HTTPS

Etaoin Shrdlu

μεσσηγυδορποχέστης

  • Civis Illustris

  • Patrona

Jolly joking apart, I assume the main danger is using PayPal or a credit card to donate to this site, as HTTPS encrypts data, and HTTP doesn't. Am I correct in this, and that for this reason donating to this site is potentially unsafe? I'm hoping for an answer in small, simple words suitable for those who know nothing about computers.
 

LCF

One of "those" people

  • Civis Illustris

PayPal itself is secure. It's safe to donate.
 

Etaoin Shrdlu

μεσσηγυδορποχέστης

  • Civis Illustris

  • Patrona

What about using a credit card, though? I do have a PayPal account, possibly with a couple of quid in it, but haven't used it for years.
 

LCF

One of "those" people

  • Civis Illustris

What about using a credit card, though? I do have a PayPal account, possibly with a couple of quid in it, but haven't used it for years.

Don't use credit cards on sites you don't trust. This should be your golden rule.

You can donate using PayPal and the donation will be routed to the operator of the site. Interaction between you and PayPal is safe.
 

Bitmap

Civis Illustris

  • Civis Illustris

  • Patronus

I usually pay via paypal (and also donate to this site) without having any money on my account.
 

Bitmap

Civis Illustris

  • Civis Illustris

  • Patronus

... I was wondering if anyone else did that, too, or if it was unsafe as well (I know that a friend of mine does it).
 

Issacus Divus

H₃rḗǵs h₁n̥dʰéri diwsú

  • Civis Illustris

I'm planning to use PayPal to donate sometime.
 

R. Seltza

Magnus Oculus

  • Civis Illustris

  • Patronus

Hey LCF, Besides unsecured resources, does this site currently have at least some kind of protection? If it doesn't, I fear for our passwords (& any other info we transmit through this site).....
 

Issacus Divus

H₃rḗǵs h₁n̥dʰéri diwsú

  • Civis Illustris

I fear the site is pretty open for attacking.
 

LCF

One of "those" people

  • Civis Illustris

Hey LCF, Besides unsecured resources, does this site currently have at least some kind of protection? If it doesn't, I fear for our passwords (& any other info we transmit through this site).....

It does not. Your passwords are not secure at all.
 

R. Seltza

Magnus Oculus

  • Civis Illustris

  • Patronus

After looking into it quite a bit, apparently HTTPS Everywhere forces sites to use their security & encryption features if they already have it. It cannot create security features that aren't actually there.

It would be great if they actually would inform people when the site they're on doesn't actually have any security features for them to activate instead of showing "https://", the green lock logo, & verified certificates... Their marketing is also a bit misleading.

It does not. Your passwords are not secure at all.
That's the most uplifting news I've heard all fucking day!

Do hackers need to intercept passwords in real time or would it be more of a scenario where a hacker basically could just find a gold mine of passwords just sitting here?

Also, if the servers actually became HTTPS protected, is it even possible to securely stream videos that came from unsecure sources?
 

LCF

One of "those" people

  • Civis Illustris

Do hackers need to intercept passwords in real time or would it be more of a scenario where a hacker basically could just find a gold mine of passwords just sitting here?

Both are possible. You should sleep well though, I doubt that people would target this site specifically.

Also, if the servers actually became HTTPS protected, is it even possible to securely stream videos that came from unsecure sources?
No.
 

Etaoin Shrdlu

μεσσηγυδορποχέστης

  • Civis Illustris

  • Patrona

I'm not particularly worried about my password being stolen. I'm not egotistic enough to think that pretending to be me on this site is as much fun for a hacker as getting hold of someone's card details, and it would be easy enough to put a stop to it by getting a new nickname and telling the moderators what had happened, in the unlikely event that someone would ever bother.
 

Issacus Divus

H₃rḗǵs h₁n̥dʰéri diwsú

  • Civis Illustris

Yeah, no one would care about raiding a Latin forum. HTTPS is good, but maybe unnecessary.
 

Gregorius Textor

Civis Illustris

  • Civis Illustris

I, too, was concerned that somebody might steal my password here since the site was HTTP only. Never mind that nobody would care to do that, as Etaoin Shrdlu noted; it's the principle of the thing! And besides, by entering our passwords via HTTP here, we foster a bad habit and may repeat the act somewhere more sensitive.

I'm pleased to note that for the last few weeks, or maybe months, I don't know since when, latindiscussion.com HAS added HTTPS, although they continue to provide HTTP as well. People who used the "HTTPS Everywhere" add-on that R. Seltza recommended probably were shifted over to HTTPS automatically. I wasn't, since I don't use it.

I'd like to make a couple of further suggestions.

1. On (secure) https://latindiscussion.com/, the link to "Latin Forum" goes to (insecure) http://latindiscussion.com/forum/ . This can easily be fixed either by changing "http:" to "https:" in the destination, or by simply removing the "http:" (since the protocol of the destination will default to the protocol of the page as being viewed). Alternatively, you could disable the HTTP service altogether.

2. If the Forum has been shelling out money to purchase the certificate for HTTPS, the Forum could reduce future expenses by getting a free certificate. I can look up the details about this, if desired.

One further comment (just a comment, not a suggestion, since I don't know what to do about it). Although I have an HTTPS (secure) connection to latindiscussion.com, Firefox warns me that there is mixed (secure + insecure) content. "A gray padlock with an orange or yellow triangle indicates that Firefox is not blocking insecure passive content, such as images. By default, Firefox does not block mixed passive content; you will simply see a warning that the page isn't fully secure. Attackers may be able to manipulate parts of the page like displaying misleading or inappropriate content, but they should not be able to steal your personal data from the site. " ( Mixed content blocking in Firefox )

My interpretation of that is, it is theoretically possible that any image I view on this site has been maliciously placed. I don't know how or where the images are stored for this site, but at present, I'm not intending to lose sleep over it. (I lose enough sleep already. :( )
 

cinefactus

Censor

  • Censor

  • Patronus

It was trying to change to https, which stopped the forum email from working for some reason.
 

LCF

One of "those" people

  • Civis Illustris

Who ever added the cert thank you!

There are still bugs:

http should be disabled completely and should redirect to https. And all links fixed.
 

Gregorius Textor

Civis Illustris

  • Civis Illustris

But the email (= "Conversations") is working now, I guess, since I got a message recently from Cinefactus.
 

scrabulista

Consul

  • Consul

... I was wondering if anyone else did that, too, or if it was unsafe as well (I know that a friend of mine does it).
He who sells what isn't his'n
Must buy it back or go to prison.

(Said in reference to short selling stock)
 
Top