Forum
Comments:
-
- on Sat 31 Oct 2009
- 10:12:20 PM UTC
safe website but i would not
safe website but i would not store sensitive passwords anywhere but on paper in front of you but good for other stuff
-
- on Sat 31 Oct 2009
- 10:49:39 PM UTC
???
You need a proper privacy policy as well as a description of what the service is.
Just a log in and registration page is way too basic. Not many people are willing to sign up to something not knowing what it is.
Edit: I can't even sign up. The CAPTCHA is too complex I guess. Or I've forgotten basic math.
-
- on Sun 01 Nov 2009
- 05:43:13 AM UTC
I do not understand anything
I do not understand anything you posted, evilfantasy.
The websites title is "Secure text data storage" and the first sentence on the HELP page is "We do not collect any personal information. " hahahaha what are you smoking? and you must have forgotten basic math I signed up quickly but the website is way too simple theres nothing bad about the site though
-
- on Sun 01 Nov 2009
- 03:45:15 PM UTC
@ Freeland
If you don't understand anything I said then you shouldn't be operating a website and even more-so a website with a service.
The "HELP page" is a joke.
what are you smoking?
Comments like that this won't help you any.
I signed up quickly but the website is way too simple theres nothing bad about the site though
I disagree. The problem I had trying to sign up is one. Another is YOU!
The websites title is "Secure text data storage" and the first sentence on the HELP page is "We do not collect any personal information. "
Honestly. Do you know how many rouge sites there are out there? They have pages and pages of lies. Just because you say so doesn't mean a thing.
Also as basic as your website is I wouldn't trust anything to be secure. Get some descriptions of how it is secure and exactly what the site is about, where the information is stored, protected and so forth.
-
- on Sun 01 Nov 2009
- 02:28:46 PM UTC
I was just trying to help
I was just trying to help my friend get a green circle of trust! The website itself is safe
-
- on Sun 01 Nov 2009
- 04:31:55 PM UTC
I agree with evilfantasy, if
I agree with evilfantasy, if I was to ( which I would not do ) say store my passwords on this site, how can this site owner prove to me that my file is safe, and measures have been taken to secure this website?
-
- on Sun 01 Nov 2009
- 05:19:03 PM UTC
I will pass your messages
I will pass your messages along to my friend, he said he is currently in the process of adding McAfees HackerSafe. Thanks
-
- on Sun 01 Nov 2009
- 05:20:10 PM UTC
Evil, what problems did you
Evil, what problems did you have? Can you send an email to the address on the Help page, he would like to know.
-
- on Sun 01 Nov 2009
- 06:59:28 PM UTC
McAfees HackerSafe....
....doesn't secure a website. It's a trust tool. http://www.mcafeesecure.com/us/
Have a read of this. http://antivirus.about.com/od/vendorwhitepapers/a/...
Evil, what problems did you have?
One was not being able to add or subtract correctly. 5 + 1 is not hard to figure out but I couldn't get it done yesterday. I was however successful today. Although once logged in all you get is this.
This is secure? Once you enter text and click Save, what does it do and where does it go?
Where is it stored and how is it secured? It's not an HTTPS...
P.S. I'm not a webmaster or a website security expert, or novice, but do know enough to see that there are questions that need to be answered. It's all too basic.
-
- on Sun 01 Nov 2009
- 07:28:51 PM UTC
re: savetext.org
All I see is a green login box with a "register" and "Help" link
stating... Secure text data storage
- First, there is no SSL Certificate for either www.savetext.org or for savetext.org so the site is NOT secure for data transmission! Test it yourself
- DNS resolves 'www.savetext.org' to 174.120.154.220
No certificates were found.
Output from 'openssl s_client' command:
13068:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:601: CONNECTED(00000003)
This in itself gets a red rating from me.
Second, there is no "site" — nothing to answer the simple questions of: "who" "what" "where" "why" and/or "how"
- WHO is the owner of this site? Can I trust them?
- WHAT is this site about? what storage capacities are offered? what storage medium is used? (flat file database (text) MySQL? MSSQL? (etc.) what security is offered (obviously none with out a secured encrypted transmission).
- WHERE does my stored text go? Is it shared with others? (affiliations, 3rd parties, sold, protected, etc., etc.)
- WHY should I use this service? Will I incur fees? If so, how much? If not, why? Is my data backed up? If so, where, when, and how often?
- HOW does savetext.org work?
No Privacy Policy!
You need to make oneNo ToS
Your site offers a service but there is no Terms of Service — you need to make one.I registered using 3 characters, you sent me an error stating that a username must be at least 4 characters...
Put that on the initial registration page!
What are you using for password encryption? Or are you storing that as plain text also?whois shows the domain was registered on 22 OCT 2009 using private registration through protecteddomainservices.com
site is hosted on a shared IP: 174.120.154.220 through hostgator.com
I rate this site Low for all categories except Child Safety (unrated)
I personally wouldn't trust using it in it's current form.Build a website, get an SSL, get a dedicated IP
Maybe I'll change my rating.BTW, delete the user "wot7"
Any SQL Administrator can fetch the records stored in the database.
IF people store username and password combinations and the data is NOT excrypted, the SQL Admin can view, and use, this sensitive login information.
We call this PHISHing.Are you a PHISH?
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W -
- on Sun 01 Nov 2009
- 07:44:52 PM UTC
I came here after hearing
I came here after hearing about the topic from Stef. I run http://www.savetext.org and I think it is totally unethical the way you rate websites. I just started SaveText.org, because you do not like how simple my website is, my privacy policy is not 2 pages long, and because I just registered it a few weeks ago with private registration to protect myself from spam, you give me a negative rating? Your system is not right.
