April 24, 2017, 08:49:48 PM

Author Topic: Site Security  (Read 1541 times)

rfdesigner

  • 1D Mark IV
  • ******
  • Posts: 767
Site Security
« on: March 17, 2017, 11:19:47 AM »
Hi.

Firefox has recently updated to yet another new version.

Crucially this has a new catch for sites that ask for passwords, in that it warns you if it isn't using an https connection but http instead, which apparently allows "bad people" to see your password.

I first found this out trying to log in here.

I've gone and checked and it seems that if I come to the front page then click on the forums tab the page it takes me to (with the login in the top right hand corner) isn't https.

Is this something to do with the link the site has in it, or is it my PC?

PC: Win7x64, Firefox 52.0
6D, 30D, 383L+, 28f1.8, 50STM, 100f2.0, 5.5"f8 scope, 12"f5 scope.
Personal Gripe:   "I could care less about.." = there are things less important too me, this may be my most important thing.
"I couldn't care less about.." = this is the bottom of my list.. it is so unimportant.

canon rumors FORUM

Site Security
« on: March 17, 2017, 11:19:47 AM »

Mt Spokane Photography

  • Zeiss 50mm F 0.7
  • ***********
  • Posts: 12908
Re: Site Security
« Reply #1 on: March 17, 2017, 12:30:36 PM »
Everyone who uses firefox is getting this on most of the websites they login to.  The issue is that passwords are sent un-encrypted.   The internet is full of posts about ways to get rid of the message, virtually no web sites use SSL except for ones doing financial transactions.  Google Chrome does the same

Many people use free wi-fi provided at public places, and it is a potential risk of interception in that case to everyone.

I would make sure that you never use the same password for a site like this as you do for other sites, because, hackers with the desire and resources could intercept login information.  The CIA, or other state sponsored hackers can get to almost anything.

I'm not really worried if they get my password and login since they are unique.  I use software called Roboform to generate random passwords of whatever length I need, and they can include most characters.  This means I can have hundreds of passwords for every login.  They can be encrypted and stored on a thumbdrive (s) where they are password protected as well.  In a setup like that, you only have to remember one complex password that cannot be guessed.

Since I use Firefox, and it was annoying, I disabled the message.

Mt Spokane Photography

  • Zeiss 50mm F 0.7
  • ***********
  • Posts: 12908
Re: Site Security
« Reply #2 on: March 17, 2017, 12:37:54 PM »
Here is a link if you want to disable it. 

http://www.tnhonline.com/2017/03/13/firefox-52-disable-insecure-password-warnings/

There is a big issue for adding SSL to a web site, the security protocol slows everything down and for those who do not have super fast internet connections, it can make a site unusable.

rfdesigner

  • 1D Mark IV
  • ******
  • Posts: 767
Re: Site Security
« Reply #3 on: March 17, 2017, 12:42:08 PM »
Everyone who uses firefox is getting this on most of the websites they login to.  The issue is that passwords are sent un-encrypted.   The internet is full of posts about ways to get rid of the message, virtually no web sites use SSL except for ones doing financial transactions.  Google Chrome does the same

Many people use free wi-fi provided at public places, and it is a potential risk of interception in that case to everyone.

I would make sure that you never use the same password for a site like this as you do for other sites, because, hackers with the desire and resources could intercept login information.  The CIA, or other state sponsored hackers can get to almost anything.

I'm not really worried if they get my password and login since they are unique.  I use software called Roboform to generate random passwords of whatever length I need, and they can include most characters.  This means I can have hundreds of passwords for every login.  They can be encrypted and stored on a thumbdrive (s) where they are password protected as well.  In a setup like that, you only have to remember one complex password that cannot be guessed.

Since I use Firefox, and it was annoying, I disabled the message.


thanks

Incidentally I found I could use https://www.canonrumors.com and lo and behold everything worked, no warnings.

I've now updated my shortcut to suit.
6D, 30D, 383L+, 28f1.8, 50STM, 100f2.0, 5.5"f8 scope, 12"f5 scope.
Personal Gripe:   "I could care less about.." = there are things less important too me, this may be my most important thing.
"I couldn't care less about.." = this is the bottom of my list.. it is so unimportant.

LDS

  • 1D Mark IV
  • ******
  • Posts: 784
Re: Site Security
« Reply #4 on: March 17, 2017, 02:16:20 PM »
virtually no web sites use SSL except for ones doing financial transactions. 

Well, not true. More and more sites are switching to SSL, especially those who requires logins and let user post. But SSL also ensures data aren't tampered with.

Many people use free wi-fi provided at public places, and it is a potential risk of interception in that case to everyone.

The risk is far higher if the sites you connect to doesn't use SSL.

I would make sure that you never use the same password for a site like this as you do for other sites,

That's a very good advice. But still, there are many other reason to use SSL (for example, to avoid someone alters the contents to deliver some nasty surprise).


brad-man

  • 5DSR
  • *******
  • Posts: 1013
Re: Site Security
« Reply #5 on: March 17, 2017, 03:28:38 PM »
virtually no web sites use SSL except for ones doing financial transactions. 

Well, not true. More and more sites are switching to SSL, especially those who requires logins and let user post. But SSL also ensures data aren't tampered with.



An obscure little site called Amazon is SSL whether you log in or not.

pwp

  • Canon EF 300mm f/2.8L IS II
  • ********
  • Posts: 2313
Re: Site Security
« Reply #6 on: March 17, 2017, 07:12:45 PM »
I have always had https://www.eff.org/https-everywhere installed as a Firefox add-on

-pw
Like Like x 1 View List

canon rumors FORUM

Re: Site Security
« Reply #6 on: March 17, 2017, 07:12:45 PM »

rfdesigner

  • 1D Mark IV
  • ******
  • Posts: 767
Re: Site Security
« Reply #7 on: March 19, 2017, 08:41:01 AM »
Brillant, thanks.

HTTPS everywhere now installed.
6D, 30D, 383L+, 28f1.8, 50STM, 100f2.0, 5.5"f8 scope, 12"f5 scope.
Personal Gripe:   "I could care less about.." = there are things less important too me, this may be my most important thing.
"I couldn't care less about.." = this is the bottom of my list.. it is so unimportant.

Mt Spokane Photography

  • Zeiss 50mm F 0.7
  • ***********
  • Posts: 12908
Re: Site Security
« Reply #8 on: March 19, 2017, 12:03:24 PM »
I have always had https://www.eff.org/https-everywhere installed as a Firefox add-on

-pw

I had previously considered installing it, but it had a really poor rating on the firefox site that I decided to just disable the warnings.  They even popped up a warning when logging into my NAS.

canon rumors FORUM

Re: Site Security
« Reply #8 on: March 19, 2017, 12:03:24 PM »