About that MT-09 motorcycle talk forum

[Cruizin]

Hey guys, just to warn you. That "MT09 " forum is not secure. It is one of the many forums that does not protect their login and registration pages with SSL. So, the info that you type in (username, password, email address) and your ip address is wide open for hackers. And unprotected forums like that get hacked all the time and the forum owners often don't even know it. Due to laziness and outdated website admin practices.
 
It is also built on Vbulletin. An old forum software that is full of security holes that requires almost weekly security updates and I'll tell ya. A forum admin that doesn't even secure their "registration" and login pages, probably doesn't keep up with the security updates either. Baldy at ADV Rider recently switched away from Vbulletin software because honestly, it's unsafe in 2017.
 
I would not use your real email address on that forum and I suggest using a junk throwaway password that you don't use anywhere else. At the very least. And dont pay for anythiing on that forum, do not send anyone your credit card info or address. Because honestly, your avg 11 year old russian kid could have everyones info and their entire database in about ten minutes.
 
As you know, our forum is ssl secure and built on a more secure software platform and I have a team on the backend managing our security.
 
See below top left of screenshot.
 
 

 

[Cruizin]

 

 
If you are joining or logging into any website or forum, look at where that arrow points and make sure that websites address starts with "HTTPS" not HTTP! HTTP websites are not secured with SSL encryption and are wide open to basic hack attacks.
 
Also, as a reminder, don't be one of those idiots who uses the same password on multiple websites. Use one different long password per website. Why? If one website gets hacked, they enter all the personal info from the database and use software to try your email's/password on thousands of retail sites automatically. So many people use one password on all of their websites, and those are the people wondering how their identity got stolen.
 
Now you know!
 
To see if a lazy website admin has gotten your info hacked and leaked to the public, visit this link and enter all of your email addresses one at a time! https://haveibeenpwned.com/
 
How does the above website https://haveibeenpwned.com/ know what sites have been hacked? Because when a hacker finds an unsecure database, they download that database on hacker websites for all of the hackers in the world to see and use!

[phpaul]

Interesting.  It reports one of my email addresses has having been breached on MySpace.
 
Curious as I am not now and never have been a member of MySpace, nor even, to the best of my memory, visited that site.

[Cruizin]

Interesting.  It reports one of my email addresses has having been breached on MySpace. 
Curious as I am not now and never have been a member of MySpace, nor even, to the best of my memory, visited that site.

 
Odds are that "someone" used your email account to join Myspace at one point in time. A kid perhaps? Or spouse? Or, ....
 
2017, it's time to be really picky which websites that you join.
 

[britelitebob]

Interesting.  It reports one of my email addresses has having been breached on MySpace. 
Curious as I am not now and never have been a member of MySpace, nor even, to the best of my memory, visited that site.

Odds are that "someone" used your email account to join Myspace at one point in time. A kid perhaps? Or spouse? Or, ....  
2017, it's time to be really picky which websites that you join.

It's da Russians  P-)

[nsmiller]

 
Can you explain why my computer says I'm not fully secure when viewing this thread. I think it has to do with the pictures...
 
Looks like I'm screwed:
 
 

[Cruizin]

 
Can you explain why my computer says I'm not fully secure when viewing this thread. I think it has to do with the pictures...
 
Looks like I'm screwed:
 
 
 
 

 
 
It says that "some" images posted on here are not https. This is why i added the "add image to post" button and soon we will be deleting ALL http links and images that members have posted over the years.
 
Our site is secure, but your warning is showing that there are http links and images loaded on here, and that clicking on those links and images may put you at risk because they lead to sites that aren't secure.
 
I am giving you guys "some" time to replace your photo-bucket and imgur pics before deleting them.
 
 
As far as those sites that you looked up and noticed tat they had gotten your info hacked, I would go to them each and change your passwords right away!
 

[Cruizin]

And again, I wll soon be deleting all HTTP picture links. Including avatars. For the reasons stated above. I like to run a clean ship.

