Author Topic: Site is not secure (no https://)  (Read 4182 times)

Frankies Girl

  • Handlebar Stache
  • *****
  • Posts: 2436
  • Age: 2012
  • Typical Ghoul Next Door
Site is not secure (no https://)
« on: March 08, 2017, 02:05:36 PM »
I'm sure this is something y'all are aware of, but I got a warning to not log in on this site due to the secure login no longer existing. I am using Firefox, and they alert you when you have login now when there is no https:// available. Pasting this in front of the existing addy gets a "page does not exist" error.
I frequently have no idea what I'm talking about. Like now.

FIREd as of: March 6th, 2015!

Ting is awesome! Get $25 if you use my referral code: https://z0p1rd31m89.ting.com/

bobechs

  • Handlebar Stache
  • *****
  • Posts: 1051
Re: Site is not secure (no https://)
« Reply #1 on: March 08, 2017, 03:16:58 PM »
Exactly how would an ssl connection to this site improve your life?  Other than not being pointlessly browbeaten by your chosen browser, that is...

Frankies Girl

  • Handlebar Stache
  • *****
  • Posts: 2436
  • Age: 2012
  • Typical Ghoul Next Door
Re: Site is not secure (no https://)
« Reply #2 on: March 08, 2017, 03:31:43 PM »
Exactly how would an ssl connection to this site improve your life?  Other than not being pointlessly browbeaten by your chosen browser, that is...

No idea. Not sure why the snark or snide response, but as the entire site was just migrated and there have been growing pains and likely others will be getting this same error and not sure what to do, so thought I'd mention it here to be helpful or something (so they know it's not just them and can ignore if necessary or voice their own concerns with the lack of security)... guess being helpful is the wrong thing to do?

« Last Edit: March 11, 2017, 12:23:17 AM by Frankies Girl »
I frequently have no idea what I'm talking about. Like now.

FIREd as of: March 6th, 2015!

Ting is awesome! Get $25 if you use my referral code: https://z0p1rd31m89.ting.com/

SoftwareGoddess

  • 5 O'Clock Shadow
  • *
  • Posts: 90
  • Location: Canada
Re: Site is not secure (no https://)
« Reply #3 on: March 08, 2017, 03:50:48 PM »
I'm sure this is something y'all are aware of, but I got a warning to not log in on this site due to the secure login no longer existing.

Actually, it never existed, so it's not an issue with the migration.

That being said, I would prefer a secure connection, at least for logins.
"It's not the 80s. Nobody says 'hack' anymore."

Syonyk

  • Magnum Stache
  • ******
  • Posts: 2732
    • Syonyk's Project Blog
Re: Site is not secure (no https://)
« Reply #4 on: March 08, 2017, 04:56:41 PM »
Let's Encrypt is free SSL certs.

https://letsencrypt.org/
My random project blog - ebikes, DIY, fans, and more: http://syonyk.blogspot.com

RWD

  • Handlebar Stache
  • *****
  • Posts: 1509
  • Location: Mississippi
Re: Site is not secure (no https://)
« Reply #5 on: March 08, 2017, 06:10:47 PM »
I would also like this site to be through https.

MilesTeg

  • Bristles
  • ***
  • Posts: 450
Re: Site is not secure (no https://)
« Reply #6 on: March 10, 2017, 08:04:00 PM »
No encrypted login means your password is not kept secret, and if you use it in more than one place those accounts are insecure as well. More importantly if you are using openid your openid is directly compromised.

No SSL means your profile information (which may contain important details about you such as your email that can be used by identity thieves to impersonate you) is exposed to the world.

No SSL means anything you do is trivially intercepted, including things that you have a reasonable expectation of privacy with, such as sharing contact details with someone on a PM.

No SSL means that when a moderator browses the forum, which likely logs IP addresses viewable to a moderator, then someone intercepting a Moderator's connection has a nicely way to gather IPS of users, making it easier to collect this smorgusborg of user information.

No SSL means that someone can trivially perform a man in the middle attack on you, and make an embarrassing, illegal or illicit post in your name without even having to know your login.

It's really inexcusable to run a website in 2017 that does not at least attempt to be secure.
« Last Edit: March 10, 2017, 08:16:33 PM by MilesTeg »

omachi

  • Stubble
  • **
  • Posts: 213
  • Location: Minnesota
Re: Site is not secure (no https://)
« Reply #7 on: March 10, 2017, 08:31:11 PM »
It also means that if you're posting via your company's internet connection (shame, shame) it's trivial for IT or whomever to record everything you post. Not to mention probably trivially figure out who you are and browse all your prior or future posts if they felt so inclined.

