Site Security

rfdesigner

EOS 6D MK II
Sep 12, 2014
876
0
New Forest, UK
sites.google.com
Hi.

Firefox has recently updated to yet another new version.

Crucially this has a new catch for sites that ask for passwords, in that it warns you if it isn't using an https connection but http instead, which apparently allows "bad people" to see your password.

I first found this out trying to log in here.

I've gone and checked and it seems that if I come to the front page then click on the forums tab the page it takes me to (with the login in the top right hand corner) isn't https.

Is this something to do with the link the site has in it, or is it my PC?

PC: Win7x64, Firefox 52.0
 

Mt Spokane Photography

I post too Much on Here!!
Mar 25, 2011
15,365
621
Everyone who uses firefox is getting this on most of the websites they login to. The issue is that passwords are sent un-encrypted. The internet is full of posts about ways to get rid of the message, virtually no web sites use SSL except for ones doing financial transactions. Google Chrome does the same

Many people use free wi-fi provided at public places, and it is a potential risk of interception in that case to everyone.

I would make sure that you never use the same password for a site like this as you do for other sites, because, hackers with the desire and resources could intercept login information. The CIA, or other state sponsored hackers can get to almost anything.

I'm not really worried if they get my password and login since they are unique. I use software called Roboform to generate random passwords of whatever length I need, and they can include most characters. This means I can have hundreds of passwords for every login. They can be encrypted and stored on a thumbdrive (s) where they are password protected as well. In a setup like that, you only have to remember one complex password that cannot be guessed.

Since I use Firefox, and it was annoying, I disabled the message.
 

Mt Spokane Photography

I post too Much on Here!!
Mar 25, 2011
15,365
621
Here is a link if you want to disable it.

http://www.tnhonline.com/2017/03/13/firefox-52-disable-insecure-password-warnings/

There is a big issue for adding SSL to a web site, the security protocol slows everything down and for those who do not have super fast internet connections, it can make a site unusable.
 

rfdesigner

EOS 6D MK II
Sep 12, 2014
876
0
New Forest, UK
sites.google.com
Mt Spokane Photography said:
Everyone who uses firefox is getting this on most of the websites they login to. The issue is that passwords are sent un-encrypted. The internet is full of posts about ways to get rid of the message, virtually no web sites use SSL except for ones doing financial transactions. Google Chrome does the same

Many people use free wi-fi provided at public places, and it is a potential risk of interception in that case to everyone.

I would make sure that you never use the same password for a site like this as you do for other sites, because, hackers with the desire and resources could intercept login information. The CIA, or other state sponsored hackers can get to almost anything.

I'm not really worried if they get my password and login since they are unique. I use software called Roboform to generate random passwords of whatever length I need, and they can include most characters. This means I can have hundreds of passwords for every login. They can be encrypted and stored on a thumbdrive (s) where they are password protected as well. In a setup like that, you only have to remember one complex password that cannot be guessed.

Since I use Firefox, and it was annoying, I disabled the message.
thanks

Incidentally I found I could use https://www.canonrumors.com and lo and behold everything worked, no warnings.

I've now updated my shortcut to suit.
 

LDS

EOR R
Sep 14, 2012
1,531
125
Mt Spokane Photography said:
virtually no web sites use SSL except for ones doing financial transactions.
Well, not true. More and more sites are switching to SSL, especially those who requires logins and let user post. But SSL also ensures data aren't tampered with.

Mt Spokane Photography said:
Many people use free wi-fi provided at public places, and it is a potential risk of interception in that case to everyone.
The risk is far higher if the sites you connect to doesn't use SSL.

Mt Spokane Photography said:
I would make sure that you never use the same password for a site like this as you do for other sites,
That's a very good advice. But still, there are many other reason to use SSL (for example, to avoid someone alters the contents to deliver some nasty surprise).
 

brad-man

Semi-Reactive Member
Jun 6, 2012
1,312
82
S Florida
LDS said:
Mt Spokane Photography said:
virtually no web sites use SSL except for ones doing financial transactions.
Well, not true. More and more sites are switching to SSL, especially those who requires logins and let user post. But SSL also ensures data aren't tampered with.



An obscure little site called Amazon is SSL whether you log in or not.
 

pwp

EOS 5D MK IV
Oct 25, 2010
2,520
13
I have always had https://www.eff.org/https-everywhere installed as a Firefox add-on

-pw