[2and3cylinders]

So forum sites I've been a member of for many years like
 
http://www.superhawkforum.com
 
or more recently
 
http://www.fz09.org
 
and other websites as example
 
http://www.roadracingworld.com/news/
 
and
 
http://www.crash.net/wsbk/results/245088/1/assen-race-results-2.html
 
should be avoided?!
 
Wow!
 
Even with virus protection like Bitdefender and a hard modem firewall?
 
 
 

[Cruizin]

@2and3cylinders
 
Check their login pages to see if the login page is at least https. If the login page is https then they have encrypted their login page and it should be secure. If their login page is just http, then your avg 11 year old Russian could hack it and get all the members info.
 
Having anti virus on your computer does nothing to THIER FORUM man. Https means that a page or website is encrypted and it's data is secure.
 
Again go to each forums "login" page where you actually login or join, and see if the web address begins with http (not secure) or https(secure encrypted).
 
Your personal computer could be perfectly protected with the worlds best antivirus, but that doesn't protect their website and your data that sits on it folks. If the page on a website where you enter info is not https, if it is http, it is not safe and is open to be easily hacked.
 
Now, a general forum can be http and that's ok I guess, but thier login and registration pages need to be https, or stay away. Go back in and change password to some crazy long password that doesn't match any passwords that you use on other websites.
 
That mt09 forum's login and registration pages aren't even https, and that's some risky shet in 2017. Those members better hope that site doesn't get hacked because I bet a bunch of those people use the same damn passwords on their retail and banking sites.
 
I took it a step further and made this entire forum https.
 
They really need to start teaching this shet in school or like everywhere.
 
 
Show of hands. How many of you use the same couple passwords on all of the websites that you use? If so, be honest. I can help you fix that easily too.

[Cruizin]

If anyone has any security questions or concerns about anything you do online, let me know below or send me a pm.
 
I'm here to help and educate.

[Cruizin]

@2and3cylinders I was curious so did a check for you. I clicked on their login pages and then got this info. No HTTP SSL Protection.
 
Superhawk forum Registration page is http unsecure and not encrypted. If hacked , your info is leaked to whoever wants it.
 
 

 
 
Crash. net
 
Login page is unsecure, not encrypted. If hacked, your info is leaked to whoever wants it.
 
 

 
 
Road racing world. I'm shocked that they haven't encrypted their login page. wow.
 
 
 

 
 
If a website admin is too lazy or cheap to encrypt your login credentials, ip address, and data, then they do not deserve your time.
 
And if any of those website admins come here to complain, too freakin bad man. It's 2017, get with the freakin program. Your visitors/members expect you to protect their info and data.
 

[adjuster]

Thanks for all the excellent advice and examples.

[2and3cylinders]

Thanks a ton Cruzin!
 
I don't subscribe to Crash or RRW, just go there to read but What should I do about my subscription to the Superhawk forum other than inform the owner it's open to hack? Cancelling my subscription still leaves my data out there doesn't it?

[Cruizin]

Thanks a ton Cruzin! 
I don't subscribe to Crash or RRW, just go there to read but What should I do about my subscription to the Superhawk forum other than inform the owner it's open to hack? Cancelling my subscription still leaves my data out there doesn't it?

 
As long as you don't use that password that you use one the superhawk forum, on any other sites that contain important info about you, especially retail, banking, or any site where you have registered any payment info or SSN or home address, then you are not at much risk.
 
If the password you use there is also used on other sites, then at least login and change your password to a unique long password so that it no longer matches the password from other sites.
 
And that's the big danger. People who use the same password on multiple sites. If it gets hacked from one unsecured site, then the hackers use that to find the site that they can use to get your important info.
 
And if anyone thinks I'm being "over cautious" you need to read this http://www.zdnet.com/article/hacker-steals-45-million-accounts-from-hundreds-of-verticalscope-car-tech-sports-forums/
 
Last year hackers got 45 million passwords from all of the vertical scope/motorcycle.com forums that were all HTTP.