Comments on websites

Käyttäjän kuva

Rate this site: http://www.savetext.org

la 31. lokakuuta 2009 02:52:55 — Anonymous

This is a website of my friends, I would just like to help him achieve a green circle of trust!

http://www.savetext.org

Käyttäjän kuva

done good site

la 31. lokakuuta 2009 15:40:09 — joesoko

done good site

Käyttäjän kuva

safe website but i would not

la 31. lokakuuta 2009 22:12:20 — Stover75

safe website but i would not store sensitive passwords anywhere but on paper in front of you but good for other stuff

Käyttäjän kuva

???

la 31. lokakuuta 2009 22:49:39 — evilfantasy

You need a proper privacy policy as well as a description of what the service is.

Just a log in and registration page is way too basic. Not many people are willing to sign up to something not knowing what it is.

Edit: I can't even sign up. The CAPTCHA is too complex I guess. Or I've forgotten basic math.

Käyttäjän kuva

I do not understand anything

su 1. marraskuuta 2009 05:43:13 — Freeland (ei varmistettu)

I do not understand anything you posted, evilfantasy.

The websites title is "Secure text data storage" and the first sentence on the HELP page is "We do not collect any personal information. " hahahaha what are you smoking? and you must have forgotten basic math I signed up quickly but the website is way too simple theres nothing bad about the site though

Käyttäjän kuva

@ Freeland

su 1. marraskuuta 2009 15:45:15 — evilfantasy

If you don't understand anything I said then you shouldn't be operating a website and even more-so a website with a service.

The "HELP page" is a joke.

what are you smoking?

Comments like that this won't help you any.

I signed up quickly but the website is way too simple theres nothing bad about the site though

I disagree. The problem I had trying to sign up is one. Another is YOU!

The websites title is "Secure text data storage" and the first sentence on the HELP page is "We do not collect any personal information. "

Honestly. Do you know how many rouge sites there are out there? They have pages and pages of lies. Just because you say so doesn't mean a thing.

Also as basic as your website is I wouldn't trust anything to be secure. Get some descriptions of how it is secure and exactly what the site is about, where the information is stored, protected and so forth.

Käyttäjän kuva

I was just trying to help

su 1. marraskuuta 2009 14:28:46 — Stef_Lyn (ei varmistettu)

I was just trying to help my friend get a green circle of trust! The website itself is safe

Käyttäjän kuva

I agree with evilfantasy, if

su 1. marraskuuta 2009 16:31:55 — cconniejean

I agree with evilfantasy, if I was to ( which I would not do ) say store my passwords on this site, how can this site owner prove to me that my file is safe, and measures have been taken to secure this website?

Käyttäjän kuva

I will pass your messages

su 1. marraskuuta 2009 17:19:03 — Stef_Lyn (ei varmistettu)

I will pass your messages along to my friend, he said he is currently in the process of adding McAfees HackerSafe. Thanks

Käyttäjän kuva

Evil, what problems did you

su 1. marraskuuta 2009 17:20:10 — Stef_Lyn (ei varmistettu)

Evil, what problems did you have? Can you send an email to the address on the Help page, he would like to know.

Käyttäjän kuva

McAfees HackerSafe....

su 1. marraskuuta 2009 18:59:28 — evilfantasy

....doesn't secure a website. It's a trust tool. http://www.mcafeesecure.com/us/

Have a read of this. http://antivirus.about.com/od/vendorwhitepapers/a/...

Evil, what problems did you have?

One was not being able to add or subtract correctly. 5 + 1 is not hard to figure out but I couldn't get it done yesterday. I was however successful today. Although once logged in all you get is this.

This is secure? Once you enter text and click Save, what does it do and where does it go?

Where is it stored and how is it secured? It's not an HTTPS...

Free Image Hosting At ImageCows.Net

P.S. I'm not a webmaster or a website security expert, or novice, but do know enough to see that there are questions that need to be answered. It's all too basic.

Käyttäjän kuva

re: savetext.org

su 1. marraskuuta 2009 19:28:51 — g7w

All I see is a green login box with a "register" and "Help" link
stating... Secure text data storage

First, there is no SSL Certificate for either www.savetext.org or for savetext.org so the site is NOT secure for data transmission! Test it yourself
DNS resolves 'www.savetext.org' to 174.120.154.220
No certificates were found.
Output from 'openssl s_client' command:
13068:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:601: CONNECTED(00000003)

This in itself gets a red rating from me.

