WEB SITES COULD BE FISHING FOR PRIVATE INFO

Very legitimate site. 'nuff said

 

Perhaps use of the search facility here might have assuaged your paranoia slightly since there are numerous threads referring to this as the official factory owners site

Then again perhaps this entire site exists solely to persuade people of the legitimacy of the official site and all around the world there are people who have lost their cars as a result......

And as everyone knows the media is a conspiracy as they refuse to print the story warning other owners of this problem

Keep taking the tablets......

 

I believe its "Phishing"

 

I would be careful on any site you put information into. As an Admin, I have created sites and have access to passwords. I did this test once and you must give it to idiot's to see if it really works. So I used my mother to test it. When she created a user she used her pin number for her Credit Card. I saw it when I was testing the data and I know her CC number. I told her never to use that number for other reasons. She said that she uses it for all things.

Now how many people do that?

The admin on this site could see all the passpords if he wanted to. He could work out where you live by other info that you have submited! Not saying they would!

So, just be careful with any site.

 

To follow up on the last thought, I'm onboard with that, I've got multiple passwords somewhat related to the security of the sites involved. Of course nobody's going to maintain 32 different passwords, a unique one for each site, but places with things like financial information have a different set of passwords than those like Fchat that don't have anything more sensitive than my email address.

If you don't use a similar policy, you should start changing immediately ! No telling when a "recreational" site might get hacked (presumably easier than your bank???)

 

"www.owners.ferrari.com" would be a subdomain of ferrari.com.

A little poking around with "dig" and "whois" would seem to indicate that ferrari.com is owned by Ferrari SpA.

Register.it Spa - Whois Server Version 1.2
Domain name: FERRARI.COM
Registrant Name: FERRARI S.P.A.
Contact: Ferrari S.p.A.
Registrant Address: Via Abetone Inferiore 4
Registrant City: Maranello
Registrant Postal Code: 41053
Registrant Country: IT

I can only trace the IP address to an IT Telecom SpA subnet -- apparently a server farm.


There are always trade-offs on security: Your IT staff will tell you to never write down a password -- so people tend to use the same password for everything so they can remember it.

I figure it's relatively safe to write down internet web site passwords on paper, as it's hard to hack paper from the net. Of course, if you have kids around where you surf the web, then there's the issue of keeping the paper away from them. (Or keeping the spouse from tossing it out while cleaning up.)

I have less trouble remembering my passwords than remembering all the different usernames I have on different sites.

 

That's not true. The passwords in the database is encrypted, which means, that a simple password, will be converted to a very long row of digits and letters.

So you can be fairly safe - Of course everyone should always be cautious.

 

Thats true, but how do we know they used encrytion for it and not just a Varchar(15) instead? As a user we dont know. Ive seen a lot of bad programmers use varchar's for passwords for the testing faze, just to make sure everything is going to plan. Like most projects are under quoted in time and they are pushing the deadlines and just leave it as it is for the final project.

Once again, your right if done correctly. But would you bet every site has code written in the correct way?

I've taken over a lot of site's in the past and couldnt believe what some people have written and released it.

 

If you mean Ferrarichat.com? this sites user passwords are stored as ecrypted entrys into a DB,and the sites admin & mods cannot see / decrypt them.

 

No, Im not saying they do, Im sure they dont. But as we are talking about other site's and the security issues.

Let say when this site was created and they didnt have the ecryption added to passwords and just used a Varchar and with the textbox type equal password. A user could not tell the difference between an ecrypted password or a non-ecrypted password entered into the database.

Im NOT saying it happens here. But just be aware of other sites. Because if it can happen, it will happen.

 

Zakeen,

If you ever register at a site running vBulletin, PhpBB or any of the major forum applications, passwords are ALWAYS encrypted using MD5, which, i think, is the safest of all...

but if some is using their pin code or other, when they register at a website, well thats their problem - As long as you are aware of the risk, and use passwords that are safe, then no worries...

 

True, they are released encrypted. But thats not stopping any admin to change it before hand. Which wouldnt take long at all.

I dont want to start a war here. Its the last thing I want to do. So sorry if Im on touchie ground.

 

No, don't get me wrong. I'm not interestet in starting a war either, but we are discussing - Thats what we are here for, right?

But, yes, you're right, you can't stop them from changing it...

My way to feel safe: use 1 safe, non personal password... works for me

 

Click on the "lock" at the bottom right of the page.

As you'll note - the owner's site uses Verisign - RC4 128 bit

If you poke around a bit, you'll find more on types of encryption used for each permission level, public keys, field values and algorithms (a word I'm going to use on another thread shortly, as I remember it when I'm not online, and forget it when I'm good to go... )
____

http://www.verisign.com/ssl/index.html

SSL Certificates

VeriSign is the leading secure sockets layer (SSL) Certificate Authority enabling secure e-commerce and communications for Web sites, intranets, and extranets. Choose the trusted mark of high assurance for Internet security and enable the strongest SSL encryption available to every site visitor.

 

Better to be safe than sorry. The government is the biggest fisher of them all though. All data transmitted through the internet is archived in a military super computer known as Echelon. I'm sure they already know everything there is to know about you.

 

I always hate the guy in a thread that argue's a point so much and is alway against everyone. Now I feel Im that person. But I wouldnt feel right if I just left this thread alone

SSL is very good, dont get me wrong here. But, like the name of the thread, "WEB SITES COULD BE FISHING FOR PRIVATE INFO". Any Tom, Dick or Mathew could buy some web hosting, reg a domain(www.computers-for-far-less.com),pay for SSL Certificate, have passwords in DB set to varchar's with type=password on the form's to make believe its secure. While we are at it, lets have a credit card payment online.

So what we have here is a secure shopping cart. It could be legit or not(Its not the point Im making). However with this shopping cart, you have a dirty Admin. Which means you have a very very secure house, with a vault door(SSL) which is close to impossible to break into(but possible), but the dirty admin has the key! So he open's the door and goes through the database and view's credit card number, passwords and fishing for private info.

Very possible indeed. But very unlikely to happen, so Im not trying to freak people out, just going alone with the thread.