PM Security?

This isn't a suggestion per se, but I was wondering about how secure personal messages are. Since there are a lot of people doing trades here, and using the PM system to facilitate trading, I wanted to know how easy it would be for someone to intercept a personal message. I noticed that the PMs aren't sent from an SSL secured window and don't look encoded in anyway.

I don't mean a moderator (though I'd kind of like to know that too), but what if someone wanted to go through and intercept PMs in order to rip off someone? Does anyone know how easy this would be?

lol, thats a very odd but true point

How exactly can you rip someone off by intercepting a pm?

[quote name='Scrubking']How exactly can you rip someone off by intercepting a pm?[/quote]

Say you are planning to buy a game from someone, and are going to use PayPal. Eventually, you are going to have to give them your email address so you can be payed. If someone intercepts a PM and writes back with their own email address, then they could get paid instead of the trader.

That's just one situation I can think of. I'm not really a scammer, so I can't think of many others. I'm sure there are ways, though, if someone who is good at scamming thinks about it.

now for all of the scammers that didn't already think of that....theres something for you to shoot for ;o)

good thing i dont trade my games

The point is, one of the reasons for using PM is that it is somewhat anonymous, so someone can contact you without you giving up too much information. You only give your CAG screenname, so no one really knows anything about you. Eventually, they work up your trust, though, and you give them your email address, home address, or phone number or something. That was information only intended for the person you're PMing. I would like to know if this is easily viewable by people other than the person it was intended for. It's fairly widely known that, though it's difficult to see other people's emails, a technically proficient person could actually do it.

Maybe this isn't really an issue of who could be scammed, but I guess I would like to know what kinds of information it would be prudent to give out over a PM. I wouldn't want a lot of people to know my home address (just because you don't know what they would do with it), but you eventually have to give out this information in a trade. Maybe you should treat it with the same level of security as an email? Or are they more or less secure than email?

well, if thats the case...if you're worried about someone misusing your address....than dont trade....because any scammer can just make up a great trade with you...and get your address just like that, if they really wanted to....your best bet is to not trade at all, if you're that worried about it

this sites trustworthy tho.

[quote name='_heretic'][quote name='Scrubking']How exactly can you rip someone off by intercepting a pm?[/quote]

Say you are planning to buy a game from someone, and are going to use PayPal. Eventually, you are going to have to give them your email address so you can be payed. If someone intercepts a PM and writes back with their own email address, then they could get paid instead of the trader.

That's just one situation I can think of. I'm not really a scammer, so I can't think of many others. I'm sure there are ways, though, if someone who is good at scamming thinks about it.[/quote]

How is that possible when you know exactly who is PMing you?

If I send you a pm with my email address you know exactly who's email address it is. I doubt someone is going to hack the servers and start hijacking screen names. You fears are unfounded and your theory is flawed.

PM's aren't exactly sent. They are just being inserted into the database. Unlike email these things don't travel through multiple servers across the internet and around the world. I guess you could still have a PM sent to a wrong person (very unlikely unless you can't spell), but that would be most likely a software glitch somewhere (unless you can't spell). Maybe someone could hack the database server and read all the data in the database, but doubt it would be worth it for anyone to even bother.

[quote name='b3b0p']PM's aren't exactly sent. They are just being inserted into the database. Unlike email these things don't travel through multiple servers across the internet and around the world. I guess you could still have a PM sent to a wrong person (very unlikely unless you can't spell), but that would be most likely a software glitch somewhere (unless you can't spell). Maybe someone could hack the database server and read all the data in the database, but doubt it would be worth it for anyone to even bother.[/quote]

So if they are just added to the board database, can a board administrator read PMs, if he or she knows how?

[quote name='_heretic'][quote name='b3b0p']PM's aren't exactly sent. They are just being inserted into the database. Unlike email these things don't travel through multiple servers across the internet and around the world. I guess you could still have a PM sent to a wrong person (very unlikely unless you can't spell), but that would be most likely a software glitch somewhere (unless you can't spell). Maybe someone could hack the database server and read all the data in the database, but doubt it would be worth it for anyone to even bother.[/quote]

So if they are just added to the board database, can a board administrator read PMs, if he or she knows how?[/quote]

I'm sure Cheapy could read your pm's if he wanted to, but I doubt he is gonna try to steal anything from you.

I think you are a little too paranoid.

yeah, its a wonder how he sleeps at night

if i sleep tonight, i might not wake up....or someone will steal my milk....or my nightmares might consume me...or....

If someone hacks into the server and gets access to the DB then basically security is breached and anything could happen.

The same holds true for any site, your home, your car, or whatever.

The WHAT IFs are not your worries..they are the sys admins. I keep an eye on the server and patch it when needed for any holes. I actually updated recently all of phpbb to the latest code to prevent any possible risks as well.

Prevention is key. Before I knew what I was doing as a sys admin I had 2 servers compromised. It sucked to say the least. Now my servers are TIGHT and the kiddie scripters are laughed at.

Someone would REALLY have to go through a lot of trouble to try to intercept a PM here. Also its quite risky for them to start a paper trail by having a paypal account and getting the money from them.

Most hackers do it for shits and giggles. Defacing the site would most likely be their goal or installing back doors to attack other servers. They also like to install IRC servers to talk anonymously with other hackers.

And to make note: CheapyD can do whatever he wants on his server. He has full access and can read any PM, email, or whatnot thats on this server. Its just files and information and he has full server rights.

[quote name='defender']And to make note: CheapyD can do whatever he wants on his server. He has full access and can read any PM, email, or whatnot thats on this server. Its just files and information and he has full server rights.[/quote]

Yea so don't with CheapyD else the goon squad is comin at 'cha!