First  Prev  1  2  Next  Last
Post Reply Should Crunchyroll Have HTTPS enabled by default?
672 cr points
Send Message: Send PM GB Post
M / The Country above...
Offline
Posted 7/25/16 , edited 7/25/16
Should Crunchyroll pay for a certificate and change the protocol of their links from http:// to https://, to avoid a "man-in-the-middle" from sniffing packets sent across the protocol, which could result in our session/cookie IDs being stolen, thus allow the "man-in-the-middle" access to whatever account whose session/cookie ID they stole, on which they could potentially purchase merchandise were our credit information exposed?


(Note: Edited for clarity)

Thanks Hrafna!
8780 cr points
Send Message: Send PM GB Post
AKR
Offline
Posted 7/25/16
Noh.
10619 cr points
Send Message: Send PM GB Post
Rabbit Horse
Online
Posted 7/25/16
CR should first fix the player as well as ads before doing anything else.
2260 cr points
Send Message: Send PM GB Post
M / Canada
Offline
Posted 7/25/16
Yes, you never have enough security layers on the internet.
11890 cr points
Send Message: Send PM GB Post
20 / M / Finland
Offline
Posted 7/25/16
Why not. Nothing they should focus on though.
29118 cr points
Send Message: Send PM GB Post
83 / F / Bite the pillow.
Offline
Posted 7/25/16

burr789 wrote:

Should Crunchyroll Have HTTPS enabled by default?

No.
Posted 7/25/16 , edited 7/25/16

burr789 wrote:

Should Crunchyroll pay for a certificate and change the protocol of their links from http:// to https://, to avoid a "man-in-the-middle" from sniffing packets sent across the protocol, which could result in our session/cookie IDs being stolen, thus allow the "man-in-the-middle" access to whatever account whose session/cookie ID they stole, on which they could potentially purchase merchandise were our credit information exposed?


Fixed.

This question have been shut down by admins before. CR is unwilling to pay for a certificate now that SSL is vulnerable.
502 cr points
Send Message: Send PM GB Post
M
Offline
Posted 7/25/16
HTTPS should be most everywhere, as a general security practice. It's not perfect or even especially good but is better than nothing. However i don't see it being a high or even medium priority for this site. It's not like we actually share anything important that requires secure communications.
1150 cr points
Send Message: Send PM GB Post
16 / M
Offline
Posted 7/25/16

Hrafna wrote:


burr789 wrote:

Should Crunchyroll pay for a certificate and change the protocol of their links from http:// to https://, to avoid a "man-in-the-middle" from sniffing packets sent across the protocol, which could result in our session/cookie IDs being stolen, thus allow the "man-in-the-middle" access to whatever account whose session/cookie ID they stole, on which they could potentially purchase merchandise were our credit information exposed?


Fixed.

This question have been shut down by admins before. CR is unwilling to pay for a certificate now that SSL is vulnerable.


But it isn't.
4173 cr points
Send Message: Send PM GB Post
18 / M / Reality
Offline
Posted 7/25/16
Not needed.
Posted 7/25/16

Radraymond01 wrote:

But it isn't.


Tell them that.

I use SSL.
1150 cr points
Send Message: Send PM GB Post
16 / M
Offline
Posted 7/25/16

Hrafna wrote:


Radraymond01 wrote:

But it isn't.


Tell them that.

I use SSL.


?, I can't understand what you are trying to say, but TLS 1.1 and 1.2 are not vulnerable to anything.
16761 cr points
Send Message: Send PM GB Post
Hoosierville
Offline
Posted 7/25/16 , edited 7/25/16
Oh noes people might be able to watch me watch anime or post on the forums. I'm ever so scared of the scale of attacks they can launch against me.

Fix the flash player first. Flash is shit!
3255 cr points
Send Message: Send PM GB Post
25 / M / Cheyenne, WY
Offline
Posted 7/25/16
Well, for premium members our credit card information might be at risk, though I think you can use Paypal and Paypal uses SSL anyway.

Still, there's no such thing as too much security. While I can understand from a business perspective why it may be considered too much to pay for an SSL certificate, the fact is that if people actually are using their credit cards to pay for subscriptions, et cetera, then Crunchyroll is required by law to furnish adequate security for the transfer and storage of this information. Of course, no one's really going to bother them if they choose not to... at least until there's a breach, at which point Crunchyroll and/or the webhost company that maintains the site and the prerequisite infrastructure is going to take it up the ass, hard. Seriously FISA fines are net-worth killers for all but the largest of corporations, which means CR would go bankrupt for sure.

I used to work in a datacenter that was both HIPPA and FISA compliant (Healthcare Information and Patient Protection Act and the Financial Information Security Act, in case you were wondering - they're both federal laws that dictate security standards for health records and financial information, respectively), and we were told, under no uncertain terms, that if we were found to be responsible for a HIPPA or FISA breach, whether intentional or through negligence of security practices, not only would we be fired but we'd likely never work in IT again. When I asked why such a threat was necessary, the guy told me that even one breach could pretty much bankrupt the company in a worst-case scenario.
Posted 7/25/16 , edited 7/25/16

Radraymond01 wrote:


Hrafna wrote:


Radraymond01 wrote:

But it isn't.


Tell them that.

I use SSL.


?, I can't understand what you are trying to say, but TLS 1.1 and 1.2 are not vulnerable to anything.


Hrafna: "Crunchyroll is unwilling to pay for a certificate. Because, Crunchyroll considers SSL vulnerable."
Radraymond01: "But SSL isn't vulnerable."
Hrafna: "Tell that to Crunchyroll's administrators."
Radraymond01: "I seem to be lost in this conversation."

SSL and TSL are interchangeable terms, as one precedes the other. It's like referring to "Diablo 3" as "Diablo" and have someone walk up to you and say "No-no, it's called Diablo 3". We are fully aware of that, thank you. The obvious is obvious.

I've told you not to go to me with it, but to go to Crunchyroll's administrators with it, yet you continue to talk to me with it, as if I didn't already know. But, how can I help you? Did you get the premise of my point confused due to how I phrased my first post? Or, was it something else? What is it exactly that you fail to comprehend? What is it exactly that I fail to convey? Or, did you just want to chit-chat? We might be better off chit-chatting in Chit Chat, if that's the case.
First  Prev  1  2  Next  Last
You must be logged in to post.