Second, there is no "site" — nothing to answer the simple questions of: "who" "what" "where" "why" and/or "how"

  • WHO is the owner of this site? Can I trust them?
  • WHAT is this site about? what storage capacities are offered? what storage medium is used? (flat file database (text) MySQL? MSSQL? (etc.) what security is offered (obviously none with out a secured encrypted transmission).
  • WHERE does my stored text go? Is it shared with others? (affiliations, 3rd parties, sold, protected, etc., etc.)
  • WHY should I use this service? Will I incur fees? If so, how much? If not, why? Is my data backed up? If so, where, when, and how often?
  • HOW does savetext.org work?

No Privacy Policy!
You need to make one

No ToS
Your site offers a service but there is no Terms of Service — you need to make one.

I registered using 3 characters, you sent me an error stating that a username must be at least 4 characters...
Put that on the initial registration page!
What are you using for password encryption? Or are you storing that as plain text also?

whois shows the domain was registered on 22 OCT 2009 using private registration through protecteddomainservices.com

site is hosted on a shared IP: 174.120.154.220 through hostgator.com

I rate this site Low for all categories except Child Safety (unrated)
I personally wouldn't trust using it in it's current form.

Build a website, get an SSL, get a dedicated IP
Maybe I'll change my rating.

BTW, delete the user "wot7"

Any SQL Administrator can fetch the records stored in the database.
IF people store username and password combinations and the data is NOT excrypted, the SQL Admin can view, and use, this sensitive login information.
We call this PHISHing.

Are you a PHISH?
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W

Käyttäjän kuva

I came here after hearing

su 1. marraskuuta 2009 19:44:52 — SaveTextorg (ei varmistettu)

I came here after hearing about the topic from Stef. I run http://www.savetext.org and I think it is totally unethical the way you rate websites. I just started SaveText.org, because you do not like how simple my website is, my privacy policy is not 2 pages long, and because I just registered it a few weeks ago with private registration to protect myself from spam, you give me a negative rating? Your system is not right.

SaveText.org is 100% safe, I hand coded the script in PHP myself, everything is encrypted on a PHP level going into the database, the database is backed up daily, I do not need SSL. The website has been audited with www.acunetix.com software and is free from any SQL injection or XSS. So please tell me what is not secure and how you decided on your decision? Thanks a lot for rating my website negative that is 100% safe and coded with total security in mind, it is a free service and it is new, if you do not like it do not use it, but you cannot rate it negative for no reason other than the simple fact that you just don't like it. I will be reporting my website to WOT and send a complaint about your activity.

PS. The website is simple. I like things to be simple. IE) Google.com

Käyttäjän kuva

SSL

su 1. marraskuuta 2009 20:18:19 — g7w
I ran a service scan, results:
  • HTTP - 80 HTTP/1.1 200 OK
    Date: Sun, 01 Nov 2009 19:53:54 GMT
    Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
    X-Powered-By: PHP/5.2.9
    Connection: close
    Content-Type: text/html

Hostgator.com offers SSL with their hosting packages
You should use it.

My rating has nothing to do with your site being "simple" - there simply is no site.

Even Google has a website complete with ToS, Privacy Policy, Registration page, login page, etc.
BTW...
What IF I were to forget my password and/or my user name?
What is the method for retrieval?

Let's not go into "PHP Security" that happens to be an oxymoron, don't believe me? Ask Steffan
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W

Käyttäjän kuva

Don't blame us...

su 1. marraskuuta 2009 20:12:20 — evilfantasy

...we were requested to give our insight. g7w went above and beyond with his recommendations. You might have a serious look at them.

