An error occurred during a connection to www.sitepoint.com. Peer’s Certificate has been revoked. (Error code: sec_error_revoked_certificate)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.[/SIZE][/B][/COLOR]
Isn’t this a bit of a security issue? If it isn’t, please advise.
I don’t buy that. There isn’t anything here that is worth gathering. No financial transactions, no personal information (that’d be used for government purposes), so nothing really to protect. Just your username and password and frankly, if you are using the same password here for other websites, you are already doomed.
As well as the staff, here, do to prevent spam from getting in, accounts would be hacked less if two things happen: 1. People use long and complex passwords, and 2. the staff uses SSL/TLS to make sure that passwords aren’t stolen by MitM.
The first one isn’t completely realistic - most users STILL don’t understand that short, simple, all lower-case passwords are easily hacked.
The second one won’t completely eliminate accounts being hacked, but it will go a LONG way in significantly reducing it.
And, no, I don’t use the same password for other sites. I’ve been internet security minded since before it became a huge issue.
Those are fair points, and I’ve used long passwords for a really long time. But as far as someone gaining control over a staff account, it really isn’t much to worry about. There isn’t a lot they could do with that access, before being caught by another leary mod/admin.
Nonetheless, valid points, but the risk is low (in my opinion).
It’s not staff accounts that I’m concerned about, really. I haven’t seen any attempted SPAM postings from any staff members, anyway. But the spam attempts (I say ‘attempts’ because I’ve seen more than a few obvious subject entries, but there’s no content when the post is viewed - KUDOS to the people/technology that is doing such an excellent job!) are being seen from standard user accounts. Most likely due to passwords not being long/complex, but I’m not going to discount potential MitM as a culprit.
Spam attempts are usually made from spam accounts registered by the spammers themselves. I don’t remember a case of a user account being hacked to use it for spamming.