Paul der Krake

  • Magnum Stache
  • ******
  • Posts: 3444
  • Age: 9
  • Location: WA
Re: Site is not secure (no https://)
« Reply #8 on: March 10, 2017, 08:44:07 PM »
It also means that if you're posting via your company's internet connection (shame, shame) it's trivial for IT or whomever to record everything you post. Not to mention probably trivially figure out who you are and browse all your prior or future posts if they felt so inclined.



We have a winner.

stashgrower

  • Bristles
  • ***
  • Posts: 295
  • Location: Australia
Re: Site is not secure (no https://)
« Reply #9 on: March 10, 2017, 10:23:08 PM »
Thanks, MilesTeg, very informative. I'd thought about the password thing but not most of the other points.

dragoncar

  • Walrus Stache
  • *******
  • Posts: 7258
  • Registered member
Re: Site is not secure (no https://)
« Reply #10 on: March 11, 2017, 01:22:14 AM »
Holy crap, how did I not notice that?  Yeah, I'm not a fan of my password being sent in plain text even though I don't reuse passwords, someone could certainly hack my account and pose as me, the most powerful dragon on the site.

johnny847

  • Magnum Stache
  • ******
  • Posts: 3196
    • My Blog
Re: Site is not secure (no https://)
« Reply #11 on: March 11, 2017, 02:26:04 PM »
Holy crap, how did I not notice that?  Yeah, I'm not a fan of my password being sent in plain text even though I don't reuse passwords, someone could certainly hack my account and pose as me, the most powerful dragon on the site.

Aren't you the most powerful dragon by default?

dragoncar

  • Walrus Stache
  • *******
  • Posts: 7258
  • Registered member
Re: Site is not secure (no https://)
« Reply #12 on: March 11, 2017, 04:25:08 PM »
Holy crap, how did I not notice that?  Yeah, I'm not a fan of my password being sent in plain text even though I don't reuse passwords, someone could certainly hack my account and pose as me, the most powerful dragon on the site.

Aren't you the most powerful dragon by default?


No, there are some competitors

Rural

  • Magnum Stache
  • ******
  • Posts: 4186
Re: Site is not secure (no https://)
« Reply #13 on: March 11, 2017, 05:05:11 PM »
Holy crap, how did I not notice that?  Yeah, I'm not a fan of my password being sent in plain text even though I don't reuse passwords, someone could certainly hack my account and pose as me, the most powerful dragon on the site.

Aren't you the most powerful dragon by default?


No, there are some competitors


Pah. The Dragoncar is without peer,

Paul der Krake

  • Magnum Stache
  • ******
  • Posts: 3444
  • Age: 9
  • Location: WA
Re: Site is not secure (no https://)
« Reply #14 on: March 11, 2017, 11:24:23 PM »
Holy crap, how did I not notice that?  Yeah, I'm not a fan of my password being sent in plain text even though I don't reuse passwords, someone could certainly hack my account and pose as me, the most powerful dragon on the site.

Aren't you the most powerful dragon by default?


No, there are some competitors


Pah. The Dragoncar is without peer,
You take this back missie.

dragoncar

  • Walrus Stache
  • *******
  • Posts: 7258
  • Registered member
Re: Site is not secure (no https://)
« Reply #15 on: March 12, 2017, 01:25:51 AM »
Beware the dragon car without a walrus Stache!

Dicey

  • Walrus Stache
  • *******
  • Posts: 5799
  • Age: 59
  • Location: NorCal
Re: Site is not secure (no https://)
« Reply #16 on: March 12, 2017, 03:36:44 AM »
Uh-Oh. Seriously, I am doomed. Moderators, what the hell???

Oh, fuckety fuck. At least I'm not posting on a work computer. Accccckkk!
I did it! I have a journal!
A Lot Like This
And hell yes, I am still moving confidently in the direction of my dreams...

clackapedia

  • Administrator
  • 5 O'Clock Shadow
  • *****
  • Posts: 20
Re: Site is not secure (no https://)
« Reply #17 on: March 12, 2017, 11:09:45 AM »
No encrypted login means your password is not kept secret, and if you use it in more than one place those accounts are insecure as well. More importantly if you are using openid your openid is directly compromised.

No SSL means your profile information (which may contain important details about you such as your email that can be used by identity thieves to impersonate you) is exposed to the world.

No SSL means anything you do is trivially intercepted, including things that you have a reasonable expectation of privacy with, such as sharing contact details with someone on a PM.

No SSL means that when a moderator browses the forum, which likely logs IP addresses viewable to a moderator, then someone intercepting a Moderator's connection has a nicely way to gather IPS of users, making it easier to collect this smorgusborg of user information.

No SSL means that someone can trivially perform a man in the middle attack on you, and make an embarrassing, illegal or illicit post in your name without even having to know your login.

It's really inexcusable to run a website in 2017 that does not at least attempt to be secure.

