Sending Private Messages to me on ESMB

Alanzo

Bardo Tulpa
Next Questions for you:

#2: He just wants to spread some FUD on this board, for whatever reasons he may have.



1. Do you use the private messaging system here for sensitive information about your self and others?

Why or why not?

2. If someone decided not to use the private messaging system here for sensitive information about their selves or others, should they be blamed for it - as you seem to be blaming me?

Why or why not?

Alanzo


 

SomeGuy

Patron Meritorious
Doesn't HTTPS usually run on 8080?

I want to reach those people who think installing the most glitzy and shiny "desktop firewall" and obediently applying the latest "security updates" and whatnot, would make them safe. Of course, installing the updates etc. can fix some old, well-known security holes, but what about the new ones and the ones not yet known?

That's why I find "security"-discussions like this one here more dangerous than anything. Installing the latest security-updates makes the average user think/feel: "I've done everything in my power to be as safe as I can possibly be" which is a severe form of self-betrayal. After all, the next 0-day-exploit for your favorite piece of hard- or software is probably already out there.

Since https usually runs on tcp 440. It could be run on any port, but then a person "browsing" would receive errors since all that http and https do is translate into "english" preconfigured ports for TCP communication. In this instance it's really just POST and GET command listeners since we're talking http/https.

8080 is usually used to mask port 80. When the "internet" started becoming a viable ecommerce tool it was common to host forward facing development sites on port tcp 8080. You could in theory configure https listening on that port but I'm not sure you'd be making anything safer.

Now since you're using the closing of these ports in a joking manner, there is a subtle difference. You could close tcp inbound communications either via firewall or OS. In theory you'd just close both UDP and TCP but for arguments sake we'll use tcp. You could then hijack some dns settings (hosts file) start up your own personal webserver(ie www.forum.exscn.net) locally and mimic that you are actually posting on an internet servers as opposed to a localize honey pot used by some devious men in black suits to spy on you, I jest but it is totally possible. Any one who has ever done deployment of webserver infrastructure has done this, usually in a lab environment.

I do agree none of this protects you from a much, one 0byte jpg attached to an email you trust and this is all for not. That and known and unknown backdoors in BSD, MSOS and every other commercial operating system out there coupled with ISP configured packet vacuums, security is just an illusion.

Welcome to the internet, where the only reason your credit card, banking info hasn't been stolen is mainly due to dumb luck.
 

Udarnik

Gold Meritorious Patron
Next Questions for you:



1. Do you use the private messaging system here for sensitive information about your self and others?

Why or why not?

2. If someone decided not to use the private messaging system here for sensitive information about their selves or others, should they be blamed for it - as you seem to be blaming me?

Why or why not?

Alanzo



Dude, that has nothing to do with electronic surveillance. If anything got hot and heavy here or on WWP, don't think the Co$ wouldn't try to subpoena the entire board's history. They would. When I needed to exchange personal information on here, I have PM'd a personal email. That way if the board history was subpoenaed, the Co$ would not get my information for free - they would have to go after me directly, so my identity would never be collateral damage.

And that personal email is a sock, too, BTW.

The cult is going to get more vicious, not less, as it enters the final death throes. Count on it.
 

Alanzo

Bardo Tulpa
Dude, that has nothing to do with electronic surveillance. If anything got hot and heavy here or on WWP, don't think the Co$ wouldn't try to subpoena the entire board's history. They would. When I needed to exchange personal information on here, I have PM'd a personal email. That way if the board history was subpoenaed, the Co$ would not get my information for free - they would have to go after me directly, so my identity would never be collateral damage.

And that personal email is a sock, too, BTW.

The cult is going to get more vicious, not less, as it enters the final death throes. Count on it.

I totally agree.

I don't think it is spreading FUD to be discussing the realities of this.

At all.

Alanzo
 

freethinker

Sponsor
OK, but if everyone treated their communications as available to anyone then they would send communications that wouldn't be a problem for them.

What you say to anyone can be picked up right off the street or in a restaurant or even your own home. I do online transactions all the time but I am very selective.

The electronic age is not secure so operate accordingly, nuff said.
It's information for anyone who is interested in the subject.

That's all.

No worries.

Alanzo
 

Lone Star

Crusader
OK, but if everyone treated their communications as available to anyone then they would send communications that wouldn't be a problem for them.

What you say to anyone can be picked up right off the street or in a restaurant or even your own home. I do online transactions all the time but I am very selective.

The electronic age is not secure so operate accordingly, nuff said.


Alanzo's concern is communication specifically right here on ESMB. I'm sure as this thread develops we'll find out why that is such a [ahem] concern. :whistling:

Resume.....
 
Last edited:

MrNobody

Who needs merits?
Next Questions for you:



1. Do you use the private messaging system here for sensitive information about your self and others?

Why or why not?

LOL, If you knew me, you'd know that I'd never share any really sensitive information using any electronic medium.

If you need to ask why, you haven't done your homework.


2. If someone decided not to use the private messaging system here for sensitive information about their selves or others, should they be blamed for it - as you seem to be blaming me?
(Formatting removed because I can be lazy too.)

