Pelican Parts is NOT a secure site
 

lots of juicy info ripe for the picking, wonder why it's not secure or encrypted? Or does it matter.

It is publicly searchable.

Logic dictates that even with secure protocols that the nature of being public makes taking time for security a pointless effort.

You need a little more aluminium sheet in that hat methinks.
It’s a forum. Most forums are public.

We're still working on switching our forum to the 'secure' https:// version (but as others have mentioned, the security risk here is fairly low.. this isn't tied to our e-commerce system at all)

I can find out more about virtually anyone here with a quick google search than can be gleaned from the data passed on this site.

Hint, ya'll are creatures of habit.

Which is the problem. The only real vulnerability is the login, because the credentials are sent plain text.

The whole "creatures of habit" thing is when lazy people use the same username and password for multiple different things.

I hacked into your blink... and those slippers do NOT go with that robe... just sayin!

What I meant by “the data passed here” is people drop breadcrumbs about themselves in their posts. They drop some of the same breadcrumbs all over the internet. You just need to have a knack for spotting them.

I don’t even know my passwords.

I went to a password manager a while back.

Let it gereate random passwords every time I create a new account.

Opt in for two factor whenever it’s offered.

Use a security token app on any site that supports it.

Pelican not secure? Meh.

well i get an alert from apple every time i sign in warning me my info is not secure on this site. little things like city, state, date of birth, friends/family names. The same things the DOD warn us about in cyber classes. thanks for working the security upgrades.

"We're still working on switching our forum to the 'secure' https:// version (but as others have mentioned, the security risk here is fairly low.. this isn't tied to our e-commerce system at all)"

They're not secure anyway if you use any social media... Thats much easier to socially engineer then intercepting routed data traffic through a car forum.

Apple....security? ...LOL ;)

That’s just a scam to sell certificates to web sites.
All it means is that TLS isn’t enabled. If anyone’s tapped into your connection or performing an MITM attack there’s more pressing issues than the thought that your posts or *gasp* your password could in theory be intercepted.