I concur with all of this, and I just got approval from MMM to start implementing SSL here!  Hopefully will be good to go by the end of the day.

Cheers!

clackapedia

  • Administrator
  • 5 O'Clock Shadow
  • *****
  • Posts: 20
Re: Site is not secure (no https://)
« Reply #18 on: March 12, 2017, 11:40:54 AM »
Houston, we have SSL!

Let me know if you run into any problems since the change and I'll look into them!


Paul der Krake

  • Magnum Stache
  • ******
  • Posts: 3444
  • Age: 9
  • Location: WA
Re: Site is not secure (no https://)
« Reply #19 on: March 12, 2017, 11:45:37 AM »
Somebody has been impersonating me. Please investigate.

Tasty Pinecones

  • Pencil Stache
  • ****
  • Posts: 763
Re: Site is not secure (no https://)
« Reply #20 on: March 12, 2017, 11:50:40 AM »
Firefox and Vivaldi browser (both Linux versions) still complain no HTTPS. Can someone give me the SSL vs HTTPS explanation?

PJ

  • Handlebar Stache
  • *****
  • Posts: 1440
  • Age: 46
  • Location: Toronto, Canada
Re: Site is not secure (no https://)
« Reply #21 on: March 12, 2017, 01:14:34 PM »
clackapedia, thanks to you and MMM for your prompt response to addressing the concern that was raised.  Appreciate it!
'To be human you must bear witness to justice. Justice is what love looks like in public." 
Dr. Cornel West

Dicey

  • Walrus Stache
  • *******
  • Posts: 5799
  • Age: 59
  • Location: NorCal
Re: Site is not secure (no https://)
« Reply #22 on: March 12, 2017, 01:25:43 PM »
^^^Amen.^^^
I did it! I have a journal!
A Lot Like This
And hell yes, I am still moving confidently in the direction of my dreams...

katsiki

  • Pencil Stache
  • ****
  • Posts: 615
  • Age: 37
  • Location: Louisiana
Re: Site is not secure (no https://)
« Reply #23 on: March 12, 2017, 01:30:14 PM »
Thanks for the quick response!

You can cancel my request for a refund of the site membership fee.  :)
"busy eating lentils in a van by the river"

Syonyk

  • Magnum Stache
  • ******
  • Posts: 2732
    • Syonyk's Project Blog
Re: Site is not secure (no https://)
« Reply #24 on: March 12, 2017, 02:06:44 PM »
Awesome would buy again!
My random project blog - ebikes, DIY, fans, and more: http://syonyk.blogspot.com

dragoncar

  • Walrus Stache
  • *******
  • Posts: 7258
  • Registered member
Re: Site is not secure (no https://)
« Reply #25 on: March 12, 2017, 02:08:07 PM »
Somebody has been impersonating me. Please investigate.

Nice one Paul


FIRE me

  • Handlebar Stache
  • *****
  • Posts: 1100
  • Location: Louisville, KY
  • So much technology, so little talent.
Re: Site is not secure (no https://)
« Reply #26 on: March 13, 2017, 11:23:12 AM »
Houston, we have SSL!

Let me know if you run into any problems since the change and I'll look into them!

Wow. Serious thanks to MMM and clackapedia for making the forum https.

In addition to all the good reasons listed by MilesTeg and omachi, I am also concerned that very recently the head of the FTC killed a rule that would have stopped your own ISP from spying on your Internet browsing (and posts), and then selling your data to data brokers and advertisers. A major violation of everyone's law abiding right to read and communicate with the expectation of privacy. Https puts a stop to that nonsense.

I post details here of my financial and personal life that I reveal to no one else, and I sure don't think it is any of my ISP's business.

One trivial thing. Chrome browser reports that there are insecure elements, so the site does not report as fully secure like for example a banking site. Chrome says “Your connection to this site is not fully secure. Attackers might be able to see the images you're looking at on this site and trick you by modifying them.” Clicking details adds "Mixed Content. The site includes HTTP resources."
FIRE'd on January 4, 2017

MilesTeg

  • Bristles
  • ***
  • Posts: 450
Re: Site is not secure (no https://)
« Reply #27 on: March 13, 2017, 04:13:59 PM »
No encrypted login means your password is not kept secret, and if you use it in more than one place those accounts are insecure as well. More importantly if you are using openid your openid is directly compromised.

No SSL means your profile information (which may contain important details about you such as your email that can be used by identity thieves to impersonate you) is exposed to the world.

No SSL means anything you do is trivially intercepted, including things that you have a reasonable expectation of privacy with, such as sharing contact details with someone on a PM.

No SSL means that when a moderator browses the forum, which likely logs IP addresses viewable to a moderator, then someone intercepting a Moderator's connection has a nicely way to gather IPS of users, making it easier to collect this smorgusborg of user information.

