14
15

Daddy Leagues (self.Madden)

SteveBDrums 投稿

並べ替え:
ベスト
ベスト
トップ
新着
注目
論争中
古い順
あなたは単独のコメントのスレッドを見ています。

残りのコメントをみる →

[–]papi83dm -4 ポイント-3 ポイント  (68子コメント)

This is absurd and not true. We use a secure two way encryption and we can't share the details to the public.

[–]SteveBDrums[S] 5 ポイント6 ポイント  (43子コメント)

It's not absurd. If you were truly using encryption, you'd be willing to say what it is and you wouldn't dodge the question, because good encryption can't be broken. So no, it's not untrue. You're running an insecure site.

[–]papi83dm -4 ポイント-3 ポイント  (42子コメント)

When the user stored their origin info we encrypt their info with an application key and we do not store that key on the database. Without the key it will take years to decrypt the password.

[–]SteveBDrums[S] 5 ポイント6 ポイント  (41子コメント)

What encryption are you using? MD5? Something else? Be honest, or consider yourself under scrutiny.

[–]Moruitelda 4 ポイント5 ポイント  (23子コメント)

Assuming this is true, your response to his Tweet was about the worst possible response.

[–]papi83dm -5 ポイント-4 ポイント  (22子コメント)

I apologize, I didn't reply to twitter, one of my admins did and I wasn't aware of that.

[–]Moruitelda 3 ポイント4 ポイント  (20子コメント)

You should definitely set the record straight, because anyone who reads that exchange is going to infer that you're not using any secure storage techniques whatsoever.

[–]SteveBDrums[S] 3 ポイント4 ポイント  (12子コメント)

Additionally, if they are truly using legit encryption, then telling everyone what encryption they're using shouldn't be an issue, because it should not be able to be cracked. That's the mark of good encryption. So the fact that they're unwilling to tell anyone what they use indicates that they know what they're using is NOT secure.

[–]Moruitelda 3 ポイント4 ポイント  (0子コメント)

I agree.

[–]MWSTheNatural -1 ポイント0 ポイント  (7子コメント)

Well he just told you so...disaster averted?

[–]SteveBDrums[S] 0 ポイント1 ポイント  (6子コメント)

No, because the answer has confirmed that the site is not secure at all, and therefore, people shouldn't trust it.

[–]MWSTheNatural -1 ポイント0 ポイント  (5子コメント)

So what should they be using? What security setup would make the site more secure?

[–]SteveBDrums[S] 1 ポイント2 ポイント  (4子コメント)

Start by securing the login pages for the site. The entire site should be on a fully encrypted connection. Also, it shouldn't have to have your login info to get the data from the EA site; that should be programmed via API. However, they can't do that because EA doesn't support their system, so they're doing what I said; they're storing the data in a database that can be decrypted with a simple key. The connection between their server and Origin is probably not a secure connection either, so there's a good chance of man-in-the-middle attacks stealing password and login data as well.

Ultimately, they shouldn't be doing what they're doing because they cannot secure it.

[–]MWSTheNatural -1 ポイント0 ポイント  (3子コメント)

Interesting. Is this any different than how muthead.com is doing it?

[–]jshrlzwrld02 -1 ポイント0 ポイント  (2子コメント)

So... does PSN just not use any kind of encryption either? Is that why all of their CC information got hacked and leaked not too long ago? I'm confused as to why you are sending everyone on this witch hunt over Daddyleagues that maybe a few thousand people use possibly being insecure, but you don't seem to mind at all that Sony couldn't even protect your CC information.

[–]IsNotANovelty 1 ポイント2 ポイント  (0子コメント)

Another terrible argument. Don't ever join a debate team, or go to law school. We're in /r/Madden so this information is pertinent to users here. Sony had flaws in their security, sure. But that's neither here nor there, and it's completely unrelated to whether DL is secure. Just because you smoke doesn't suddenly make it a good idea to do heroin too.

[–]SteveBDrums[S] 1 ポイント2 ポイント  (0子コメント)

It's not a witch-hunt. And yeah, apparently Sony was storing stuff in a plaintext or easily-decrypted database. Serious fuck-up, no doubt, but still, that doesn't excuse smaller operations from doing similar foolish things.

[–]papi83dm -2 ポイント-1 ポイント  (6子コメント)

We use a two way encryption and we can't share to the public what encryption we are using for security reasons.

[–]Moruitelda 4 ポイント5 ポイント  (4子コメント)

I am not aware of any security risk associated with confirming an encryption protocol. If it's secure, it shouldn't matter.

[–]SteveBDrums[S] 2 ポイント3 ポイント  (0子コメント)

You are 100% correct.

[–]papi83dm -2 ポイント-1 ポイント  (2子コメント)

it is secured and the fact that he asked the same question every 1 for 20 minutes on twitter makes us think that he is up to something and we won't share that information we him.

[–]CarMaker 3 ポイント4 ポイント  (0子コメント)

It's about building leagues while maintaining the security of the league owners/commissioners. Some people will not join a league unless it uses your service, but when a potential customer asks you how secure it is you ignore it. Sad really.

If I am going to deposit some valuables in a secure bank deposit box, I request to see how secure it is. If they tell me no, I am moving on to the next place.

[–]SteveBDrums[S] 1 ポイント2 ポイント  (0子コメント)

That's a bullshit, weak as hell excuse. You're scared because no one else has ever challenged how your site is built and what you're doing before now with any level of knowledge. You're scared because you don't want everyone to know that you run a site that could easily be hacked, is not secure and is a recipe for disaster for anyone that is foolish enough to share their login credentials with you. The fact that you have a disclaimer that says you take NO responsibility for the "risks associated" with using your service is a very clear indicator that you're fully aware of how insecure your system truly is. And now, a lot more people than me know. That's your problem, champ. I have no interest in hacking your shitty site. I'll wait for someone else to do that. Then I'll sit back and remind you that you and everyone else associated with you were warned.

[–]SteveBDrums[S] 3 ポイント4 ポイント  (0子コメント)

That's a bullshit dodging response. You're lying.

[–]SteveBDrums[S] 4 ポイント5 ポイント  (0子コメント)

That's because you're lying.