Upgraded security at VM.net

This is the main lobby for Vanessa-Mae related discussions.

Moderator: zeta

Locked
User avatar
Benji
Site Admin
Posts: 414
Joined: Sun Aug 04, 2002 7:31 am
Location: Seattle, WA
Contact:

Upgraded security at VM.net

Post by Benji »

Yesterday, I've implemented a change that should make all of us safer to use this site. You might noticed that in the address bar above in your browser, you will see a padlock of some kind (usually in green color). That is because as of yesterday, all of VM.net is now done through https. That "s" means it's secure. All information between your computer and the website is encrypted. I've done this change for two main reasons:

1) Several months ago, a few of our members had their accounts hacked, though the forum itself was not touched. The only commonality between the victims was that they visited the site. However, I kept wondering why more accounts were not affected. I've searched high and low for any traces of the site being compromised even the smallest way, but came up empty. However, I realized recently that on the log-in page (where you enter your username and password) was not encrypted. Which means, if someone was to log in to their account using a public hotspot or other shared connection, a hacker could easily intercept data sent between the members' internet device and VM.net. This is my error, as I thought that the page would be encrypted by default. As it turns out, it is the webmaster's job to enable SSL (https://) on their websites.

I've learned an important lesson that applies to other sites where a forum exists: Always check to see if the page where you put your log-in information on is encrypted (https://). If it is not, try to manually add the 's' after the http in the site's URL. This will only work if SSL is enabled on the site. If it does not work, inform the webmaster or admin of that particular site right away. If you use the same password for that site on other sites, I strongly urge you do not enter any information. Most modern browsers will now display a warning when it detects a field where a password might be entered on an insecure page. In fact, this is what brought the whole issue to my attention!

2) I've been trying since the site's relaunch over a year ago to improve VM.net's ranking in Google's search. Google is now punishing sites that do not have secure (encrypted) websites by lowering their rankings in search results. It will be some time before I will be able to tell if making the whole site secure will increase the site's ranking in Google's search engine. As the only site that stays up-to-date with the latest information on Vanessa-Mae, I want to do all I can to ensure people can find us easily through search engines.

Because of the enhanced security, there are two changes you may need to be aware of. The site might take longer to load. This is because bits and pieces of unencrypted websites (like certain pictures) can be saved to your computer. The next time you load the site, it would pull whatever that is saved to your computer from the site thereby making the site load faster. This does not work on secure (encrypted) sites, thereby forcing the browser to load everything from the website. Secondly, avatars can only be uploaded. Previously, you could load your avatar by linking to the site where the avatar originated from. This is a security risk, and therefore that option has been removed.

IF you have any questions, please feel free to shoot me a message.

Thanks!

~Ben
Owner, VM.net
Locked