Where did I blame you for anything except for being too lazy to do your homework?

Look, it's your decision and yours alone whether to accept emails and/or private messages from other board members or not. If you decide to do so, there'll be absolutely no way for you to prevent other board members from sending you any sensitive stuff they can think of, using the communication lines you yourself so generously opened for them. Is that clear?

If Yes: Fine, hopefully you know what you're doing.
If No: Do your fuckin' homework, you lazy bum.

Oh, and I certainly don't blame anyone for NOT wanting to use the PM system, but those who DO want to use it ... well, it's their decision. I do use it, and I don't have any problem with it.

OK, now that we have the "blame" part out of the way, let's get to the rest of the question. Either I decide to accept private messages or not.

If yes: There's no damn fuckin' way to prevent any board member from sending me whatever they want.
If no: That's easy: No messages, no problems.

Why or why not?

Alanzo

Whatever you do, you need to make the distinction between what is and what isn't in your power - and once you decide to accept PMs, you have no control over what people may send you. Keep it, delete it, do whatever you want with it, but 1st and foremost it sits in your inbox.

Shit, this conversation is worse than Kindergarten....
 
Last edited:

Alanzo

Bardo Tulpa
LOL, If you knew me, you'd know that I'd never share any really sensitive information using any electronic medium.

If you need to ask why, you haven't done your homework.


(Formatting removed because I can be lazy too.)

Where did I blame you for anything except for being too lazy to do your homework?

Look, it's your decision and yours alone whether to accept emails and/or private messages from other board members or not. If you decide to do so, there'll be absolutely no way for you to prevent other board members from sending you any sensitive stuff they can think of, using the communication lines you yourself so generously opened for them. Is that clear?

If Yes: Fine, hopefully you know what you're doing.
If No: Do your fuckin' homework, you lazy bum.

Oh, and I certainly don't blame anyone for NOT wanting to use the PM system, but those who DO want to use it ... well, it's their decision. I do use it, and I don't have any problem with it.

OK, now that we have the "blame" part out of the way, let's get to the rest of the question. Either I decide to accept private messages or not.

If yes: There's no damn fuckin' way to prevent any board member from sending me whatever they want.
If no: That's easy: No messages, no problems.



Whatever you do, you need to make the distinction between what is and what isn't in your power - and once you decide to accept PMs, you have no control over what people may send you. Keep it, delete it, do whatever you want with it, but 1st and foremost it sits in your inbox.

Shit, this conversation is worse than Kindergarten....

All right, so now tell me how I was spreading "fear, uncertainty, and doubt" with this thread, as you said I was.

Alanzo
 

I told you I was trouble

Suspended animation
Al,

Are you warning people that Emma and the mods could possibly read our PM's if they choose to?

Honestly, if we are going to get all this put to bed it may be best for someone to just say things straight out, then have a quick 'discussion' and let it go.

What do you say?

PS I haven't read the whole thread so it may already have been said ... in which case ignore.
 

MrNobody

Who needs merits?
All right, so now tell me how I was spreading "fear, uncertainty, and doubt" with this thread, as you said I was.

Alanzo

Just one point, before I'm off to enjoy a nice, cool beer and a movie: You recommended/promoted the GRC portscanner, which is an unnecessarily scaring pseudo-tool in the hands of unexperienced users who only see: "Yay, GHRC says I'm safe!" without having the knowledge to properly evaluate GRC's "results" and without being able to put them into the proper context. On the other hand, we have the equally unexperienced users, who get hundreds of open ("endangered") ports presented and think "OmgOmgOmg, so many threatened ports, I must be totally in danger",
when in fact they are perfectly safe because they nothing listening on these ports.

All in all: Just FUD and totally counter-productive when comes to security for "home users".

One last point before the movie starts: Encryption.

Basically a good idea, but way too few people use it in their day-to-day communications. What does that mean? Well, it basically means that all your oh-so-carefully encrypted mails end up on the computers of your favorite secret agency, where the best decryption specialists your country can buy can have a field day with the built-in backdoors and whatnot.

So have fun with your encryption and your misleading "GRC-security" and good luck with your ... ugh... "mission to security". :coolwink:
 

Lone Star

Crusader
Al,

Are you warning people that Emma and the mods could possibly read our PM's if they choose to?

Honestly, if we are going to get all this put to bed it may be best for someone to just say things straight out, then have a quick 'discussion' and let it go.

What do you say?

PS I haven't read the whole thread so it may already have been said ... in which case ignore.

BINGO! :yes:



Of course neither Emma nor the Mods can read our PM's.
:no:

Orrrrrrrrrr can they?
:unsure:



mrgreen.gif
 

I told you I was trouble

Suspended animation


I'm certainly not trying to upset Al, but I do feel he's trying to (tactfully) tidy up some old wounds and it isn't really working out too well ... so perhaps lets just get things out there, clean em up and let them heal?

That's all ...

For the record I couldn't give a toss if mods read my PM's because I treat them (PM's) as if they are public ... (that doesn't mean I'd want anything broadcasted) I also can't imagine that Emma or the mods would be even slightly interested in the contents of any PM's on this board and trust them implicitly.

