HTTPS

E

Etaoin Shrdlu

Guest

Jolly joking apart, I assume the main danger is using PayPal or a credit card to donate to this site, as HTTPS encrypts data, and HTTP doesn't. Am I correct in this, and that for this reason donating to this site is potentially unsafe? I'm hoping for an answer in small, simple words suitable for those who know nothing about computers.
 
E

Etaoin Shrdlu

Guest

What about using a credit card, though? I do have a PayPal account, possibly with a couple of quid in it, but haven't used it for years.
 
D

Deleted member 13757

Guest

Etaoin Shrdlu dixit:
What about using a credit card, though? I do have a PayPal account, possibly with a couple of quid in it, but haven't used it for years.
Click to expand...

Don't use credit cards on sites you don't trust. This should be your golden rule.

You can donate using PayPal and the donation will be routed to the operator of the site. Interaction between you and PayPal is safe.
 
B

Bitmap

Guest

I usually pay via paypal (and also donate to this site) without having any money on my account.
 
B

Bitmap

Guest

... I was wondering if anyone else did that, too, or if it was unsafe as well (I know that a friend of mine does it).
 
Issacus Divus

Issacus Divus

H₃rḗǵs h₁n̥dʰéri diwsú

  • Civis Illustris
Location:
Gæmleflodland
I'm planning to use PayPal to donate sometime.
 
R. Seltza

R. Seltza

Magnus Oculus

  • Civis Illustris
  • Patronus
Location:
Terra Solis Lapsi
Hey LCF, Besides unsecured resources, does this site currently have at least some kind of protection? If it doesn't, I fear for our passwords (& any other info we transmit through this site).....
 
Issacus Divus

Issacus Divus

H₃rḗǵs h₁n̥dʰéri diwsú

  • Civis Illustris
Location:
Gæmleflodland
I fear the site is pretty open for attacking.
 
R. Seltza

R. Seltza

Magnus Oculus

  • Civis Illustris
  • Patronus
Location:
Terra Solis Lapsi
After looking into it quite a bit, apparently HTTPS Everywhere forces sites to use their security & encryption features if they already have it. It cannot create security features that aren't actually there.

It would be great if they actually would inform people when the site they're on doesn't actually have any security features for them to activate instead of showing "https://", the green lock logo, & verified certificates... Their marketing is also a bit misleading.

LCF dixit:
It does not. Your passwords are not secure at all.
Click to expand...
That's the most uplifting news I've heard all fucking day!

Do hackers need to intercept passwords in real time or would it be more of a scenario where a hacker basically could just find a gold mine of passwords just sitting here?

Also, if the servers actually became HTTPS protected, is it even possible to securely stream videos that came from unsecure sources?
 
D

Deleted member 13757

Guest

R. Seltza dixit:
Do hackers need to intercept passwords in real time or would it be more of a scenario where a hacker basically could just find a gold mine of passwords just sitting here?
Click to expand...

Both are possible. You should sleep well though, I doubt that people would target this site specifically.

R. Seltza dixit:
Also, if the servers actually became HTTPS protected, is it even possible to securely stream videos that came from unsecure sources?
Click to expand...
No.
 
E

Etaoin Shrdlu

Guest

I'm not particularly worried about my password being stolen. I'm not egotistic enough to think that pretending to be me on this site is as much fun for a hacker as getting hold of someone's card details, and it would be easy enough to put a stop to it by getting a new nickname and telling the moderators what had happened, in the unlikely event that someone would ever bother.
 
Issacus Divus

Issacus Divus

H₃rḗǵs h₁n̥dʰéri diwsú

  • Civis Illustris
Location:
Gæmleflodland
Yeah, no one would care about raiding a Latin forum. HTTPS is good, but maybe unnecessary.
 
Gregorius Textor

Gregorius Textor

Animal rationale

  • Civis Illustris
  • Patronus
Location:
Ohio, U.S.A.
I, too, was concerned that somebody might steal my password here since the site was HTTP only. Never mind that nobody would care to do that, as Etaoin Shrdlu noted; it's the principle of the thing! And besides, by entering our passwords via HTTP here, we foster a bad habit and may repeat the act somewhere more sensitive.

I'm pleased to note that for the last few weeks, or maybe months, I don't know since when, latindiscussion.com HAS added HTTPS, although they continue to provide HTTP as well. People who used the "HTTPS Everywhere" add-on that R. Seltza recommended probably were shifted over to HTTPS automatically. I wasn't, since I don't use it.

I'd like to make a couple of further suggestions.

1. On (secure) http://latindiscussion.com/forum/ . This can easily be fixed either by changing "http:" to "https:" in the destination, or by simply removing the "http:" (since the protocol of the destination will default to the protocol of the page as being viewed). Alternatively, you could disable the HTTP service altogether.

2. If the Forum has been shelling out money to purchase the certificate for HTTPS, the Forum could reduce future expenses by getting a free certificate. I can look up the details about this, if desired.

One further comment (just a comment, not a suggestion, since I don't know what to do about it). Although I have an HTTPS (secure) connection to latindiscussion.com, Firefox warns me that there is mixed (secure + insecure) content. "A gray padlock with an orange or yellow triangle indicates that Firefox is not blocking insecure passive content, such as images. By default, Firefox does not block mixed passive content; you will simply see a warning that the page isn't fully secure. Attackers may be able to manipulate parts of the page like displaying misleading or inappropriate content, but they should not be able to steal your personal data from the site. " ( Mixed content blocking in Firefox )

My interpretation of that is, it is theoretically possible that any image I view on this site has been maliciously placed. I don't know how or where the images are stored for this site, but at present, I'm not intending to lose sleep over it. (I lose enough sleep already. :( )
 
 
cinefactus

cinefactus

Censor

  • Censor
  • Patronus
Location:
litore aureo
It was trying to change to https, which stopped the forum email from working for some reason.
 
D

Deleted member 13757

Guest

Who ever added the cert thank you!

There are still bugs:

http should be disabled completely and should redirect to https. And all links fixed.
 
Gregorius Textor

Gregorius Textor

Animal rationale

  • Civis Illustris
  • Patronus
Location:
Ohio, U.S.A.
But the email (= "Conversations") is working now, I guess, since I got a message recently from Cinefactus.
 
scrabulista

scrabulista

Consul

  • Consul
Location:
Tennessee
Bitmap dixit:
... I was wondering if anyone else did that, too, or if it was unsafe as well (I know that a friend of mine does it).
Click to expand...
He who sells what isn't his'n
Must buy it back or go to prison.

(Said in reference to short selling stock)
 
You must log in or register to reply here.
Top