How safe from viruses and hackers am I when using the Milsurps.Com web site?

[Badger]

January 2017 Update

Last year was a particularly tough year for various firearms and collectors web sites, being hacked with viruses, malware and trojan horse infections. To name a few, it was reported to have happened to Gunboards, Jouster, and of late, the Ross Rifle Forum were subject of attacks. Sometimes these hacks were more then just infecting their members computers with malware, but also stealing personal information such as UserID's and Passwords.

As ZDnet reported .... Hacker steals 45 million accounts from hundreds of car, tech, sports forums The company that runs the forums admitted failings, but underplayed the hack.

More information....

Warning .. Ross Rifle web site infected with malware (click here)

Gunboards Hacked (click here)

We’ve now implemented additional security features to help protect our members from viruses, malware, trojan horse infections as well as theft of personal information they may have stored privately on our site.

What is DKIM?

Our new milsurps mail server is now fully functional and using DKIM (Domain Keys Identified Mail). DKIM is the ultra-modern method of verifying the source of an email message. DKIM will help alleviate issues with remote sites seeing mail from milsurps as "spam" as all email sent from the server will be cryptographically analyzed and then signed with a "private" encryption key. When remote mail servers receive the mail, they can do a DNS lookup on the new milsurps email sever and fetch a copy of the PUBLIC key which is then used in conjunction with the digitally signed message, to verify that it did indeed originate from an authorized server.

Short version; Mail is more secure!


What Is SSL?

SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser, or a mail server and a mail client (e.g., Outlook). SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. Normally, data sent between browsers and web servers is sent in plain text—leaving you vulnerable to eavesdropping. If an attacker is able to intercept all data being sent between a browser and a web server, they can see and use that information.

What is https?

Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted.

By implementing all of the above protocols, the result for our members is that our site is much more secure then most other firearms and collectors web sites, that you may frequent and browse over the Internet .

Click the pics below to view the various authentication certificates and site checks for milsurps.com, as well as the browsers supported.

Attachment 79427 Attachment 79469 Attachment 79488Attachment 79487

Besides milsurps.com, at the time of writing this, here is a list of various firearms and collectors web sites that DO use encryption. Click the pics below to view the various authentication certificates returned by browsers when performing site checks.

Attachment 79572

At the time of writing this, here is a list of various firearms and collectors web sites that DO NOT use any encryption. Click the pics below to view the various authentication certificates returned by browsers when performing site checks.

Attachment 79432 Attachment 79429 Attachment 79433 Attachment 79428 Attachment 79431 Attachment 79434 Attachment 79430 Attachment 79438 Attachment 79435

When we first setup milsurps.com over 10 years ago, we didn't have a lot of disk storage space for pictures, so we used an external photo storage web site ImageEvent Picture Storage. Most of the pics shown in the various articles in the MKL, fall under this category.

The external ImageEvent Picture Storage site is not currently encrypted and depending upon your browser's handling of security notices, you may notice various types of warning messages as shown below. This would apply only if any pics shown to you here on our site, such as in the Knowledge Library, are actually sourced and displayed to you from that external storage. It's not something you need to worry about, as we have full control over the photo content stored on their site, so the likelihood of a security issue with any of those pics is very small. Therefore, it's perfectly fine to inform your browser to allow access as a permanent security exception.

Examples of browser security notices.

Attachment 79470 Attachment 79515

Once we accumulate enough funds, our next project will be to migrate all of the external pics stored externally on ImageEvent Picture Storage, back onto our own milsurps.com server, where they will be handled with full encryption.

For the technical inclined, you may want to take some time to view the various videos that appear in the auto linking pop-ups, showing the various definitions of these acronyms.

We hope that these security changes and additions to our site, ensures that milsurps.com will continue to be one of the most highly reliable, safe, secure and enjoyable firearms collectors web sites on the Internet.

Regards,
Doug

Information

Warning: This is a relatively older thread This discussion is older than 360 days. Some information contained in it may no longer be current.

[GOVTMOD]

Possible breach.

I received an scam/phishing email with my user name and password to this site in the subject line. Threatening to "expose" me to my contact list. This is the only place I have used that username and PW combo so the info might be from here.

I've regularly do maintenance on my PC so I don't think I was the source you might want to check.