Results 1 to 7 of 7
  1. #1
    Newbie alt-j's Avatar
    Join Date
    March 11th, 2006
    Location
    down here
    Posts
    19
    When will SAS fix security issues?
    Here's a good security related post by shoemoney: http://www.shoemoney.com/2006/08/06/...curity-issues/

    It mentions that he was able to easily sniff network traffic and extract unencrypted login credentials:
    I am new to the SES and Pubcon conference so like the first time I ever went I fired up ethereal to see what was going on the open wifi. Within seconds I had recorded over 400 passwords for smtp, aim, msn and various web form data and it was not like from stupid newbie users. It was from Google employees and Yahoo and Microsoft. Also I had aim conversations recorded. I of course deleted the data right away.
    I've noticed that when I login to SAS, the credentials are sent unencrypted. Also, when using FTP to retrieve datafeeds, it's the same case. Most other networks get around this on the FTP side by issuing a separate username/password for FTP access (that way if someone does get your FTP username/password, they don't have full access to your affiliate account.)

    Is this something that SAS is going to address any time soon? I'm just starting to promote merchants from SAS but am hesitant when my sensitive information is transmitted across the wild internet unprotected.

  2. #2
    Newbie alt-j's Avatar
    Join Date
    March 11th, 2006
    Location
    down here
    Posts
    19

    Am I the only one that gets nervous about stuff like this?

  3. #3
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Los Angeles
    Posts
    4,053
    Is he not talking about the Wi-Fi connections at the conferences? Isn't there also a problem with wireless home networks, which is why many people dont use them?

    What is there about a wireless connection that makes it the same_thing as what's not wireless? Are you saying it's the same thing?

  4. #4
    ShareASale President/CEO and ABW Veteran Brian - ShareASale's Avatar
    Join Date
    January 18th, 2005
    Posts
    3,657
    Alt-J - if you'd rather login via SSL you can do so at

    https://shareasale.com/a-login.cfm
    Thanks,

    Brian Littleton
    President/CEO - ShareASale.com, Inc.

  5. #5
    Newbie alt-j's Avatar
    Join Date
    March 11th, 2006
    Location
    down here
    Posts
    19
    Thanks Brian, I was not aware of that.
    Is anything going to be done about non-secure FTP? Can we at least use a different set of login credentials to gain access so that if our username/password are sniffed, the "sniffer" won't have full access to our account?


    webworker -
    Non-secured wireless connections are as hostile & untrusted as the Internet (wired or wireless.) Do you have absolute trust in your ISP? If so, how about your ISP's employees? Your ISP's employees have access to see the network traffic flowing through your internet connection. (I should go get my tin-foil hat.)
    If the connection is encrypted, like bank websites or the URL that Brian gave above, they can't decipher any of that traffic.

  6. #6
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Nunya, Business
    Posts
    23,684
    I never noticed that before. With CJ and LS your get the s after the http. With Performics you don't, with SAS you don't. Brian, why not just make that the default?

  7. #7
    ABW Ambassador MoneyBusiness's Avatar
    Join Date
    March 14th, 2006
    Posts
    2,051
    Quote Originally Posted by webworker
    Is he not talking about the Wi-Fi connections at the conferences? Isn't there also a problem with wireless home networks, which is why many people dont use them?

    What is there about a wireless connection that makes it the same_thing as what's not wireless? Are you saying it's the same thing?
    I wonder (read worry) about that often at home. I love my wifi, but I wonder if anyone is picking up on the dozens of passwords I enter on a regular basis...

    Entering stuff into non-secured forms makes me feel safe and sound..
    Follow my dog, Maya, and I, as we fumble around the affiliate marketing world: www.MarketingMaya.com
    Recent Project: Cheap Personal Checks (using DigitalQuill)

  8. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. CS issues with SAS
    By jill8026 in forum ShareASale - SAS
    Replies: 0
    Last Post: June 12th, 2008, 10:06 PM
  2. Wordpress 2.5.1 Bug & Security Fix & Enhancement
    By webworker in forum Blogging, Mobile and Social Media
    Replies: 6
    Last Post: April 26th, 2008, 02:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •