Welcome to the tech blog. I’ll be writing in here things that I find throughout my life and career about technology. It will include things such as code that I find useful, gadgets that I’ve used, and rants about technology. I hope you enjoy it.
I’ll start with a rant…
My son is in Cub Scouts. Since we have recently moved to North Carolina, we had to find a new pack to join. We found one that appears to be a lot more involved than the pack we were in in Florida. They are even up with the times. They are using a third party website to keep track of the packs activities and events. You can post pictures, look at a calendar, find out information about the other adults, etc. Cub Scout leaders even keep all of the information about the cub scout (including the address) in the website. Here is the problem. The third party website… not so much with the times.
First problem I noticed when I first logged in, not using SSL. This website is hosting information about dozens of children in just our pack. Who knows how many more all over the country. And it is not using SSL to transmit this traffic about children under the age of 13? This information, including passwords is going over the clear on the Internet. If someone were to get a hold of the database, they’d have the addresses of thousands of children.
This is where the second problem comes in. You might say, we the database is probably encrypted. I’d like to think so. Yesterday, I signed into the site, and changed the password from the default one that was given to me in the welcome email. Well, the cub scout leader decided to resend out these welcome emails this morning, in case people did not receive them. I received this email this morning. Inside this email was the password that I had chosen yesterday. So not only is the traffic insecure, now the database is not encrypted in any fashion? You might say they could be using a reversible encryption… but I think we all know that if you hack into the site and steal the database, you’ll be able to just as easily break into the websites pages and steal the salt.
Anyway, I have emailed the site’s tech support team to complain about these very things and hope to get a response. In the meantime, I’ll be considering not using the site, or having incorrect information inputted for both me and my son on purpose. I’ve already changed my password to one that I don’t use on anything else.