Comments on websites
Rate this site: http://www.savetext.org
sáb 31 oct 2009 02:52:55 UTC — AnonymousThis is a website of my friends, I would just like to help him achieve a green circle of trust!
http://www.savetext.org
- Inicie sesión o regístrese para enviar comentarios
done good site
sáb 31 oct 2009 15:40:09 UTC — joesokodone good site
safe website but i would not
sáb 31 oct 2009 22:12:20 UTC — Stover75safe website but i would not store sensitive passwords anywhere but on paper in front of you but good for other stuff
???
sáb 31 oct 2009 22:49:39 UTC — evilfantasyYou need a proper privacy policy as well as a description of what the service is.
Just a log in and registration page is way too basic. Not many people are willing to sign up to something not knowing what it is.
Edit: I can't even sign up. The CAPTCHA is too complex I guess. Or I've forgotten basic math.
I do not understand anything
dom 01 nov 2009 05:43:13 UTC — Freeland (no verificado)I do not understand anything you posted, evilfantasy.
The websites title is "Secure text data storage" and the first sentence on the HELP page is "We do not collect any personal information. " hahahaha what are you smoking? and you must have forgotten basic math I signed up quickly but the website is way too simple theres nothing bad about the site though
@ Freeland
dom 01 nov 2009 15:45:15 UTC — evilfantasyIf you don't understand anything I said then you shouldn't be operating a website and even more-so a website with a service.
The "HELP page" is a joke.
what are you smoking?
Comments like that this won't help you any.
I signed up quickly but the website is way too simple theres nothing bad about the site though
I disagree. The problem I had trying to sign up is one. Another is YOU!
The websites title is "Secure text data storage" and the first sentence on the HELP page is "We do not collect any personal information. "
Honestly. Do you know how many rouge sites there are out there? They have pages and pages of lies. Just because you say so doesn't mean a thing.
Also as basic as your website is I wouldn't trust anything to be secure. Get some descriptions of how it is secure and exactly what the site is about, where the information is stored, protected and so forth.
I was just trying to help
dom 01 nov 2009 14:28:46 UTC — Stef_Lyn (no verificado)I was just trying to help my friend get a green circle of trust! The website itself is safe
I agree with evilfantasy, if
dom 01 nov 2009 16:31:55 UTC — cconniejeanI agree with evilfantasy, if I was to ( which I would not do ) say store my passwords on this site, how can this site owner prove to me that my file is safe, and measures have been taken to secure this website?
I will pass your messages
dom 01 nov 2009 17:19:03 UTC — Stef_Lyn (no verificado)I will pass your messages along to my friend, he said he is currently in the process of adding McAfees HackerSafe. Thanks
Evil, what problems did you
dom 01 nov 2009 17:20:10 UTC — Stef_Lyn (no verificado)Evil, what problems did you have? Can you send an email to the address on the Help page, he would like to know.
McAfees HackerSafe....
dom 01 nov 2009 18:59:28 UTC — evilfantasy....doesn't secure a website. It's a trust tool. http://www.mcafeesecure.com/us/
Have a read of this. http://antivirus.about.com/od/vendorwhitepapers/a/...
Evil, what problems did you have?
One was not being able to add or subtract correctly. 5 + 1 is not hard to figure out but I couldn't get it done yesterday. I was however successful today. Although once logged in all you get is this.
This is secure? Once you enter text and click Save, what does it do and where does it go?
Where is it stored and how is it secured? It's not an HTTPS...
P.S. I'm not a webmaster or a website security expert, or novice, but do know enough to see that there are questions that need to be answered. It's all too basic.
re: savetext.org
dom 01 nov 2009 19:28:51 UTC — g7wAll I see is a green login box with a "register" and "Help" link
stating... Secure text data storage
No certificates were found.
Output from 'openssl s_client' command:
13068:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:601: CONNECTED(00000003)
This in itself gets a red rating from me.
Second, there is no "site" — nothing to answer the simple questions of: "who" "what" "where" "why" and/or "how"
No Privacy Policy!
You need to make one
No ToS
Your site offers a service but there is no Terms of Service — you need to make one.
I registered using 3 characters, you sent me an error stating that a username must be at least 4 characters...
Put that on the initial registration page!
What are you using for password encryption? Or are you storing that as plain text also?
whois shows the domain was registered on 22 OCT 2009 using private registration through protecteddomainservices.com
site is hosted on a shared IP: 174.120.154.220 through hostgator.com
I rate this site Low for all categories except Child Safety (unrated)
I personally wouldn't trust using it in it's current form.
Build a website, get an SSL, get a dedicated IP
Maybe I'll change my rating.
BTW, delete the user "wot7"
Any SQL Administrator can fetch the records stored in the database.
IF people store username and password combinations and the data is NOT excrypted, the SQL Admin can view, and use, this sensitive login information.
We call this PHISHing.
Are you a PHISH?
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W
I came here after hearing
dom 01 nov 2009 19:44:52 UTC — SaveTextorg (no verificado)I came here after hearing about the topic from Stef. I run http://www.savetext.org and I think it is totally unethical the way you rate websites. I just started SaveText.org, because you do not like how simple my website is, my privacy policy is not 2 pages long, and because I just registered it a few weeks ago with private registration to protect myself from spam, you give me a negative rating? Your system is not right.