No SSL means that someone can trivially perform a man in the middle attack on you, and make an embarrassing, illegal or illicit post in your name without even having to know your login.

It's really inexcusable to run a website in 2017 that does not at least attempt to be secure.

I concur with all of this, and I just got approval from MMM to start implementing SSL here!  Hopefully will be good to go by the end of the day.

Cheers!

Awes9me thanks for the (swift!) Attention and fix!

katsiki

  • Pencil Stache
  • ****
  • Posts: 615
  • Age: 37
  • Location: Louisiana
Re: Site is not secure (no https://)
« Reply #28 on: March 13, 2017, 05:42:59 PM »
I don't believe the images not being secured is an issue.  That is a pretty common "issue" on many web sites.
"busy eating lentils in a van by the river"

RobFIRE

  • Bristles
  • ***
  • Posts: 255
  • Age: 33
  • Location: UK
  • Projected FIRE May 2020
Re: Site is not secure (no https://)
« Reply #29 on: March 16, 2017, 02:11:08 AM »
Thanks to the site operators/mods for putting in HTTPS support.

johnny847

  • Magnum Stache
  • ******
  • Posts: 3196
    • My Blog
Re: Site is not secure (no https://)
« Reply #30 on: March 16, 2017, 06:38:51 AM »
I don't believe the images not being secured is an issue.  That is a pretty common "issue" on many web sites.

Even if it were an issue, this isn't something that can be solved by the mods. People can embed their own images in their posts that were uploaded to other sites such as imgur that aren't delivered via https.

hoping2retire35

  • Handlebar Stache
  • *****
  • Posts: 1033
  • Location: UPCOUNTRY CAROLINA
Re: Site is not secure (no https://)
« Reply #31 on: March 16, 2017, 07:24:58 AM »
just got this error message. using mozilla

The information you have entered on this page will be sent over an insecure connection and could be read by a third party.

Are you sure you want to send this information?"

neo von retorch

  • Magnum Stache
  • ******
  • Posts: 2552
  • Location: SE PA
    • Fi@retorch - personal finance tracking
Re: Site is not secure (no https://)
« Reply #32 on: March 16, 2017, 07:30:11 AM »
While user content can still be linked insecurely, it would be helpful if the header image was linked via https:// - at least then on any pages that don't have user linked images, it would be 100% secure. Good for reducing confusion and paranoia.

hoping2retire35

  • Handlebar Stache
  • *****
  • Posts: 1033
  • Location: UPCOUNTRY CAROLINA
Re: Site is not secure (no https://)
« Reply #33 on: March 16, 2017, 07:54:52 AM »
ok, twice now when I have modified a post have I gotten the error message. and only then.

Rural

  • Magnum Stache
  • ******
  • Posts: 4186
Re: Site is not secure (no https://)
« Reply #34 on: March 16, 2017, 11:38:45 AM »
ok, twice now when I have modified a post have I gotten the error message. and only then.


 I was just about to report the same issue – it's definitely on updating a post, though I don't remember if I pushed modify or edit.

jooniFLORisploo

  • Magnum Stache
  • ******
  • Posts: 2663
  • Location: under the couch, looking upward
Re: Site is not secure (no https://)
« Reply #35 on: April 04, 2017, 11:34:42 AM »
Extreme excellentness that the forum gods implemented this request! Just posting to express appreciation, admiration, and thanks :)

Sydneystache

  • Bristles
  • ***
  • Posts: 274
  • Location: Sydney (Westie!)
  • Aiming for RE!
Re: Site is not secure (no https://)
« Reply #36 on: April 04, 2017, 09:10:41 PM »
just got this error message. using mozilla

The information you have entered on this page will be sent over an insecure connection and could be read by a third party.

Are you sure you want to send this information?"

Had this last week when responding to big threads and it would reload to "create new thread".

But I updated my iOS last night and so far no probs.

Sydneystache

  • Bristles
  • ***
  • Posts: 274
  • Location: Sydney (Westie!)
  • Aiming for RE!
Re: Site is not secure (no https://)
« Reply #37 on: April 04, 2017, 10:14:47 PM »
I posted too soon- tried to post in a big thread which I haven't posted in before eg more than 50? 100 posts? but won't let me. I couldn't even edit my previous post in this thread.

Threshkin

  • Pencil Stache
  • ****
  • Posts: 774
  • Location: Colorado
    • My Journal
Re: Site is not secure (no https://)
« Reply #38 on: April 10, 2017, 04:52:50 PM »
just got this error message. using mozilla

The information you have entered on this page will be sent over an insecure connection and could be read by a third party.

Are you sure you want to send this information?"

I just got this same error replying to a thread using Firefox Version 52.0.2.  I post fairly frequently and have not seen this before today.