Othran
Edited by: Othran on 22/11/2010 19:29:26
Edited by: Othran on 22/11/2010 19:21:51
sidejacking 4tw obviously Rolling Eyes

This table is quite a nice summary of the issues caused by "simple cookies that work".

Edit - full "report" which table was taken from : http://www.digitalsociety.org/2010/11/online-services-security-report-card/ Do note that this is utterly trivial stuff done daily to probably thousands of people - hell there's even a Firefox plugin to help Laughing
If you send data through non-SSL channels then, of course, you're exposed. You know the password you use to login to eveonline.com? If someone was running a program to sniff your data they would see it in clear text. A password exposure is worse than an authentication token exposure.

The obvious solution is to:
1. Correctly implement cookies to keep browser sessions.
2. Enable SSL or require SSL.


Pretty much every* website I've ever used that required a login only ever used ssl for the login. After that its plaintext. Thats what sidejacking is - capture the cookie and use it for that session. You don't need the login and password and depending on the site there is a possibility of changing the default email addy then triggering a "forgot password" routine.

Trust me on this, its endemic.

Even with ssl its still possible to sidejack.

*not my banking/financial sites, they're ssl throughout. I changed bank because one used ActiveX - I'm not joking about moving banke either.

Ultim8Evil
Ministry Of Eternal Disorder
Posted - 2010.11.22 23:04:00 - [19]
 

Originally by: Cinnamon Candy
Europe is behind the US on most technology things


Give us a shout when you've ditched leaf springs and live axles, stopped throwing V8s in things to "go fast" in place of correct tuning and built a car that can go round corners... then we'll talk.

Jovan Geldon
Gallente
Lead Farmers
Kill It With Fire
Posted - 2010.11.22 23:48:00 - [20]
 

Edited by: Jovan Geldon on 22/11/2010 23:48:13
Originally by: Cinnamon Candy
Europe is behind the US on most technology things


The metric system also says hi.

Brian Ballsack
Posted - 2010.11.22 23:57:00 - [21]
 

you really are one lazy bastrd if you cant be bothered to type in a password.
My money in on OP being american abd obese

Astenion
Gallente
Spiritus Draconis
Posted - 2010.11.23 00:03:00 - [22]
 

Edited by: Astenion on 23/11/2010 00:09:07
Originally by: Ultim8Evil
Originally by: Cinnamon Candy
Europe is behind the US on most technology things


Give us a shout when you've ditched leaf springs and live axles, stopped throwing V8s in things to "go fast" in place of correct tuning and built a car that can go round corners... then we'll talk.


I think she was being facetious, as Europe is actually ahead of the US in that respect. Europe was behind the US in the late 90's and early 00's with internet technology but has since caught up and surpassed the US in terms of speed, availability, and service.

But comparing cars to computers is apples and oranges. We don't put V8s in things to "go fast"...you can put a turbo on a lawnmower and it will still go fast, which is what many European car makers do, aside from luxuries such as Mercedes, BMW, etc. The Mazda RX-8 is an American car (now at least) and features a small engine (albeit a rotary) and blows the doors off just about any other similarly priced car. We put V8s in our cars because they're muscle cars and they're supposed to have a V8 in it. I've yet to see a Toyota sedan with a V8 in it. We like our cars with torque, the kind that feels like a jet taking off when you dump the clutch. You can't get that with any European car under 40k euros.

Tuner cars may actually go faster and handle better, but they're smaller, lighter, and have so much crap added onto them that they aren't even the same car anymore. We don't want a car that sounds like a weedeater motor attached to a shopping cart with lights underneath.

Now, the average European car wins hands-down over the average American car, in almost every aspect. Renault, Citroen, Lancia, Alfa Romeo, VW, etc. are all great affordable cars that I would take any day over the average American family car. But a Ford Mustang Cobra/Chevy Camaro SS vs. well, what? The closest thing Europe has to that would be a Porsche, and it costs at least twice the money. The big difference is that you can buy a muscle car in the US for less than what idiot Europeans pay for SUVs they don't know how to drive and in cities they can't park.

Othran
Brutor Tribe
Posted - 2010.11.23 00:09:00 - [23]
 

Amusingly the (real-world) answer to sidejacking won't please the OP. You have to click "logout" Laughing

Fairly seriously though - do make a point of clicking the "log out" button as it'll expire session/cookie.

Also don't go doing what some people suggest - forcing SSL by typing https:// at a website. In most cases it'll work but its not really an answer. Use it sparingly if you have to.

Akita T
Caldari Navy Volunteer Task Force
Posted - 2010.11.23 00:16:00 - [24]
 

NERD RAAAAAaaaaaapathy... meh.


 

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only