Gun store Shooting Locations It is currently Mon Feb 20, 2017 3:06 am

Rules Brads Guns RA I5 Guns & Ammo Killer Innovations WAC
WGO Chat Room Precise Shooter LPG Pintos
Gear COUNTYLINE WCA Fortis 2A Ind.
Calendar





Reply to topic  [ 19 posts ]  Go to page 1, 2  Next
 Connection not private 
Author Message
Site Supporter
User avatar
Site Supporter

Location: NW Quadrant WA State
Joined: Fri Jul 22, 2011
Posts: 10190
Real Name: Mike
Seems like I'm getting a new message in my browser command line when I log in to this site. To be fair some others as well.

I get an "i" in a "circle" where the "http" used to be. When I click on the circled "i" it tells me that my connection is not private.

Any ideas? I've read that it may have to do with the security certificate of the site and even that my pc's clock is set wrong. Clock is set automatically via net so I doubt that. Curious.

I'm now running Win 10 Anniversary edition with all it's updates and patches to date. Don't see any errors like this when I use "Edge", just Chrome.

_________________
"I've learned from the Dog that an afternoon nap is a good thing"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


"For he to-day that sheds his blood with me
Shall be my brother
" - William Shakespeare


Fri Sep 23, 2016 11:24 am
Profile
Site Admin
User avatar
Site Admin

Location: Olympia, WA
Joined: Fri Mar 11, 2011
Posts: 30284
Real Name: Dan
We are not running HTTPS protocol, yet.


Fri Sep 23, 2016 11:30 am
Profile WWW
Site Supporter
User avatar
Site Supporter

Location: NW Quadrant WA State
Joined: Fri Jul 22, 2011
Posts: 10190
Real Name: Mike
I'm one of those that has to consult with a grand kid in order to understand a lot about computers :bigsmile:

I could have sworn that in the past the command line used to start with http:// (without the "s") just before the "www.xxxxxx"

Just recently noticed that I now see the circled "i" which called my attention to the non private connection. Perhaps Google has made a change???

_________________
"I've learned from the Dog that an afternoon nap is a good thing"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


"For he to-day that sheds his blood with me
Shall be my brother
" - William Shakespeare


Fri Sep 23, 2016 12:00 pm
Profile
Site Supporter
User avatar
Site Supporter

Location: Olympia
Joined: Fri Oct 28, 2011
Posts: 15575
Real Name: Steve
Massivedesign wrote:
We are not running HTTPS protocol, yet.


Great. Now the NSA can spy on us.

_________________
"I won't insult your intelligence by suggesting that you really believe what you just said." - William Buckley, Jr.

"Men make their own history, but they do not make it as they please; they do not make it under self-selected circumstances, but under circumstances existing already, given and transmitted from the past. The tradition of all dead generations weighs like a nightmare on the brains of the living." -Marx


Fri Sep 23, 2016 12:01 pm
Profile
Site Supporter
User avatar
Site Supporter

Location: Everett, WA
Joined: Mon Feb 20, 2012
Posts: 899
Real Name: Chris
This is a change that Google has made in their Chrome browser in order to push https to be the default protocol on the internet.

The ONLY change that has occurred is to the browser. No security vulnerability has been detected or exposed, it just means that your connection is unencrypted. Don't use the same password you do here for any other sites.


It would be nice for SSL to be enabled.


Fri Sep 23, 2016 12:08 pm
Profile ICQ
Site Supporter
User avatar
Site Supporter

Location: NW Quadrant WA State
Joined: Fri Jul 22, 2011
Posts: 10190
Real Name: Mike
lunacite wrote:
This is a change that Google has made in their Chrome browser in order to push https to be the default protocol on the internet.



Maybe they're doing it so they don't get the same "hack" as Yahoo.


Anyway, thanks for the explanation.

_________________
"I've learned from the Dog that an afternoon nap is a good thing"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


"For he to-day that sheds his blood with me
Shall be my brother
" - William Shakespeare


Fri Sep 23, 2016 1:06 pm
Profile
Site Supporter
User avatar
Site Supporter

Location: Lynnwood
Joined: Wed Mar 21, 2012
Posts: 5958
Real Name: Mike
Wait...are you saying I wasn't supposed to enter my social security#, bank account #'s, and mother's maiden name when I logged in?

_________________
Licensed/Bonded/Insured Hardwood Floor Installer/Finisher http://www.hardwoodfloorsnw.com/


Fri Sep 23, 2016 1:11 pm
Profile
Site Admin
User avatar
Site Admin

Location: Olympia, WA
Joined: Fri Mar 11, 2011
Posts: 30284
Real Name: Dan
Not SSL sites transmit log-in in plain text. A sniffer can grab that info. For the MOST part, that person needs to be on your network with you in order to sniff. If you have it setup to auto-log in each time you visit, then you are still secure(ish), as it's the cookie that is logging you in and not the plain text information.

