N54Tech.com - International Turbo Racing Discussion
(#1)
Old
cebrailbakan's Avatar
cebrailbakan cebrailbakan is offline
Senior Member
 
Posts: 970
Join Date: May 2013
Car: BMW E90 335XI
Default https n54tech site warning - 08-26-2018, 03:22 PM

Terry , I’ve been getting ‘not secure’ warning when I try to access the n54tech.com. Please check your open source html, as someone may be trying to hack our passwords


Bmw E90 2007 AT 335xi MSD80,Jb4 G5 ISO,
Full Bolt Ons, Forged Internals, Meth PI, JB4 PI contoller, Zage Turbos, TFT inlet system,xHP Stage 3 trans Flash.

Do more with less !
Reply With Quote
(#2)
Old
Nachfolger Nachfolger is offline
New Member
 
Posts: 3
Join Date: Jun 2017
Car: 09 E92 335i
Default 08-26-2018, 03:32 PM

Quote:
Originally Posted by cebrailbakan
Terry , I’ve been getting ‘not secure’ warning when I try to access the n54tech.com. Please check your open source html, as someone may be trying to hack our passwords
What in the world. All it means is that the site isn't using HTTPS, and your web browser wants to point that out.

This is why browsers should have never even pointed out that a site was HTTPS, now people are coming to conclusions like this (underlined) as a result of it not using the secure protocol.
Reply With Quote
(#3)
Old
Terry @ BMS's Avatar
Terry @ BMS Terry @ BMS is offline
Tuner
 
Posts: 25,852
Join Date: Jan 2008
Default 08-26-2018, 04:05 PM

We're not using a HTTPS certificate with n54tech.


Burger Motorsports
Home of the Worlds fastest N20s, N54s, N55s, S55s, N63s, and S63s!

It is the sole responsibility of the purchaser and installer of any BMS part to employ the correct installation techniques required to ensure the proper operation of BMS parts, and BMS disclaims any and all liability for any part failure due to improper installation or use. It is the sole responsibility of the customer to verify that the use of their vehicle and items purchased comply with federal, state and local regulations. BMS claims no legal federal, state or local certification concerning pollution controlled motor vehicles or mandated emissions requirements. BMS products labeled for use only in competition racing vehicles may only be used on competition racing vehicles operated exclusively on a closed course in conjunction with a sanctioned racing event, in accordance with all federal and state laws, and may never be operated on public roads/highways. Please click here for more information on legal requirements related to use of BMS parts.
Reply With Quote
(#4)
Old
cebrailbakan's Avatar
cebrailbakan cebrailbakan is offline
Senior Member
 
Posts: 970
Join Date: May 2013
Car: BMW E90 335XI
Default 08-26-2018, 04:23 PM

You should use then. We should be in safe. I access to this site at least ten times a day


Bmw E90 2007 AT 335xi MSD80,Jb4 G5 ISO,
Full Bolt Ons, Forged Internals, Meth PI, JB4 PI contoller, Zage Turbos, TFT inlet system,xHP Stage 3 trans Flash.

Do more with less !
Reply With Quote
(#5)
Old
icecoldak's Avatar
icecoldak icecoldak is offline
Junior Member
 
Posts: 76
Join Date: May 2018
Car: 2018 F-150 Limited
Default 08-26-2018, 06:57 PM

me too and NO issues
Reply With Quote
(#6)
Old
Terry @ BMS's Avatar
Terry @ BMS Terry @ BMS is offline
Tuner
 
Posts: 25,852
Join Date: Jan 2008
Default 08-26-2018, 07:34 PM

There is no data on the site that isn't public, like credit card numbers, or something you'd need to encrypt. No reason to slow it down with HTTPS.


Burger Motorsports
Home of the Worlds fastest N20s, N54s, N55s, S55s, N63s, and S63s!

