Fiverr site security must be updated

[harithagayashan]

see these attached images. and tell me your ideas… i saw some forum posts saying their accounts hacked… gigs deleted some peoples funds transferred to the hackers PayPal accounts… no wonder such things happen in these circumstances.

[harithagayashan]

i think it is better for you to secure your self with a good virus guard and keep your computer clean. we must do the best from our side to save our selves.

[harithagayashan]

no one has anything to say about this ??? 😛 :)) :-w >:) =))

[kornilov]

Long time ago I wrote that SSL is required! But seems like people don’t really care about their security (or don’t understand what it means). No wonder accounts are getting hacked - enough to login via some malicious WiFi spot and all your packets (including passwords for Fiverr) are gone.

[harithagayashan]

Reply to @kornilov: we better secure our selves change our passwords in a schedule. use better virus guards , keep the pc clean… bla bla etc…

[kornilov]

Reply to @harithagayashan: But that will not help unless connection is encrypted. Your traffic remains completely open. Firewall, antivirus - these are all client side technologies.

If there is no SSL, you shouldn’t access fiverr from any untrusted/public WiFi hotspots (like hotels, cafeterias, airports).

The only way out is to buy a VPN, or install one on your own VPS/Dedicated server (or establish some other type of encrypted tunnel between your PC and Fiverr’s server).



But who cares 😦

[harithagayashan]

yes i know that. but we cannot do that without support from fiverr side. so i decided to protect my self as much as i from my side.

[harithagayashan]

see the second image kaspersky saying that site is trying to submit the password openly in a public wifi network. my network is secured. but i am worrying y they cannot simply install ssl certificate on the site. comodo provides it free i think.

[kornilov]

SSL assumes an extra load on the server (encryption is a resource consuming operation) and for the growing project like Fiverr that might be an issue (more hardware resources, higher costs).

[harithagayashan]

i seriously doubt that fiverr is still growing ??? :))

[harithagayashan]

and also ssl prevents inside attacks and other things so ssl ironically reduce the traffic.so i think installing ssl is not a much higher cost and higher hardware issues. in standard people say installing ssl makes the bandwidth higher in about 5%. but in my thinking as it prevents all the attacks and it will save the bandwidth from them. then that 5% is not a value. bcoz u save much more bandwidth from preventing attacks.

[harithagayashan]

and also then the customer support will receive less support tickets saying my revenues lost… some one deleted my gigs… i cannot access my account bla bla things… they will have much time to attend users other problems.

[kornilov]

Reply to @harithagayashan: it is not about bandwidth but processor! Encryption requires a lot of mathematical operations.



But you can see yourself how many people participated in that discussion…

ARS is a hottest topic these days

[harithagayashan]

Reply to @kornilov: 🙂