Jump to content

Recommended Posts

we are aware as we do not have a ssl because we do not process payments on the site. what sort of protection do you think you need that a ssl would provide?

 

99% of your web browsing is not encrypted its only needed to protect financial information

Share this post


Link to post
Share on other sites

I apologize, but your information on the need for SSL is outdated. The major need for SSL is now to prevent wholesale tracking and analysis of individuals on the internet who prefer to avoid such tracking.

 

The government explains it better than I can:

 

https://https.cio.gov/everything/

Share this post


Link to post
Share on other sites

While I agree with using HTTPS, I want to point out one small fact. The NSA records all traffic on the outbound routers of the United States. They can/do track users and parse the recorded traffic for key words. SSL isn't as secure as it is portrayed. (I'm certified InfoSec).

Share this post


Link to post
Share on other sites

I am aware of the several historical and current issues that have hit HTTPS from the openssl silliness to the NSA recording silliness.

 

To be quite honest, I'm less concerned about the NSA and more concerned about the hackers out there that monitor multiple online forums, hack and dump multiple databases, and do cross analysis to unmask real identities.

 

A lack of concern about HTTPS lends me to believe that other items may also be lacking, like proper encryption and hashing of database passwords. This may be completely unfounded, but it is the impression that I get left with.

 

The outlay for HTTPS is also not nearly as great as it used to be. But if you think the cost is too great, set up a donation tier called "digital guardians" or something that will fund the HTTPS certs once sufficient people join that tier.

Share this post


Link to post
Share on other sites

I appreciate your concern over the matter, and the presentation of a resolution to the problem you put forth. Few enough do so.

Share this post


Link to post
Share on other sites

Thanks for your concern, We do not use a SSL because we do not process any sensitive information on the site, even our premium memberships and donations use secure encrypted gateways.

 

The use of SSL would also prevent the functionality of some of the sites features.

 

If you are concerned here is the configuration of the site

 

http://www.mymilitia.com/phpinfo.php

 

you will see we are running the most secure and up to date versions of PHP and MYSQL.

 

Our core software Xenforo is absolutely the most secure forum software available.

 

Security Architecture can be defined as the design artifacts that describe how the security controls (security countermeasures) are positioned, and how they relate to the overall information technology architecture. These controls serve the purpose to maintain the system's quality attributes, among them confidentiality, integrity, availability, accountability and assurance.

 

Basically, security was designed from the ground up and from the beginning of development. Some older applications may not have had security built in from the ground up and added as an enhancement.

 

The difference is that when you add it later on is that it's not as embedded and integrated as if it was from the beginning.

 

Think of it as a car unibody frame. After the car is finished, you can try to strengthen the frame, but it would not be as lightweight and strong as if it was designed from the get go with the right material.

 

If you are really that concerned i suggest you use a Proxy.

 

We do not allow any unlawful communications on the site, so i don't know exactly where your concern lies, because we whole heartedly believe that a law abiding american citizen does not fear government reprisal when performing activities that are not in an unlawful manner.

 

The only sensitive information you are sharing is your email and password and we use a salted double hash using either SHA1 OR SHA256 so you are 99.9999999999999999% safe.

 

Thank You and if you have any more concerns please contact the staff directly.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

Who we are

We are concerned patriots who are not confident in the direction of our society. In order to protect the constitution and our way of life, we decided to build a website that will unite people like us with militias and militias with people like us, in doing so we have created the #1 militia community online.

Disclaimer

Everything you read here is user-generated and may be of an unmoderated nature. The views and opinions expressed within do not necessarily reflect the opinions of the staff and management of MyMilitia.com.
×

Important Information

Your Privacy Is Important To Us Learn More: Privacy Policy