It is the sole responsibility of the purchaser and installer of any BMS part to employ the correct installation techniques required to ensure the proper operation of BMS parts, and BMS disclaims any and all liability for any part failure due to improper installation or use. It is the sole responsibility of the customer to verify that the use of their vehicle and items purchased comply with federal, state and local regulations. BMS claims no legal federal, state or local certification concerning pollution controlled motor vehicles or mandated emissions requirements. BMS products labeled for use only in competition racing vehicles may only be used on competition racing vehicles operated exclusively on a closed course in conjunction with a sanctioned racing event, in accordance with all federal and state laws, and may never be operated on public roads/highways. Please click here for more information on legal requirements related to use of BMS parts.
Reply With Quote
(#7)
Old
Ballistic Ballistic is offline
New Member
 
Posts: 26
Join Date: Oct 2016
Car: BMW 335i N54
Default 08-27-2018, 03:14 AM

Go to the corner of shame Terry! For not finding our e-mail addresses, passwords and other account information important enough.

This site needs to be secured ASAP! It does not slow anything down, it does use some more processing power.
Browsers like Chrome will also be marking all non-https site as unsecure by default very soon.

Note to all users: DON'T USE YOUR REGULAR PASSWORD(S) FOR THIS SITE AS YOUR PASSWORD IS BIENG SENT OVER THE INTERNET AS CLEAR TEXT!!
Reply With Quote
(#8)
Old
Nachfolger Nachfolger is offline
New Member
 
Posts: 3
Join Date: Jun 2017
Car: 09 E92 335i
Default 08-28-2018, 04:45 AM

Quote:
Originally Posted by Ballistic
Go to the corner of shame Terry! For not finding our e-mail addresses, passwords and other account information important enough.

This site needs to be secured ASAP! It does not slow anything down, it does use some more processing power.
Browsers like Chrome will also be marking all non-https site as unsecure by default very soon.

Note to all users: DON'T USE YOUR REGULAR PASSWORD(S) FOR THIS SITE AS YOUR PASSWORD IS BIENG SENT OVER THE INTERNET AS CLEAR TEXT!!
If only you knew what you were talking about. You can clearly watch the networking tab in your browser and see very clearly that the password is NOT sent in plaintext, it's one-way encrypted using a MD5 algorithm.

Converting such a large site like a forum to HTTPS is more complicated than just clicking a button to enable it. The process would take such a long time, converting all the sources etc to the same protocol. I'm totally in favor of sites using HTTPS over old HTTP, but I just explained why it's not as simple as just saying "ok lets do it".

Just incase you don't trust me about the plaintext thing, see this: https://imgur.com/a/wdu0mjB I've made it very easy for you to look at the request made to the login page, it's the yellow box. The password is the blue box. I'm not concerned with posting a portion of my password MD5 encrypted because the odds of you decrypting that partial text is like 0 to 100,000,000.

Stop spreading harmful rhetoric on topics you're not familiar with.
Reply With Quote
(#9)
Old
Ballistic Ballistic is offline
New Member
 
Posts: 26
Join Date: Oct 2016
Car: BMW 335i N54
Default 08-28-2018, 09:22 AM

So ignorant.

HTTPS is HTTP with a secure connection negation based on SSL enryption and a certificate to prevent man in the middle attacks. Switching a site from http to https does not alter the content of the transported data at all. No need to "convert all the sources etc to the same protocol" What are you even saying man!
The S can be enabled by configuring the webserver (apache,nginx) to so. The hosted content is irrelevant.

When logging in to the website, the following packet is crafted;

Code:
HTML Form URL Encoded: application/x-www-form-urlencoded
    Form item: "vb_login_username" = "ballistic"
    Form item: "vb_login_password" = ""
    Form item: "s" = ""
    Form item: "securitytoken" = "1535472792-07cb645f48343cb085c72659b24579c42bd7388f"
    Form item: "do" = "login"
    Form item: "vb_login_md5password" = "5f4dcc3b5aa765d61d8327deb882cf99"
    Form item: "vb_login_md5password_utf" = "5f4dcc3b5aa765d61d8327deb882cf99"
Yes, you are right. The password is MD5 hashed. But what you apprently don't know is that MD5, especially short ones and unsalted like in this case, is considered highly unsecure because the algorithm has been cracked and can nowadays even be decrypted with a web app.