SaveText.org is 100% safe, I hand coded the script in PHP myself, everything is encrypted on a PHP level going into the database, the database is backed up daily, I do not need SSL. The website has been audited with www.acunetix.com software and is free from any SQL injection or XSS. So please tell me what is not secure and how you decided on your decision? Thanks a lot for rating my website negative that is 100% safe and coded with total security in mind, it is a free service and it is new, if you do not like it do not use it, but you cannot rate it negative for no reason other than the simple fact that you just don't like it. I will be reporting my website to WOT and send a complaint about your activity.
PS. The website is simple. I like things to be simple. IE) Google.com
SSL
dom 01 nov 2009 20:18:19 UTC — g7wDate: Sun, 01 Nov 2009 19:53:54 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.9
Connection: close
Content-Type: text/html
Hostgator.com offers SSL with their hosting packages
You should use it.
My rating has nothing to do with your site being "simple" - there simply is no site.
Even Google has a website complete with ToS, Privacy Policy, Registration page, login page, etc.
BTW...
What IF I were to forget my password and/or my user name?
What is the method for retrieval?
Let's not go into "PHP Security" that happens to be an oxymoron, don't believe me? Ask Steffan
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W
Don't blame us...
dom 01 nov 2009 20:12:20 UTC — evilfantasy...we were requested to give our insight. g7w went above and beyond with his recommendations. You might have a serious look at them.
The best password managers I know of store the information locally on the host computer. Why? Because that is the securest way of storing sensitive information. Even web forums don't keep them. They can reset one but they can't view your password.
http://www.google.com/intl/en/privacy.html
http://www.google.com/intl/en/privacypolicy.html
http://www.google.com/accounts/TOS
WOW! I am no longer using
dom 01 nov 2009 20:16:43 UTC — Stef_Lyn (no verificado)WOW! I am no longer using WOT I am sorry for ruining your score I was trying to help ):
I understand what you are
dom 01 nov 2009 20:26:16 UTC — Stef_Lyn (no verificado)I understand what you are saying Evil, but because his website lacked ONLY a Privacy Policy to your standards you give me a horrible rating just for that? That is wrong and harming someones website. I will no longer be a part of this community
ITS A SAFE WEBSITE FOR SAVING TEXT!!
Rating
dom 01 nov 2009 22:14:19 UTC — evilfantasyStef, and whoever else. The Privacy Policy is important but actually a very small issue (to me) and one of the easiest to address by the site owner. I haven't rated the site yet. I'm willing to see how this plays out and if any improvements are made before submitting a rating. If I were to rate it now it would be Yellow bordering on Red. I don't think there is malicious intent but also it doesn't look like anything is going to change so I can't find much reason to lean towards a Green rating.
A word of advice. When coming to a forum where security experts hang out, (many are experts here even if they won't admit it :) ) and asking their advice. It's best to leave your ego and feelings at the door. A lot can be learned from them but that's only if you are willing to learn.
We are being honest. You rating WOT and it's members personal websites Red is not only a flagrant abuse of the WOT system, it's simply childish and sad. Grow up.
Limited to 2000 characters
dom 01 nov 2009 20:43:20 UTC — g7w1 "document" limited to 2000 characters over a non-secure transmission.
This is "safe"?
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W
@ Stef_Lyn
dom 01 nov 2009 20:58:56 UTC — g7wYou should stop PMing people, when they can not reply to you since you have your profile to not accept messages.
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W
.....
dom 01 nov 2009 21:01:29 UTC — MysteryFCMlalala .... it was a hot summers day, somewhere in the east of err, somewhere, when all of a sudden I saw ........
Okay, lets get to it. First and foremost, no SSL = plain text = NOT SECURE. Plain and simple (read up on MITM attacks or err, proxies).
Not having an SSL login is one thing, and is *usually* fine in some cases. However, if you're going to call your service "secure" ANYTHING, then you need to understand the difference between secure transmission of data, and plain text transmission.
As for the WhoIs being hidden, you're going to tell people they can trust you to securely store their data/passwords or whatever, then hiding WhoIs isn't a good way of doing that. Protect you from spam? Gimme a break.
As for "PHP Security", there's no such thing. EVERYTHING on the web can be compromised, irrespective of what you think or what some audit company/program tells you.
g7w has already said everything else I'd have said, so I'll leave it there.
Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net
lol
dom 01 nov 2009 22:51:36 UTC — WarxasNow I get a 403 error on the page. Guess he got insulted...
re: 403 error
lun 02 nov 2009 01:13:10 UTC — g7wI get a simple text output:
SaveText.org is currently offline due to
spam from users at http://www.mywot.com
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W
re: 403 error
lun 02 nov 2009 01:15:42 UTC — SamiWhile in reality they are trying to spam comments on our site...
Yeah
lun 02 nov 2009 01:52:02 UTC — WarxasI get that now too... Bye!
Re: Rate this site
dom 01 nov 2009 23:59:00 UTC — SamiI have no idea what the site is about and whether it can be trusted, but I must say that creating fake accounts and leaving false comments about users who offer you advice is an interesting strategy to improve the site's reputation. I might have personally responded to constructive criticism a bit differently if I wanted people to trust me, but maybe that's just me.
Trolls
mar 03 nov 2009 02:52:12 UTC — BobJamMore trolls again . . . finding quickly that this Lions Den is not for them. (Spamming member's boards was apparently a "parting shot" that pretty much amounted to the proof in the pudding).
@evilfantasy,
You made a good comment about people requesting a rating from the security experts here . . . and being willing to take the constructive criticism.
@Sami.
You expanded on that same thought.