This forum "Not Secure" ?

[davidhk129]

I am posting this out of curiosity.
I am sure it is just my computer. I am running the most current to-date Windows 10 and Edge as my browser. I refuse to let Microsoft sync all my devices. Maybe that is the reason.
Anyway, just want to know if anyone else is having this issue.

See screenshot......

 

[wafflejock]

Yah this is true the admins could use letsencypt service/app to get keys to secure the server but requires some setup on the server. http (not https) isn't really a major problem but the passwords sent to this site and anything else isn't encrypted in transit which isn't awesome (don't re-use password here elsewhere).

I think browsers finally just started alerting users if sites are not using https encryption especially if they have login pages. Someone sitting between our client computers and the host for this forum could get your username/password.

 

[wafflejock]

If any site admin sees this and wants help setting up ssl certs hit me up and let me know if using a vps or shared hosting for the server and who hosts and can point you at some options (let's encrypt is free but only easy to setup on vps or dedicated hosting can't easily use it on a shared hosting account)

 

[davidhk129]

Apparently the culprit is the browser Microsoft Edge.
Using IE11 to access this forum and I don't see the "Not secure" warning.

 

[wafflejock]

Nah it really is the site chrome mobile on my phone shows the warning too. In general best to not reuse passwords but especially don't use a password on an insecure site that you expect to stay completely safe. Worst case so long as it isn't a shared password is someone posts on my behalf here. I guess that could somehow make me out to have been a worse person but not a huge loss ;D

On any site that takes payments, CC details or anything personal info like social security etc. then it should ideally use https/TLS which means the traffic is all scrambled during transport and hard for any man in the middle to read. Without TLS/https the packets are hopped across lots of unknown routers between the source and destination and could be read by any of them.



Postception

 

[Mr. Haney]

Another very popular site I frequent is also unsecured, mostly because it's monetized and updating it is an issue with this.
Not a problem, as mentioned don't reuse passwords.

 

[choppergirl]

Firefox will give you the same kidn of warning if try to download a file via an http link and not https.

I found this out recently and swore buckets at Firefox when I realized the download link to my soundpack hosted on my personal webserver was probably barfing at downloaders for the past year that "this file (of nothing but .wav sound files) was not secure" simply because it was being transfered via http and not https. What a load of rubbish! Technically correct, a man in the middle attack somewhere out on the internet could inject something into the .zip file, but really, at some peoint, you've got to assume the providers and big pipes are secure. It's a symptom of the insane spread of an "encrypt everything" mentality which most traffic... really does not need to be encrypted.

I "fixed it" (it was not broken imho) in my case by hosting my file on github who paid a few bucks for a yearly SSL certificate on their webserver and can server https... I don't use Edge, but try download both links below with Edge, and see if the second http one will barf the same nonsense "unsecure file" warning...

HTTPS (secure): https://github.com/choppergirl/soun...ack English for OpenTX with Sample Models.zip

HTTP (none secure): http://air-war.org/edgy/Choppergirls Edgy SoundPack English for OpenTX.zip

I'm looking at the URL for this forum, and it's https... so... maybe it's some other related and similiar rubbsih going on... there probably is nothing to worry about at all.

 

[wafflejock]

Yup is same issue of no encryption I tried explaining above in some cases like here where not really sharing personal info the only issue might be someone stealing passwords that people might reuse elsewhere but if use a password manager or separate more important accounts with different passwords then is a non issue. For file sharing also basically a non issue but if in general everything is encrypted it does make it less easy for nefarious parties to collect data easily and parse through it all so I think the direction is generally good if a bit annoying... The cookies stuff on the other hand I'm done with. I accept all your damn cookies

 

[wafflejock]

Encryption really important for like email you want to stay private or sharing credit card info on forms to buy stuff etc. Less important for public domain stuff you're just trying to distribute.