Why don't you copy that "md5password' value into https://hashkiller.co.uk/md5-decrypter.aspx

You are all welcome to download Wireshark, capture the packet and decrypt your password. It can be done with the above tool if it's short enough. There are dedicated tools to crack the longer ones with ease.

Using this website on, for example, a public wifi network, will allow everyone in the area to do the same thing and retrieve your password. This counts for users but also administrators which passwords are more valuable.

Last edited by Ballistic; 08-28-2018 at 09:30 AM..
Reply With Quote
(#10)
Old
Terry @ BMS's Avatar
Terry @ BMS Terry @ BMS is offline
Tuner
 
Posts: 25,852
Join Date: Jan 2008
Default 08-28-2018, 09:32 AM

Someone might retrieve your password, sign in as you, post a question like "does it really matter if I run 91 octane or is 87 octane good enough for my turbo BMW?", and ruin your n54tech reputation.

Anyway, we do plan on migrating it over to HTTPS in the future!


Burger Motorsports
Home of the Worlds fastest N20s, N54s, N55s, S55s, N63s, and S63s!

It is the sole responsibility of the purchaser and installer of any BMS part to employ the correct installation techniques required to ensure the proper operation of BMS parts, and BMS disclaims any and all liability for any part failure due to improper installation or use. It is the sole responsibility of the customer to verify that the use of their vehicle and items purchased comply with federal, state and local regulations. BMS claims no legal federal, state or local certification concerning pollution controlled motor vehicles or mandated emissions requirements. BMS products labeled for use only in competition racing vehicles may only be used on competition racing vehicles operated exclusively on a closed course in conjunction with a sanctioned racing event, in accordance with all federal and state laws, and may never be operated on public roads/highways. Please click here for more information on legal requirements related to use of BMS parts.
Reply With Quote
(#11)
Old
brokenvert's Avatar
brokenvert brokenvert is offline
Guy with the pet snails
 
Posts: 89
Join Date: May 2010
Car: 135i vert
Default 08-28-2018, 09:38 AM

Quote:
Originally Posted by Terry @ BMS
There is no data on the site that isn't public, like credit card numbers, or something you'd need to encrypt. No reason to slow it down with HTTPS.
Send logs


Motorsport Photographer, PM for Pricing on Car Shoots - mattkalish.com

Reply With Quote
(#12)
Old
Ballistic Ballistic is offline
New Member
 
Posts: 26
Join Date: Oct 2016
Car: BMW 335i N54
Default 08-30-2018, 08:09 AM

Quote:
Originally Posted by Terry @ BMS
Someone might retrieve your password, sign in as you, post a question like "does it really matter if I run 91 octane or is 87 octane good enough for my turbo BMW?", and ruin your n54tech reputation.

Anyway, we do plan on migrating it over to HTTPS in the future!
Or steal your password and fck this forum up.
Reply With Quote
(#13)
Old
Terry @ BMS's Avatar
Terry @ BMS Terry @ BMS is offline
Tuner
 
Posts: 25,852
Join Date: Jan 2008
Default 08-30-2018, 09:27 AM

I only sign in from a secure location, but as I said we're working on it.


Burger Motorsports
Home of the Worlds fastest N20s, N54s, N55s, S55s, N63s, and S63s!

It is the sole responsibility of the purchaser and installer of any BMS part to employ the correct installation techniques required to ensure the proper operation of BMS parts, and BMS disclaims any and all liability for any part failure due to improper installation or use. It is the sole responsibility of the customer to verify that the use of their vehicle and items purchased comply with federal, state and local regulations. BMS claims no legal federal, state or local certification concerning pollution controlled motor vehicles or mandated emissions requirements. BMS products labeled for use only in competition racing vehicles may only be used on competition racing vehicles operated exclusively on a closed course in conjunction with a sanctioned racing event, in accordance with all federal and state laws, and may never be operated on public roads/highways. Please click here for more information on legal requirements related to use of BMS parts.
Reply With Quote
(#14)
Old
KevinC39 KevinC39 is offline
Junior Member
 
