Hello,
I'm making this announcement in the interest of all NS2-forum goers who care about the safety of their passwords.
As you may or may not be aware, whenever you browse the pages and forums of unknownworlds.com, you are currently doing so over HTTP and not HTTPS.
For those who don't know what this means: browsing web pages over HTTPS means that you are browsing content over a secure connection. Content sent to and from a web server over HTTPS is encrypted and generally safe from any third party interested in stealing your information by sniffing the packets of your connection. You can check if you are browsing a website over HTTPS by looking for "https://" at the start of the URL in the address bar.
Most major websites (google.com, facebook.com, etc.) now enforce HTTPS as the standard protocol for all connections established with their users. However, this is not the default and requires additional setup by the administrators of the web servers to enable HTTPS. This process typically means the administrators must purchase an SSL certificate from a recognized certificate authority so that your web browser knows that the website you are browsing is in fact the same website you believe it to be, and not the spoof of some malicious third party. From the user's perspective, this is all very transparent and shows up in the browser as a trusted HTTPS connection (typically with green font or a padlock adjacent the URL).
ANYWAY. What this means for you, the user, is simple; all content sent over regular HTTP is transferred in unencrypted cleartext. This means that unless the website you are browsing takes very, very careful precautions, all sensitive information you send to the server (passwords, credit card numbers, etc.) is sent in the clear, and anyone along the path to the server can easily listen in and steal your information.
Since unknownworlds.com does not yet use HTTPS, every time you enter your password and login to the forums, you are sending your password in cleartext over the internet and putting the safety of your password at risk. If you use the same password for anything else very important (like a bank account), consider changing those passwords immediately.
The good people of Unknown Worlds know of this situation and are working to setup HTTPS for their web pages. Once this happens, you will be able to enter your password over an encrypted connection. However, until this happens, understand that you are currently broadcasting your password loudly over the internet whenever you login to the forums. If this is important to you, you may want to change your forum password to something you definitely don't use anywhere else and consider the consequences of what would happen should your original password be in the wrong hands and act accordingly.
To be very clear, this problem is not unique to unknownworlds.com. This applies to any website you browse over regular, unencrypted HTTP. Always be smart about who you give which passwords to and pay attention to whether or not the connection is over HTTPS when entering any sensitive information.
Also to be clear, this does not mean that your password has been stolen. This means that your password may be stolen the moment you use it to login to these forums (depending on where you are connecting from).
More information about HTTPS:
http://en.wikipedia.org/wiki/HTTP_Secure
TL;DR:
Entering your password on websites that don't use HTTPS (including unknownworlds.com, currently) is exposing your password in cleartext over the internet. If the wrong person is close enough to listen, they may easily steal your password. Consider changing passwords if you use the same password elsewhere.
Regards,
FadedParadigm
I'm making this announcement in the interest of all NS2-forum goers who care about the safety of their passwords.
As you may or may not be aware, whenever you browse the pages and forums of unknownworlds.com, you are currently doing so over HTTP and not HTTPS.
For those who don't know what this means: browsing web pages over HTTPS means that you are browsing content over a secure connection. Content sent to and from a web server over HTTPS is encrypted and generally safe from any third party interested in stealing your information by sniffing the packets of your connection. You can check if you are browsing a website over HTTPS by looking for "https://" at the start of the URL in the address bar.
Most major websites (google.com, facebook.com, etc.) now enforce HTTPS as the standard protocol for all connections established with their users. However, this is not the default and requires additional setup by the administrators of the web servers to enable HTTPS. This process typically means the administrators must purchase an SSL certificate from a recognized certificate authority so that your web browser knows that the website you are browsing is in fact the same website you believe it to be, and not the spoof of some malicious third party. From the user's perspective, this is all very transparent and shows up in the browser as a trusted HTTPS connection (typically with green font or a padlock adjacent the URL).
ANYWAY. What this means for you, the user, is simple; all content sent over regular HTTP is transferred in unencrypted cleartext. This means that unless the website you are browsing takes very, very careful precautions, all sensitive information you send to the server (passwords, credit card numbers, etc.) is sent in the clear, and anyone along the path to the server can easily listen in and steal your information.
Since unknownworlds.com does not yet use HTTPS, every time you enter your password and login to the forums, you are sending your password in cleartext over the internet and putting the safety of your password at risk. If you use the same password for anything else very important (like a bank account), consider changing those passwords immediately.
The good people of Unknown Worlds know of this situation and are working to setup HTTPS for their web pages. Once this happens, you will be able to enter your password over an encrypted connection. However, until this happens, understand that you are currently broadcasting your password loudly over the internet whenever you login to the forums. If this is important to you, you may want to change your forum password to something you definitely don't use anywhere else and consider the consequences of what would happen should your original password be in the wrong hands and act accordingly.
To be very clear, this problem is not unique to unknownworlds.com. This applies to any website you browse over regular, unencrypted HTTP. Always be smart about who you give which passwords to and pay attention to whether or not the connection is over HTTPS when entering any sensitive information.
Also to be clear, this does not mean that your password has been stolen. This means that your password may be stolen the moment you use it to login to these forums (depending on where you are connecting from).
More information about HTTPS:
http://en.wikipedia.org/wiki/HTTP_Secure
TL;DR:
Entering your password on websites that don't use HTTPS (including unknownworlds.com, currently) is exposing your password in cleartext over the internet. If the wrong person is close enough to listen, they may easily steal your password. Consider changing passwords if you use the same password elsewhere.
Regards,
FadedParadigm