• If you enjoy the forum please consider supporting it by signing up for a NES Membership  The benefits pay for the membership many times over.

MIRCS website isn't secure?

MuzzleDiscipline

MuzzleDiscipline

NES Life Member
NES Member
Joined
Feb 16, 2014
Messages
639
Likes
808
Feedback: 15 / 0 / 0
Just went to the gun portal and got the URL message the site is using outdated security and is therefore insecure and may expose input data. Anyone? it is a https hyperlink. I don't know squat about security certificates. If I do a transfer does all that data including PIN appear in the clear?
 

Attachments

  • Screen Shot 2020-04-12 at 8.51.15 PM.png
    Screen Shot 2020-04-12 at 8.51.15 PM.png
    416.5 KB · Views: 10
I predicted this.

Make the online stuff fail, no more guns while not technically banning them.
 
“Insecure”? I don’t know, those assclowns seem pretty sure of themselves if you ask me.
 
Why do you say it's insecure?

It's running Windows 95.

Would you say any of these cars are less secure than a modern vehicle?

igotoffer.com

The Best Cars of 1995 | iGotOffer

Best Cars of 1995: When it comes to picking winners and awarding prizes and when it comes to rating cars, magazines Car and Driver and Automobile Magazine
igotoffer.com

If the government system gets hacked and all the LTC data stolen it would be great for the government.

They would no longer have to keep that data confidential if it was in the public domain in the first place.
 
Thanks for the incredibly insightful guidance. Never notice the warning before and was only concerned about dumping data to malicious site other than the government's malicious site.
 
MuzzleDiscipline said:
Just went to the gun portal and got the URL message the site is using outdated security and is therefore insecure and may expose input data. Anyone? it is a https hyperlink. I don't know squat about security certificates. If I do a transfer does all that data including PIN appear in the clear?
Click to expand...

Meh, the server doesn’t support the latest versions of the TLS protocol:
SSL Labs results for the MIRCS site

This is bad if the site accepts credit cards (it doesn’t) because the PCI DSS disallowed TLS 1.0 in mid 2018. Otherwise, it’s only a nuisance. The most recent versions of chrome (and Mozilla) are throwing warnings and promise to actually break access to sites supporting less than TLS 1.2 (which is what @milktree was alluding to - no tinfoil needed) in 2021.

NO, your data is NOT in clear text. TLS 1.0 has been shown in the lab to be susceptible to “man in the middle” eavesdropping, but its hardly trivial to achieve that and mircs isn’t a high value target to waste the effort on.

R
 
rali said:
Meh, the server doesn’t support the latest versions of the TLS protocol:
SSL Labs results for the MIRCS site

This is bad if the site accepts credit cards (it doesn’t) because the PCI DSS disallowed TLS 1.0 in mid 2018. Otherwise, it’s only a nuisance. The most recent versions of chrome (and Mozilla) are throwing warnings and promise to actually break access to sites supporting less than TLS 1.2 (which is what @milktree was alluding to - no tinfoil needed) in 2021.

NO, your data is NOT in clear text. TLS 1.0 has been shown in the lab to be susceptible to “man in the middle” eavesdropping, but its hardly trivial to achieve that and mircs isn’t a high value target to waste the effort on.

R
Click to expand...

Thank you for an accurate direct response of value. Such a rare commodity these days.
 
I worry about fires.

They have so much more TP in the bathroom closet that I hope its not a fire hazard for the server.
 
CrackPot said:
View attachment 347581
Click to expand...

Sure, I’ll own that.

Mesatchornug said:
Thus sounds more like generalized incompetency. Someone probably failed to renew or update their SSL security certificates. NBD.
Click to expand...

Oh, I’m sure; at least for this incident.

But “fail to maintain”, “fail to fund”, and “deliberately sabotage” look pretty similar and have the same effect if done slowly enough.

Failures like this aren’t technically a problem, but they do have the effect of discouraging use of the site, which discourages the exercise of a right.

The OP isn’t an idiot, and yet had reasonable doubt over the safety of the site.

Not everyone is an Internet security geek, and should not be expected to understand why warnings like he got can be ignored.
 
Last edited:
Well to help put it in perspective I followed an old link which was in the cache and landed on this site. It started me wondering.


That old link once useful and not static last time I visited it.......then some other poking around kept coming up with the warning.....considering all the rest of the BS over wrought panic the lefties have been pitching around with the addition of being considered a threat to public safety and law enforcement I don't put anything past the overlords. Anyone take a look at the number of deaths due to the normal flu season compared to the "pandemic"?

Estimated Flu-Related Illnesses, Medical visits, Hospitalizations, and Deaths in the United States — 2018–2019 Flu Season | CDC

CDC calculates estimates of disease burden in the United States using surveillance data and modeling to adjust for sources of under-detection. Burden estimates for the 2018-2019 season found here.
www.cdc.gov www.cdc.gov


The same folks who present you with the "climate change/global warming" disaster are responsible for our present irrational response. This is never about the issue they bring into focus and cause panic it is about asset reallocation. Political assets, financial assets, and cultural assets are the target. This generation will couch their perceptions against the background of drivel dreamt up to move the world towards Alyssa Milano's vision of utopia.

Remember the snowflakes and their cohorts want a vacation in Venezuela without having to spend the money on airfare.
 
Last edited:
Pretty sure all the browser makers are holding off on putting the nail in the coffin for TLS 1.0 and 1.1 cause coronavirus screwed up everyone's development and change management timeline.

Imagine just how many state, city, and town websites use old, depricated web platforms that suddenly getting slammed by the masses of unemployment, or just those looking for some sort of help (or a FTF transfer).

If you're a hacker and you're bored at home, you're probably doing it wrong. All those users working from home, or filing for unemployment who are now conditioned to clicking "skip" on security warnings. What could possibly go wrong?

Browser makers cite coronavirus, restore support for obsolete TLS 1.0 and 1.1 encryption
www.computerworld.com

Browser makers cite coronavirus, restore support for obsolete TLS 1.0 and 1.1 encryption

Long-in-the-tooth Transport Layer Security (TLS) 1.0 and 1.1 encryption is getting a temporary reprieve from Google, Microsoft and Mozilla.
www.computerworld.com www.computerworld.com
 

Similar threads

Smith and wesson website issues
Replies
23
Views
366
M1911
M1911
Age Confirmation for Firearms Website
Replies
8
Views
360
Taipan01
Taipan01
Democrat Running Against Ted Cruz Wants to Release Crime Scene Shooting Photos to Secure AR-15 Ban
Replies
0
Views
276
Reptile
Reptile
  • Locked
Think your safe is secure? [edited - call the dupe police]
Replies
2
Views
273
drgrant
drgrant
SecureIT Safes/Cabinets
Replies
7
Views
427
BrassAlliance
B
Back
Top Bottom