The best password managers I know of store the information locally on the host computer. Why? Because that is the securest way of storing sensitive information. Even web forums don't keep them. They can reset one but they can't view your password.

http://www.google.com/intl/en/privacy.html
http://www.google.com/intl/en/privacypolicy.html
http://www.google.com/accounts/TOS

Käyttäjän kuva

WOW! I am no longer using

su 1. marraskuuta 2009 20:16:43 — Stef_Lyn (ei varmistettu)

WOW! I am no longer using WOT I am sorry for ruining your score I was trying to help ):

Käyttäjän kuva

I understand what you are

su 1. marraskuuta 2009 20:26:16 — Stef_Lyn (ei varmistettu)

I understand what you are saying Evil, but because his website lacked ONLY a Privacy Policy to your standards you give me a horrible rating just for that? That is wrong and harming someones website. I will no longer be a part of this community

ITS A SAFE WEBSITE FOR SAVING TEXT!!

Käyttäjän kuva

Rating

su 1. marraskuuta 2009 22:14:19 — evilfantasy

Stef, and whoever else. The Privacy Policy is important but actually a very small issue (to me) and one of the easiest to address by the site owner. I haven't rated the site yet. I'm willing to see how this plays out and if any improvements are made before submitting a rating. If I were to rate it now it would be Yellow bordering on Red. I don't think there is malicious intent but also it doesn't look like anything is going to change so I can't find much reason to lean towards a Green rating.

A word of advice. When coming to a forum where security experts hang out, (many are experts here even if they won't admit it :) ) and asking their advice. It's best to leave your ego and feelings at the door. A lot can be learned from them but that's only if you are willing to learn.

We are being honest. You rating WOT and it's members personal websites Red is not only a flagrant abuse of the WOT system, it's simply childish and sad. Grow up.

Käyttäjän kuva

Limited to 2000 characters

su 1. marraskuuta 2009 20:43:20 — g7w

1 "document" limited to 2000 characters over a non-secure transmission.
This is "safe"?
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W

Käyttäjän kuva

@ Stef_Lyn

su 1. marraskuuta 2009 20:58:56 — g7w

You should stop PMing people, when they can not reply to you since you have your profile to not accept messages.
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W

Käyttäjän kuva

.....

su 1. marraskuuta 2009 21:01:29 — MysteryFCM

lalala .... it was a hot summers day, somewhere in the east of err, somewhere, when all of a sudden I saw ........

Okay, lets get to it. First and foremost, no SSL = plain text = NOT SECURE. Plain and simple (read up on MITM attacks or err, proxies).

Not having an SSL login is one thing, and is *usually* fine in some cases. However, if you're going to call your service "secure" ANYTHING, then you need to understand the difference between secure transmission of data, and plain text transmission.

As for the WhoIs being hidden, you're going to tell people they can trust you to securely store their data/passwords or whatever, then hiding WhoIs isn't a good way of doing that. Protect you from spam? Gimme a break.

As for "PHP Security", there's no such thing. EVERYTHING on the web can be compromised, irrespective of what you think or what some audit company/program tells you.

g7w has already said everything else I'd have said, so I'll leave it there.

Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net

Käyttäjän kuva

lol

su 1. marraskuuta 2009 22:51:36 — Warxas

Now I get a 403 error on the page. Guess he got insulted...

Käyttäjän kuva

re: 403 error

ma 2. marraskuuta 2009 01:13:10 — g7w

I get a simple text output:
SaveText.org is currently offline due to
spam from users at http://www.mywot.com

-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W

Käyttäjän kuva

re: 403 error

ma 2. marraskuuta 2009 01:15:42 — Sami

While in reality they are trying to spam comments on our site...

Käyttäjän kuva

Yeah

ma 2. marraskuuta 2009 01:52:02 — Warxas

I get that now too... Bye!

Käyttäjän kuva

Re: Rate this site

su 1. marraskuuta 2009 23:59:00 — Sami

I have no idea what the site is about and whether it can be trusted, but I must say that creating fake accounts and leaving false comments about users who offer you advice is an interesting strategy to improve the site's reputation. I might have personally responded to constructive criticism a bit differently if I wanted people to trust me, but maybe that's just me.

Käyttäjän kuva

Trolls

ti 3. marraskuuta 2009 02:52:12 — BobJam

More trolls again . . . finding quickly that this Lions Den is not for them. (Spamming member's boards was apparently a "parting shot" that pretty much amounted to the proof in the pudding).

@evilfantasy,

You made a good comment about people requesting a rating from the security experts here . . . and being willing to take the constructive criticism.

@Sami.

You expanded on that same thought.

© WOT Services Patentti vireillä