SaveText.org is 100% safe, I hand coded the script in PHP myself, everything is encrypted on a PHP level going into the database, the database is backed up daily, I do not need SSL. The website has been audited with www.acunetix.com software and is free from any SQL injection or XSS. So please tell me what is not secure and how you decided on your decision? Thanks a lot for rating my website negative that is 100% safe and coded with total security in mind, it is a free service and it is new, if you do not like it do not use it, but you cannot rate it negative for no reason other than the simple fact that you just don't like it. I will be reporting my website to WOT and send a complaint about your activity.
PS. The website is simple. I like things to be simple. IE) Google.com
-
- on Sun 01 Nov 2009
- 08:18:19 PM UTC
SSL
- I ran a service scan, results:
-
- HTTP - 80 HTTP/1.1 200 OK
Date: Sun, 01 Nov 2009 19:53:54 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.9
Connection: close
Content-Type: text/html
- HTTP - 80 HTTP/1.1 200 OK
Hostgator.com offers SSL with their hosting packages
You should use it.My rating has nothing to do with your site being "simple" - there simply is no site.
Even Google has a website complete with ToS, Privacy Policy, Registration page, login page, etc.
BTW...
What IF I were to forget my password and/or my user name?
What is the method for retrieval?Let's not go into "PHP Security" that happens to be an oxymoron, don't believe me? Ask Steffan
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W -
- on Sun 01 Nov 2009
- 08:12:20 PM UTC
Don't blame us...
...we were requested to give our insight. g7w went above and beyond with his recommendations. You might have a serious look at them.
The best password managers I know of store the information locally on the host computer. Why? Because that is the securest way of storing sensitive information. Even web forums don't keep them. They can reset one but they can't view your password.
http://www.google.com/intl/en/privacy.html
http://www.google.com/intl/en/privacypolicy.html
http://www.google.com/accounts/TOS -
- on Sun 01 Nov 2009
- 08:16:43 PM UTC
WOW! I am no longer using
WOW! I am no longer using WOT I am sorry for ruining your score I was trying to help ):
-
- on Sun 01 Nov 2009
- 08:26:16 PM UTC
I understand what you are
I understand what you are saying Evil, but because his website lacked ONLY a Privacy Policy to your standards you give me a horrible rating just for that? That is wrong and harming someones website. I will no longer be a part of this community
ITS A SAFE WEBSITE FOR SAVING TEXT!!
-
- on Sun 01 Nov 2009
- 10:14:19 PM UTC
Rating
Stef, and whoever else. The Privacy Policy is important but actually a very small issue (to me) and one of the easiest to address by the site owner. I haven't rated the site yet. I'm willing to see how this plays out and if any improvements are made before submitting a rating. If I were to rate it now it would be Yellow bordering on Red. I don't think there is malicious intent but also it doesn't look like anything is going to change so I can't find much reason to lean towards a Green rating.
A word of advice. When coming to a forum where security experts hang out, (many are experts here even if they won't admit it :) ) and asking their advice. It's best to leave your ego and feelings at the door. A lot can be learned from them but that's only if you are willing to learn.
We are being honest. You rating WOT and it's members personal websites Red is not only a flagrant abuse of the WOT system, it's simply childish and sad. Grow up.
-
- on Sun 01 Nov 2009
- 08:43:20 PM UTC
Limited to 2000 characters
1 "document" limited to 2000 characters over a non-secure transmission.
This is "safe"?
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W -
- on Sun 01 Nov 2009
- 08:58:56 PM UTC
@ Stef_Lyn
You should stop PMing people, when they can not reply to you since you have your profile to not accept messages.
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W -
- on Sun 01 Nov 2009
- 09:01:29 PM UTC
.....
lalala .... it was a hot summers day, somewhere in the east of err, somewhere, when all of a sudden I saw ........
Okay, lets get to it. First and foremost, no SSL = plain text = NOT SECURE. Plain and simple (read up on MITM attacks or err, proxies).
Not having an SSL login is one thing, and is *usually* fine in some cases. However, if you're going to call your service "secure" ANYTHING, then you need to understand the difference between secure transmission of data, and plain text transmission.
As for the WhoIs being hidden, you're going to tell people they can trust you to securely store their data/passwords or whatever, then hiding WhoIs isn't a good way of doing that. Protect you from spam? Gimme a break.
As for "PHP Security", there's no such thing. EVERYTHING on the web can be compromised, irrespective of what you think or what some audit company/program tells you.
g7w has already said everything else I'd have said, so I'll leave it there.
Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net -
- on Mon 02 Nov 2009
- 01:13:10 AM UTC
re: 403 error
I get a simple text output:
SaveText.org is currently offline due to
spam from users at http://www.mywot.com-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W -
- on Mon 02 Nov 2009
- 01:15:42 AM UTC
re: 403 error
While in reality they are trying to spam comments on our site...
-
- on Sun 01 Nov 2009
- 11:59:00 PM UTC
Re: Rate this site
I have no idea what the site is about and whether it can be trusted, but I must say that creating fake accounts and leaving false comments about users who offer you advice is an interesting strategy to improve the site's reputation. I might have personally responded to constructive criticism a bit differently if I wanted people to trust me, but maybe that's just me.
-
- on Tue 03 Nov 2009
- 02:52:12 AM UTC
Trolls
More trolls again . . . finding quickly that this Lions Den is not for them. (Spamming member's boards was apparently a "parting shot" that pretty much amounted to the proof in the pudding).
@evilfantasy,
You made a good comment about people requesting a rating from the security experts here . . . and being willing to take the constructive criticism.
@Sami.
You expanded on that same thought.
Rate this site: http://www.savetext.org
This is a website of my friends, I would just like to help him achieve a green circle of trust!
http://www.savetext.org