Author |
Message |
deadshot2
Site Supporter
Location: Marysville, WA Joined: Fri Jul 22, 2011 Posts: 11581
Real Name: Mike
|
Seems like I'm getting a new message in my browser command line when I log in to this site. To be fair some others as well.
I get an "i" in a "circle" where the "http" used to be. When I click on the circled "i" it tells me that my connection is not private.
Any ideas? I've read that it may have to do with the security certificate of the site and even that my pc's clock is set wrong. Clock is set automatically via net so I doubt that. Curious.
I'm now running Win 10 Anniversary edition with all it's updates and patches to date. Don't see any errors like this when I use "Edge", just Chrome.
_________________ "I've learned from the Dog that an afternoon nap is a good thing"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"For he to-day that sheds his blood with me Shall be my brother" - William Shakespeare
|
Fri Sep 23, 2016 11:24 am |
|
|
Massivedesign
Site Admin
Location: Olympia, WA Joined: Fri Mar 11, 2011 Posts: 38324
Real Name: Dan
|
We are not running HTTPS protocol, yet.
|
Fri Sep 23, 2016 11:30 am |
|
|
deadshot2
Site Supporter
Location: Marysville, WA Joined: Fri Jul 22, 2011 Posts: 11581
Real Name: Mike
|
I'm one of those that has to consult with a grand kid in order to understand a lot about computers I could have sworn that in the past the command line used to start with http:// (without the "s") just before the "www.xxxxxx" Just recently noticed that I now see the circled "i" which called my attention to the non private connection. Perhaps Google has made a change???
_________________ "I've learned from the Dog that an afternoon nap is a good thing"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"For he to-day that sheds his blood with me Shall be my brother" - William Shakespeare
|
Fri Sep 23, 2016 12:00 pm |
|
|
kf7mjf
Site Supporter
Location: Olympia Joined: Sat Oct 29, 2011 Posts: 16044
Real Name: Steve
|
Massivedesign wrote: We are not running HTTPS protocol, yet. Great. Now the NSA can spy on us.
_________________ "I won't insult your intelligence by suggesting that you really believe what you just said." - William Buckley, Jr.
"...steam, artillery and revolvers give to civilized man an irresistible power." -Perry Collins
|
Fri Sep 23, 2016 12:01 pm |
|
|
lunacite
Site Supporter
Location: Snohomish County Joined: Tue Feb 21, 2012 Posts: 1146
|
This is a change that Google has made in their Chrome browser in order to push https to be the default protocol on the internet.
The ONLY change that has occurred is to the browser. No security vulnerability has been detected or exposed, it just means that your connection is unencrypted. Don't use the same password you do here for any other sites.
It would be nice for SSL to be enabled.
|
Fri Sep 23, 2016 12:08 pm |
|
|
deadshot2
Site Supporter
Location: Marysville, WA Joined: Fri Jul 22, 2011 Posts: 11581
Real Name: Mike
|
lunacite wrote: This is a change that Google has made in their Chrome browser in order to push https to be the default protocol on the internet.
Maybe they're doing it so they don't get the same "hack" as Yahoo. Anyway, thanks for the explanation.
_________________ "I've learned from the Dog that an afternoon nap is a good thing"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"For he to-day that sheds his blood with me Shall be my brother" - William Shakespeare
|
Fri Sep 23, 2016 1:06 pm |
|
|
Sinus211
Site Moderator
Location: Marysville Joined: Thu Mar 22, 2012 Posts: 13535
Real Name: Mike
|
Wait...are you saying I wasn't supposed to enter my social security#, bank account #'s, and mother's maiden name when I logged in?
_________________Licensed/Bonded/Insured Hardwood Floor Installer/Finisher http://www.hardwoodfloorsnw.com/
|
Fri Sep 23, 2016 1:11 pm |
|
|
Massivedesign
Site Admin
Location: Olympia, WA Joined: Fri Mar 11, 2011 Posts: 38324
Real Name: Dan
|
Not SSL sites transmit log-in in plain text. A sniffer can grab that info. For the MOST part, that person needs to be on your network with you in order to sniff. If you have it setup to auto-log in each time you visit, then you are still secure(ish), as it's the cookie that is logging you in and not the plain text information.
