This is correct, the login is not encrypted. Does that mean you are at risk? Yes but only if your password is the same across multiple sites.... if, for exaple, your gmail password is the same as your email and bank account password then you have bigger problems that yoo need to deal with.
The reasons we have not activates ssl are:
1) We log all security events and, while attempts have been made to hack our servers, we have not seen attempts targeted at individual users.
1) nobody’s requested it before (now that you have We will look into installing it)
2) SSL gives a false sense of security to certain users. If you visit gCaptain from military or a large corporate network then chances are that network will serve a fake SSL so they can log your activity (this is known as a man-in-the-middle attack). The best prevention is unique passwords across multiple sites and use of a secure VPN tunnel through the corprate network (warning: most networks that log ssl activety also ban VPN use)
3) we have have redundant encrypted backups of all forum activety.... along with firewall and DNS security measures at the server level.
4) Encrypting just the login screen only protects your password but can leave you vulnerable to other attacks (like cookie theft)... so we really need to encrypt everything (like facebook now does) but this creates many problems for our limited IT staff.
That said, if you guys want this then, I will certainly look into implementing it. Untill then please use a good encrypted password generator/vault app that creates and stores individual passwords. I reccomend 1password for Apple users and Last Pass for everyone else.
P.S. Your biggest vulnerability is your email account. If a hacker gets access to this then it doesn’t matter what security steps you have taken elsewhere. So make sure you use a really good email password, change it weekly and activate two-step authentication. Doing these three steps alone will protect you from 99% of hackers.
P.S.2. If you have locked down your email and are still paranoid then look into secure VPN options which will provide a hardened tunnel to our front door.
P.S.3 here’s a link my favorite security podcast for those of you who (link me) enjoy nerding out on this kind of stuff: https://twit.tv/shows/security-now