Members of the previous forum can retrieve their temporary password here, (login and check your PM).

Reply to thread

Message

If you implement SSL the wrong way then it can be insecure indeed, please notice the 'If'. To accomplish a successful SSL/TLS attack the one you are attacking needs to comply to quite some preconditions.

One of those preconditions is that you need to have an older browser for example since the new browsers don't fall for that trick anymore, also the hacker needs you to run malicious javascript that is coming from the exact HTTPS source (site) that they like to hijack the SSL session from, not very likely to occur. And as the last one please notice that you cannot access the DMT-Nexus with the old SSL 2.0!

And about your e-mail that you can see, that is stored in a database in a highly sophisticated encyrpted form. If you access a page that shows you your e-mail address then that encrypted e-mail address is send to another server, that other server decrypts the string containing the e-mail address and sends it back to the DMT-Nexus server so it can be shown to you.

If you take away the DMT-Nexus server or in any way temper with the security, several protection switches are in place to brake the connection to that external server immediately and forever. Without a connection to that external server you can't do a thing with the e-mail or IP addresses.

Here is an example of an encrypted e-mail address:

It is encrypted with AES, 256bit block size, special salting, multi round, and a random key of at least 200 characters long. Due to the special salting every e-mail address is encrypted in a different way. So even if they spend billions of years decypting one e-mail address another encrypted e-mail addresses takes again that long to decrypt.

And one question: Who are they in "Hopefully they simply don't keep logs of access, no need to encrypt them, just don't have them to start with."?

On the DMT-Nexus there is no logging of your browsing activity. The only things that are logged are:
* Date/Time of joining this site
* Encrypted e-mail address when you join the site (you can enter a fake one if you don't need to get updated with PM's and if it doesn't matter if you loose your password)
* Date/Time of last visit (needed for showing you the last topics)
* Encrypted IP address when you first sign up and when you make a post (needed for action against trolls).
* Date/Time of any post you make (again, we need that for active topics and to have a timeline for the topics)

Also for secure browsing, check this topic: How to secure your entire computer and surf completely anonymous

Kind regards,

The Traveler

<blockquote data-quote="The Traveler" data-source="post: 3560863" data-attributes="member: 1">If you implement SSL the wrong way then it can be insecure indeed, please notice the &#039;If&#039;. To accomplish a successful SSL/TLS attack the one you are attacking needs to comply to quite some preconditions.One of those preconditions is that you need to have an older browser for example since the new browsers don&#039;t fall for that trick anymore, also the hacker needs you to run malicious javascript that is coming from the exact HTTPS source (site) that they like to hijack the SSL session from, not very likely to occur. And as the last one please notice that you cannot access the DMT-Nexus with the old SSL 2.0!And about your e-mail that you can see, that is stored in a database in a highly sophisticated encyrpted form. If you access a page that shows you your e-mail address then that encrypted e-mail address is send to another server, that other server decrypts the string containing the e-mail address and sends it back to the DMT-Nexus server so it can be shown to you.If you take away the DMT-Nexus server or in any way temper with the security, several protection switches are in place to brake the connection to that external server immediately and forever. Without a connection to that external server you can&#039;t do a thing with the e-mail or IP addresses. Here is an example of an encrypted e-mail address:It is encrypted with AES, 256bit block size, special salting, multi round, and a random key of at least 200 characters long. Due to the special salting every e-mail address is encrypted in a different way. So even if they spend billions of years decypting one e-mail address another encrypted e-mail addresses takes again that long to decrypt.And one question: Who are they in &quot;Hopefully they simply don&#039;t keep logs of access, no need to encrypt them, just don&#039;t have them to start with.&quot;?On the DMT-Nexus there is no logging of your browsing activity. The only things that are logged are:* Date/Time of joining this site* Encrypted e-mail address when you join the site (you can enter a fake one if you don&#039;t need to get updated with PM&#039;s and if it doesn&#039;t matter if you loose your password)* Date/Time of last visit (needed for showing you the last topics)* Encrypted IP address when you first sign up and when you make a post (needed for action against trolls).* Date/Time of any post you make (again, we need that for active topics and to have a timeline for the topics)Also for secure browsing, check this topic: <a href="https://www.dmt-nexus.me/forum/default.aspx?g=posts&amp;t=29076" target="_blank">How to secure your entire computer and surf completely anonymous</a>Kind regards,The Traveler</blockquote>

[QUOTE="The Traveler, post: 3560863, member: 1"] If you implement SSL the wrong way then it can be insecure indeed, please notice the 'If'. To accomplish a successful SSL/TLS attack the one you are attacking needs to comply to quite some preconditions. One of those preconditions is that you need to have an older browser for example since the new browsers don't fall for that trick anymore, also the hacker needs you to run malicious javascript that is coming from the exact HTTPS source (site) that they like to hijack the SSL session from, not very likely to occur. And as the last one please notice that you cannot access the DMT-Nexus with the old SSL 2.0! And about your e-mail that you can see, that is stored in a database in a highly sophisticated encyrpted form. If you access a page that shows you your e-mail address then that encrypted e-mail address is send to another server, that other server decrypts the string containing the e-mail address and sends it back to the DMT-Nexus server so it can be shown to you. If you take away the DMT-Nexus server or in any way temper with the security, several protection switches are in place to brake the connection to that external server immediately and forever. Without a connection to that external server you can't do a thing with the e-mail or IP addresses. Here is an example of an encrypted e-mail address: It is encrypted with AES, 256bit block size, special salting, multi round, and a random key of at least 200 characters long. Due to the special salting every e-mail address is encrypted in a different way. So even if they spend billions of years decypting one e-mail address another encrypted e-mail addresses takes again that long to decrypt. And one question: Who are [i]they[/i] in "[i]Hopefully [b]they[/b] simply don't keep logs of access, no need to encrypt them, just don't have them to start with.[/i]"? On the DMT-Nexus there is no logging of your browsing activity. The only things that are logged are: * Date/Time of joining this site * Encrypted e-mail address when you join the site (you can enter a fake one if you don't need to get updated with PM's and if it doesn't matter if you loose your password) * Date/Time of last visit (needed for showing you the last topics) * Encrypted IP address when you first sign up and when you make a post (needed for action against trolls). * Date/Time of any post you make (again, we need that for active topics and to have a timeline for the topics) Also for secure browsing, check this topic: [url=https://www.dmt-nexus.me/forum/default.aspx?g=posts&t=29076]How to secure your entire computer and surf completely anonymous[/url] Kind regards, The Traveler [/QUOTE]