Username:
Password:
Remember me:
Register

Back to forum: Feature suggestions


Search forums via Google


0 Users appreciate this thread.

HTTPS? Secuirty Threat! ⚠️
Started by simontv17
(2016-10-30 20:27:31)
simontv17 (2016-10-30 20:27:31)
Do you want your internet tracking of 3ds plaza to be secure? Do you want your passwords entered on this website to be safe? It's time for admin to see that this website doesn't use HTTPS.

Here are some dangers of not using HTTPS.
* Encryption makes hackers less likely to intersect traffic from your browser to the network.
* It is required to protect data since anyone can get the information of the browsing.
* You can use a plugin called Firesheep which makes it easy for people to monitor traffic.
* Also if you type HTTPS in the browser on this website it gives me an error.
* Prof: https://imgur.com/a/2SPXI
* People can steal your login to access your account, and possibly get you banned. Your email can get stolen; because, if you go to profile settings, they can find your email. Then they will access the email, and they will login with the same password as 3dsplaza to access it.
* Many websites now use HTTPS, so 3dsplaza is behind in the game.
* It's better to be safe than sorry.

Solution:
Admins should start making HTTPS default on all 3dsplaza pages.

More information
https://letsencrypt.org/getting-started/

Sources:
http://mashable.com/2011/05/31/https-web-security/#6Yem9G0Sskqb

Thank You all for reading.

ChampionLeake (2016-11-01 01:07:13)
Very interesting but it'll take a lot of password guessing to hijack someone's account unless they actually share it. This happens from people wanting their profiles done and they share their own passwords without thinking of the dangers of it.

EDIT: And tbh, plaza should be secure from this (for now) but we have no active admins to do this type thing. We already lost SL.

EDIT #2: *Security

This post has been edited one or more times, the last time was:
2016-11-01 01:08:49

I'm a web developer, a game developer, a digital artist, musician, and a reverse engineer. A weird mix right?
YouTube Channel
My Twitter
simontv17 (2016-11-01 06:19:09)
You also know that people can have simple to guess passwords, and they can find the username of each user by adding one digit to the profile number. Then they add the username and guess the 20 most common passwords and move on. Early users are most likely to have weak passwords.
NodePoint (2016-11-06 04:10:50)
^ Rate-limiting and better password rules being enforced would help out in that case.

The big problem here is 3DS and DSi support. Nintendo has far as I'm aware hasn't added the appropriate certificate(s) for LetsEncrypt in order for it to work. Because of that, the site would become inaccessible if HTTPS is enforced (redirects and/or HSTS).


It's best if I make HTTP sound more scary:
Anyone is able to view requests and alter responses from plain text requests if they're either on the name network as you or have access to the proxy that your device uses.
This can involve things such as the attacker injecting client-side code and the recreation of HTTPS requests made by you (includes cookie headers that typically use data for authentication).
Pentester, web developer, artist, and tech enthusiast.
My site
ChampionLeake (2016-11-07 00:41:46)
^
Makes more sense.
I'm a web developer, a game developer, a digital artist, musician, and a reverse engineer. A weird mix right?
YouTube Channel
My Twitter
simontv17 (2016-11-10 03:11:34)
You should try to change it on the PC version at least. You can also try a different HTTPS service.
TheAlexRider (2016-11-20 15:09:29)
HTTPS will be being added to 3DSPlaza soon. We're actually working on it already, just the 3DSPlaza server doesn't like it.
ChampionLeake (2016-11-20 21:02:46)
For the n3DS browsers, they can almost run HTTPS websites fine. I still don't know about the o3DS.
I'm a web developer, a game developer, a digital artist, musician, and a reverse engineer. A weird mix right?
YouTube Channel
My Twitter
TheAlexRider (2016-12-11 17:08:02)
Problem is that Nintendo doesn't support the authority that plaza uses to sign the certificates.
simontv17 (2017-03-15 03:19:25)
Cool, so when will it will be released? Also where is the site's privacy policy?
 

Log in to submit a comment

This topic's ID: 83070

Back to forum: Feature suggestions




Total registered users: 7612
New registered users today: 0
Newest registered user: tommy

©  Copyright 2018 3DSPlaza. All Rights Reserved