:)
 

shanic89

Patron Meritorious
Al,

Are you warning people that Emma and the mods could possibly read our PM's if they choose to?

Honestly, if we are going to get all this put to bed it may be best for someone to just say things straight out, then have a quick 'discussion' and let it go.

What do you say?

PS I haven't read the whole thread so it may already have been said ... in which case ignore.

BINGO! :yes:



Of course neither Emma nor the Mods can read our PM's.
:no:

Orrrrrrrrrr can they?
:unsure:



mrgreen.gif

Generally to do that they would have to log into your account, which would mean they need your password. The passwords are encrypted from this end, the user, when sent and are not stored in plain text in the database on a vBulletin board, which this is. The database stores your passwords hashed and salted, nice way of saying not in plain text, so if you were to select a users password to view, it comes out like this 59c4ae2a48a4ba5ef4c15ef05b5ed14f7.

EDIT: By the way that is my actual password above, as it is seen by ESMB see if you can use it.
 
Last edited:

shanic89

Patron Meritorious


For the record I couldn't give a toss if mods read my PM's because I treat them (PM's) as if they are public ... (that doesn't mean I'd want anything broadcasted) I also can't imagine that Emma or the mods would be even slightly interested in the contents of any PM's on this board and trust them implicitly.

:)

Wait a minute here..... you used to trust them implicitly, but now you trust them explicitly, as you have stated your trust. My poor head bwahahhaha.
 

I told you I was trouble

Suspended animation
Wait a minute here..... you used to trust them implicitly, but now you trust them explicitly, as you have stated your trust. My poor head bwahahhaha.


Implicitly as in 'absolutely' ...

:)

I appear to have killed this thread stone dead so I'll add what I hoped would come out of it by saying that 'if' by whatever means, a mod read something I (or anyone else) had written (in a PM) because they thought I was attempting to wreck ESMB that would be fair enough IMO and to try and gain an admission now is unnecessary and tantamount to trouble-making.

I'm not saying it happened or that it didn't or that it's even possible (or that it isn't) partly because I don't care, but I understand that things happened a few years ago that were never really cleared up.

My point seems to be that whats done is done ... but, if I believed one of my kids was doing something seriously 'icky' ... I'd ask them straight out and if I got an unsatisfactory response wait till they were out and go and CHECK (as far as I could) by poking about in their rooms!

That's what I'm like ... but (if I discovered damning evidence, lol) I'd ask them (again) to please tell me the truth and if they still didn't I'd tell them I already knew and that they were stupid to leave the evidence where I could find it and that they were wrong (assuming they were) for whatever they were doing in the first place.

Call me old fashioned ... call me cryptic (those that were here a few years ago will understand) ... call me what ever you like ... I'd just really like to see this sorted now and dropped.

:yes:

 

Alanzo

Bardo Tulpa
Al,

Are you warning people that Emma and the mods could possibly read our PM's if they choose to?


Absolutely not, ITYIWT.

Never did I ever say that or even think that.


Honestly, if we are going to get all this put to bed it may be best for someone to just say things straight out, then have a quick 'discussion' and let it go.

What do you say?

PS I haven't read the whole thread so it may already have been said ... in which case ignore.

Yeah, you should read the whole thread.

ESMB Dirty Needle drill!

Start!

Alanzo
 

Alanzo

Bardo Tulpa
Just one point, before I'm off to enjoy a nice, cool beer and a movie: You recommended/promoted the GRC portscanner, which is an unnecessarily scaring pseudo-tool in the hands of unexperienced users who only see: "Yay, GHRC says I'm safe!" without having the knowledge to properly evaluate GRC's "results" and without being able to put them into the proper context. On the other hand, we have the equally unexperienced users, who get hundreds of open ("endangered") ports presented and think "OmgOmgOmg, so many threatened ports, I must be totally in danger",
when in fact they are perfectly safe because they nothing listening on these ports.

All in all: Just FUD and totally counter-productive when comes to security for "home users".

One last point before the movie starts: Encryption.

Basically a good idea, but way too few people use it in their day-to-day communications. What does that mean? Well, it basically means that all your oh-so-carefully encrypted mails end up on the computers of your favorite secret agency, where the best decryption specialists your country can buy can have a field day with the built-in backdoors and whatnot.

So have fun with your encryption and your misleading "GRC-security" and good luck with your ... ugh... "mission to security". :coolwink:

All right, so I did not see how I was spreading FUD in your answer.

Did I miss it?
 

Alanzo

Bardo Tulpa
Generally to do that they would have to log into your account, which would mean they need your password. The passwords are encrypted from this end, the user, when sent and are not stored in plain text in the database on a vBulletin board, which this is. The database stores your passwords hashed and salted, nice way of saying not in plain text, so if you were to select a users password to view, it comes out like this 59c4ae2a48a4ba5ef4c15ef05b5ed14f7.

EDIT: By the way that is my actual password above, as it is seen by ESMB see if you can use it.

Thank you Shanic.

I knew this. I have vBulliten software.

Alanzo
 
Top