Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Why aren't AT LEAST the login forms on this site running over HTTPS?

cOuSlEGNoRId
Level 7

‎11-29-2014 04:45 PM - last edited on ‎03-05-2024 09:50 PM by Community Admin

I just signed up so I can ask a question about my motherboard, but I noticed the address bar was not running over HTTPS when I was making the registration. I then inspected the HTML that the form post url also wasn't running over HTTPS.

What's the point of user names and passwords if you're not going to bother to encrypt the data while its in transit. If you're not bothering to encrypt in transit, then why would we trust you to encrypt it at rest? Not to mention the peculiar JavaScript function being ran on post that does an MD5 hash? MD5 being ridiculously weak and broken...

ASUS seems to want to be best in gaming hardware, but can't even deploy a forum and ensure it's protection. I wonder how many users on this forum use the exact same username/email/password combination somewhere else?

Shame on ASUS! It's $11 for an SSL certificate and about 30 minutes of admin time to deploy...
0 Kudos
2,490 Views
2 REPLIES 2

sk2play
Level 13

‎11-29-2014 06:32 PM

You sound educated and I would like a good ASUS reply to . . . update ?
Corsair 500R Case, H110 Hydro, 1200AX PSU, Asus Maximus Hero VI MB, Intel 4770K CPU, Gigabyte GPU GV-N98TWF3OC-6GD, G-Skill Trident 2400MHz 32GB, Crucial M500 960GB SSD, Seagate 6TB HDD x2, Creative SBZ to Denon AVR-4311ci - Infinity Primus 5.1 w/Klipsch Sub XW-300d, HP ZR30w 30" S-IPS LCD, W10 64bit
0 Kudos

X-ROG
Level 15

‎11-30-2014 05:28 PM

I will check. As far as I know we run whatever vBulletin provides now, but it used to be a part of ASUS member login which was all encrypted.
0 Kudos