As far as SSL on the site, it's coming. I put it on a few months back and it basically broke everything, so some additional care needs to be taken to emulate it. Also need to work with the forwarders, so that all the old links on this site that are http: don't become dead once we move to https:
|
Fri Sep 23, 2016 1:38 pm |
|
|
kf7mjf
Site Supporter
Location: Olympia Joined: Sat Oct 29, 2011 Posts: 16044
Real Name: Steve
|
What about just using HTTPS Everywhere? https://www.eff.org/Https-EverywhereI use and it's pretty nice.
_________________ "I won't insult your intelligence by suggesting that you really believe what you just said." - William Buckley, Jr.
"...steam, artillery and revolvers give to civilized man an irresistible power." -Perry Collins
|
Fri Sep 23, 2016 1:46 pm |
|
|
beckdw
Site Supporter
Location: Tri -Cities Joined: Thu May 23, 2013 Posts: 2798
Real Name: David
|
kf7mjf wrote: Massivedesign wrote: We are not running HTTPS protocol, yet. Great. Now the NSA can spy on us. Hahaha, like a little "s" is going to stop the NSA. Silly writers write silly things :D
|
Fri Sep 23, 2016 2:31 pm |
|
|
kf7mjf
Site Supporter
Location: Olympia Joined: Sat Oct 29, 2011 Posts: 16044
Real Name: Steve
|
So says the NSA mole.
_________________ "I won't insult your intelligence by suggesting that you really believe what you just said." - William Buckley, Jr.
"...steam, artillery and revolvers give to civilized man an irresistible power." -Perry Collins
|
Fri Sep 23, 2016 2:45 pm |
|
|
beckdw
Site Supporter
Location: Tri -Cities Joined: Thu May 23, 2013 Posts: 2798
Real Name: David
|
kf7mjf wrote: So says the NSA mole. I'm pretty sure I'd be a bad NSA mole. Saying the NSA isn't stopped by a bit of encryption is not something they would be spreading around.
|
Fri Sep 23, 2016 2:54 pm |
|
|
kf7mjf
Site Supporter
Location: Olympia Joined: Sat Oct 29, 2011 Posts: 16044
Real Name: Steve
|
That's what you want us to believe!
_________________ "I won't insult your intelligence by suggesting that you really believe what you just said." - William Buckley, Jr.
"...steam, artillery and revolvers give to civilized man an irresistible power." -Perry Collins
|
Fri Sep 23, 2016 2:55 pm |
|
|
rayjax82
Site Supporter
Location: Stanwood Joined: Sun Mar 11, 2012 Posts: 1920
Real Name: Chris
|
Massivedesign wrote: Not SSL sites transmit log-in in plain text. A sniffer can grab that info. For the MOST part, that person needs to be on your network with you in order to sniff. If you have it setup to auto-log in each time you visit, then you are still secure(ish), as it's the cookie that is logging you in and not the plain text information.
As far as SSL on the site, it's coming. I put it on a few months back and it basically broke everything, so some additional care needs to be taken to emulate it. Also need to work with the forwarders, so that all the old links on this site that are http: don't become dead once we move to https: Just FYI you could probably find a plug in that hashes the login info before it sends it to the server. That might be more trouble than https though. Just be aware that if you happen to login to waguns.org using open unencrypted WiFi you're sending your login info in clear text that can be easily intercepted. If you use the same password on this site that you do others you can open yourself up to other trouble.
|
Fri Sep 23, 2016 4:59 pm |
|
|
lunacite
Site Supporter
Location: Snohomish County Joined: Tue Feb 21, 2012 Posts: 1146
|
Massivedesign wrote: Not SSL sites transmit log-in in plain text. A sniffer can grab that info. For the MOST part, that person needs to be on your network with you in order to sniff. If you have it setup to auto-log in each time you visit, then you are still secure(ish), as it's the cookie that is logging you in and not the plain text information.
As far as SSL on the site, it's coming. I put it on a few months back and it basically broke everything, so some additional care needs to be taken to emulate it. Also need to work with the forwarders, so that all the old links on this site that are http: don't become dead once we move to https: You should be able to use nginx as a reverse proxy to serve the same content on port 443 with https encrypting the session. https://letsencrypt.org/ has made this remarkably easy.
|
Fri Sep 23, 2016 9:01 pm |
|
|
|