amateurradio.digital should not be trusted

Discussion in 'Ham Radio Discussions' started by NQ4T, Aug 14, 2021.

ad: L-HROutlet
ad: l-rl
ad: Left-3
ad: L-MFJ
ad: abrind-2
ad: Left-2
ad: L-Geochron
  1. NQ4T

    NQ4T XML Subscriber QRZ Page

    I just saw this on one of my other forums and am a bit livid at the attitude of some site owners.

    amateurradio.digital offers model specific DMR databases for a "donation" of $12/year; I use the term donation loosely because requiring a donation is not a donation.

    Anyway, a user pointed out a security flaw and as a result; the owner has banned him from the site but is also injecting the word "BANNED" in to the database he distributes. I'm not sure if this is kosher according to radioid.net's TOS. He also states "No Data Purge" on his website...which is clearly false if he is removing entries and replacing them with a BANNED message for seemingly personal reasons.

    Personally I feel this is the exact wrong mentality to take in amateur radio; let alone if you're running a website where you demand money from people.

    If you are considering using this service; you should maybe look elsewhere. We should not be supporting this attitude and behavior.

    [​IMG]
     
    KA4DPO and N5HXR like this.
  2. N5HXR

    N5HXR Ham Member QRZ Page

    Yes, This kind of stuff is completely unacceptable. Cussing someone out and marking them in the database is a bad response to a report of a security problem.

    The site apparently discloses part of the plaintext password as the forgot password hint as well as storing in plaintext. Egad!

    This stuff has been settled in web security best practices for twenty years. There's really no excuse for it, and this issue needs some public awareness.

    Especially since it seems the site isn't going to be secured, so anyone who used a non unique password on that site needs to know to go change that password anywhere else it got used.
     
    KY4GD, SA1CKE, K0IDT and 1 other person like this.
  3. WF4W

    WF4W Ham Member QRZ Page

    some ham radio operators are weirdos and have a total lack of emotional intelligence...
     
    N2UHC, G0TNU, KK4NSF and 2 others like this.
  4. KA4DPO

    KA4DPO Platinum Subscriber Platinum Subscriber QRZ Page

    Woah,,,,,,,,,. That kind of thing is totally unacceptable in amateur radio. In fact it is worse than unacceptable.
     
    Last edited: Aug 14, 2021
  5. KA4DPO

    KA4DPO Platinum Subscriber Platinum Subscriber QRZ Page

    I just thought of something, just using the term "Donation" doesn't count, what he is doing looks a lot like he is using amateur radio for pecuniary interest. Maybe the FCC should be apprised of this situation. It says 12 months for $12 dollars, that doesn't sound like a donation to me.

    This is straight from the website. I wonder if any of them are compensating him in some way?

    Proud to be working with the following Digital Radio manufacturers to offer you the best integration possible.


    TYT
    AnyTone
    Retevis
    Radioddity
    Connect Systems
    Hytera
    Ailunce
    BTECH
     
    K0UO likes this.
  6. K0IDT

    K0IDT Ham Member QRZ Page

    Aside from the arrogant attitude by the list owner -- it's not unique in the hamster digital world when it comes to some developers and list owners, one dare not question anything, helpful or not, else be banned -- there is another glaring problem here. It's amateur radio, can DMR not function without depending on a database only accessible from the internet? Aren't hams able to produce their own database locally or are they just lazy? Nothing is preventing the DMR users
    from building their own database and sharing with the broader community.
     
    Last edited: Aug 14, 2021
    N3HQN likes this.
  7. W5UAA

    W5UAA Ham Member QRZ Page

    True.
     
  8. KN4DS

    KN4DS Ham Member QRZ Page

    Sheesh, such attitude.

    And let's not even get to the security issue with storing passwords in plaintext - let's start with connecting to the site.

    No SSL/TLS redirect. Yup, http, with relative links throughout.

    This means that if you sign up, or go there and log in without specifying https yourself, you're sending everything in the clear on the public Internet. Ripe for picking by any listening device.

    I volunteer to be banned.
     
  9. W4NNF

    W4NNF XML Subscriber QRZ Page


    Only if he's selling his databases on the air...
     
    N2UHC likes this.
  10. W2NAP

    W2NAP Ham Member QRZ Page

    hmmm.... looks like they took the same class HRD did with customer interactions.
     
    KD8OSD, KA9JLM, AG5DB and 2 others like this.

Share This Page

ad: Mircules-1