As far as SSL on the site, it's coming. I put it on a few months back and it basically broke everything, so some additional care needs to be taken to emulate it. Also need to work with the forwarders, so that all the old links on this site that are http: don't become dead once we move to https:


Fri Sep 23, 2016 1:38 pm
Profile WWW
Site Supporter
User avatar
Site Supporter

Location: Olympia
Joined: Fri Oct 28, 2011
Posts: 15575
Real Name: Steve
What about just using HTTPS Everywhere? https://www.eff.org/Https-Everywhere

I use and it's pretty nice.

_________________
"I won't insult your intelligence by suggesting that you really believe what you just said." - William Buckley, Jr.

"Men make their own history, but they do not make it as they please; they do not make it under self-selected circumstances, but under circumstances existing already, given and transmitted from the past. The tradition of all dead generations weighs like a nightmare on the brains of the living." -Marx


Fri Sep 23, 2016 1:46 pm
Profile
Site Supporter
User avatar
Site Supporter

Location: SE Snohomish County
Joined: Thu May 23, 2013
Posts: 964
Real Name: David
kf7mjf wrote:
Massivedesign wrote:
We are not running HTTPS protocol, yet.


Great. Now the NSA can spy on us.

Hahaha, like a little "s" is going to stop the NSA. Silly writers write silly things :D


Fri Sep 23, 2016 2:31 pm
Profile
Site Supporter
User avatar
Site Supporter

Location: Olympia
Joined: Fri Oct 28, 2011
Posts: 15575
Real Name: Steve
So says the NSA mole.

_________________
"I won't insult your intelligence by suggesting that you really believe what you just said." - William Buckley, Jr.

"Men make their own history, but they do not make it as they please; they do not make it under self-selected circumstances, but under circumstances existing already, given and transmitted from the past. The tradition of all dead generations weighs like a nightmare on the brains of the living." -Marx


Fri Sep 23, 2016 2:45 pm
Profile
Site Supporter
User avatar
Site Supporter

Location: SE Snohomish County
Joined: Thu May 23, 2013
Posts: 964
Real Name: David
kf7mjf wrote:
So says the NSA mole.

I'm pretty sure I'd be a bad NSA mole. Saying the NSA isn't stopped by a bit of encryption is not something they would be spreading around.


Fri Sep 23, 2016 2:54 pm
Profile
Site Supporter
User avatar
Site Supporter

Location: Olympia
Joined: Fri Oct 28, 2011
Posts: 15575
Real Name: Steve
That's what you want us to believe!

_________________
"I won't insult your intelligence by suggesting that you really believe what you just said." - William Buckley, Jr.

"Men make their own history, but they do not make it as they please; they do not make it under self-selected circumstances, but under circumstances existing already, given and transmitted from the past. The tradition of all dead generations weighs like a nightmare on the brains of the living." -Marx


Fri Sep 23, 2016 2:55 pm
Profile
Site Supporter
User avatar
Site Supporter

Location: Stanwood
Joined: Sun Mar 11, 2012
Posts: 1884
Real Name: Chris
Massivedesign wrote:
Not SSL sites transmit log-in in plain text. A sniffer can grab that info. For the MOST part, that person needs to be on your network with you in order to sniff. If you have it setup to auto-log in each time you visit, then you are still secure(ish), as it's the cookie that is logging you in and not the plain text information.

As far as SSL on the site, it's coming. I put it on a few months back and it basically broke everything, so some additional care needs to be taken to emulate it. Also need to work with the forwarders, so that all the old links on this site that are http: don't become dead once we move to https:


Just FYI you could probably find a plug in that hashes the login info before it sends it to the server. That might be more trouble than https though. Just be aware that if you happen to login to waguns.org using open unencrypted WiFi you're sending your login info in clear text that can be easily intercepted. If you use the same password on this site that you do others you can open yourself up to other trouble.


Fri Sep 23, 2016 4:59 pm
Profile
Site Supporter
User avatar
Site Supporter

Location: Everett, WA
Joined: Mon Feb 20, 2012
Posts: 899
Real Name: Chris
Massivedesign wrote:
Not SSL sites transmit log-in in plain text. A sniffer can grab that info. For the MOST part, that person needs to be on your network with you in order to sniff. If you have it setup to auto-log in each time you visit, then you are still secure(ish), as it's the cookie that is logging you in and not the plain text information.

As far as SSL on the site, it's coming. I put it on a few months back and it basically broke everything, so some additional care needs to be taken to emulate it. Also need to work with the forwarders, so that all the old links on this site that are http: don't become dead once we move to https:



You should be able to use nginx as a reverse proxy to serve the same content on port 443 with https encrypting the session. https://letsencrypt.org/ has made this remarkably easy.


Fri Sep 23, 2016 9:01 pm
Profile ICQ
Display posts from previous:  Sort by  
Reply to topic   [ 19 posts ]  Go to page 1, 2  Next

Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum



Rent Me Pintos NRA SAF CCKRBA
Aldersons Facebook


Powered by phpBB® Forum Software © phpBB Group
Designed by ST Software for PTF.
[ Time : 1.033s | 14 Queries | GZIP : On ]