Posts: 256
Join Date: Apr 2016
Car: 11 335i 6MT RWD
Default 08-30-2018, 12:39 PM

Off topic but another forum issue I have is when you get sent emails about new posts to a thread you are subscribed to. If you click the link in the email to unsubscribe to the thread, it takes you to a page saying "Invalid Redirect URL (android-app://com.google.android.gm)"

if I copy and paste the link in the browser I get "An invalid threadid or forumid was specified"


2011 E90 335i RWD 6 Speed
FBO JB4 MHD
Reply With Quote
(#15)
Old
Terry @ BMS's Avatar
Terry @ BMS Terry @ BMS is offline
Tuner
 
Posts: 25,852
Join Date: Jan 2008
Default 08-31-2018, 09:53 AM

Hmm can you post one of the links here?


Burger Motorsports
Home of the Worlds fastest N20s, N54s, N55s, S55s, N63s, and S63s!

It is the sole responsibility of the purchaser and installer of any BMS part to employ the correct installation techniques required to ensure the proper operation of BMS parts, and BMS disclaims any and all liability for any part failure due to improper installation or use. It is the sole responsibility of the customer to verify that the use of their vehicle and items purchased comply with federal, state and local regulations. BMS claims no legal federal, state or local certification concerning pollution controlled motor vehicles or mandated emissions requirements. BMS products labeled for use only in competition racing vehicles may only be used on competition racing vehicles operated exclusively on a closed course in conjunction with a sanctioned racing event, in accordance with all federal and state laws, and may never be operated on public roads/highways. Please click here for more information on legal requirements related to use of BMS parts.
Reply With Quote
(#16)
Old
KevinC39 KevinC39 is offline
Junior Member
 
Posts: 256
Join Date: Apr 2016
Car: 11 335i 6MT RWD
Default 08-31-2018, 09:56 AM

http://www.n54tech.com/forums/subscr...ef2b60a9e5a260


2011 E90 335i RWD 6 Speed
FBO JB4 MHD
Reply With Quote
(#17)
Old
Lowon's Avatar
Lowon Lowon is offline
Demigod
 
Posts: 1,793
Join Date: Mar 2016
Car: Bmw M2
Default 09-07-2018, 03:51 PM

Another Improvement could be a user tagging feature.


2017 BMW M2 - Alpine White, 6MT, Fully Loaded
Mods: Stock for now
Reply With Quote
(#18)
Old
Terry @ BMS's Avatar
Terry @ BMS Terry @ BMS is offline
Tuner
 
Posts: 25,852
Join Date: Jan 2008
Default 09-08-2018, 03:59 PM

Updated it to force SSL. Let me know if any bugs crop up!


Burger Motorsports
Home of the Worlds fastest N20s, N54s, N55s, S55s, N63s, and S63s!

It is the sole responsibility of the purchaser and installer of any BMS part to employ the correct installation techniques required to ensure the proper operation of BMS parts, and BMS disclaims any and all liability for any part failure due to improper installation or use. It is the sole responsibility of the customer to verify that the use of their vehicle and items purchased comply with federal, state and local regulations. BMS claims no legal federal, state or local certification concerning pollution controlled motor vehicles or mandated emissions requirements. BMS products labeled for use only in competition racing vehicles may only be used on competition racing vehicles operated exclusively on a closed course in conjunction with a sanctioned racing event, in accordance with all federal and state laws, and may never be operated on public roads/highways. Please click here for more information on legal requirements related to use of BMS parts.
Reply With Quote
(#19)
Old
cebrailbakan's Avatar
cebrailbakan cebrailbakan is offline
Senior Member
 
Posts: 970
Join Date: May 2013
Car: BMW E90 335XI
Default 09-08-2018, 04:04 PM

Good job Terry , Thank you for your interest !


Bmw E90 2007 AT 335xi MSD80,Jb4 G5 ISO,
Full Bolt Ons, Forged Internals, Meth PI, JB4 PI contoller, Zage Turbos, TFT inlet system,xHP Stage 3 trans Flash.

Do more with less !
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




vBulletin Skin developed by: vBStyles.com
Copyright © 2007 - 2018, N54tech.com