WaGuns.org :: View topic - Connection not private

Massivedesign wrote:

We are not running HTTPS protocol, yet.

lunacite wrote:

This is a change that Google has made in their Chrome browser in order to push https to be the default protocol on the internet.

kf7mjf wrote:

Massivedesign wrote:

We are not running HTTPS protocol, yet.

Great. Now the NSA can spy on us.

kf7mjf wrote:

So says the NSA mole.

Massivedesign wrote:

Not SSL sites transmit log-in in plain text. A sniffer can grab that info. For the MOST part, that person needs to be on your network with you in order to sniff. If you have it setup to auto-log in each time you visit, then you are still secure(ish), as it's the cookie that is logging you in and not the plain text information.

As far as SSL on the site, it's coming. I put it on a few months back and it basically broke everything, so some additional care needs to be taken to emulate it. Also need to work with the forwarders, so that all the old links on this site that are http: don't become dead once we move to https:

Massivedesign wrote:

Author:	deadshot2 [ Fri Sep 23, 2016 11:24 am ]
Post subject:	Connection not private
Seems like I'm getting a new message in my browser command line when I log in to this site. To be fair some others as well. I get an "i" in a "circle" where the "http" used to be. When I click on the circled "i" it tells me that my connection is not private. Any ideas? I've read that it may have to do with the security certificate of the site and even that my pc's clock is set wrong. Clock is set automatically via net so I doubt that. Curious. I'm now running Win 10 Anniversary edition with all it's updates and patches to date. Don't see any errors like this when I use "Edge", just Chrome.

Author:	Massivedesign [ Fri Sep 23, 2016 11:30 am ]
Post subject:	Re: Connection not private
We are not running HTTPS protocol, yet.

Author:	deadshot2 [ Fri Sep 23, 2016 12:00 pm ]
Post subject:	Re: Connection not private
I'm one of those that has to consult with a grand kid in order to understand a lot about computers I could have sworn that in the past the command line used to start with http:// (without the "s") just before the "www.xxxxxx" Just recently noticed that I now see the circled "i" which called my attention to the non private connection. Perhaps Google has made a change???

Author:	kf7mjf [ Fri Sep 23, 2016 12:01 pm ]
Post subject:	Re: Connection not private
Massivedesign wrote: We are not running HTTPS protocol, yet. Great. Now the NSA can spy on us.

Author:	lunacite [ Fri Sep 23, 2016 12:08 pm ]
Post subject:	Re: Connection not private
This is a change that Google has made in their Chrome browser in order to push https to be the default protocol on the internet. The ONLY change that has occurred is to the browser. No security vulnerability has been detected or exposed, it just means that your connection is unencrypted. Don't use the same password you do here for any other sites. It would be nice for SSL to be enabled.

WaGuns.org https://www.waguns.org/

Connection not private https://www.waguns.org/viewtopic.php?f=32&t=73377	Page 1 of 2

Author:	deadshot2 [ Fri Sep 23, 2016 1:06 pm ]
Post subject:	Re: Connection not private
lunacite wrote: This is a change that Google has made in their Chrome browser in order to push https to be the default protocol on the internet. Maybe they're doing it so they don't get the same "hack" as Yahoo. Anyway, thanks for the explanation.

Author:	Sinus211 [ Fri Sep 23, 2016 1:11 pm ]
Post subject:	Re: Connection not private
Wait...are you saying I wasn't supposed to enter my social security#, bank account #'s, and mother's maiden name when I logged in?

Author:	Massivedesign [ Fri Sep 23, 2016 1:38 pm ]
Post subject:	Re: Connection not private
Not SSL sites transmit log-in in plain text. A sniffer can grab that info. For the MOST part, that person needs to be on your network with you in order to sniff. If you have it setup to auto-log in each time you visit, then you are still secure(ish), as it's the cookie that is logging you in and not the plain text information. As far as SSL on the site, it's coming. I put it on a few months back and it basically broke everything, so some additional care needs to be taken to emulate it. Also need to work with the forwarders, so that all the old links on this site that are http: don't become dead once we move to https:

Author:	kf7mjf [ Fri Sep 23, 2016 1:46 pm ]
Post subject:	Re: Connection not private
What about just using HTTPS Everywhere? https://www.eff.org/Https-Everywhere I use and it's pretty nice.

Author:	beckdw [ Fri Sep 23, 2016 2:31 pm ]
Post subject:	Re: Connection not private
kf7mjf wrote: Massivedesign wrote: We are not running HTTPS protocol, yet. Great. Now the NSA can spy on us. Hahaha, like a little "s" is going to stop the NSA. Silly writers write silly things :D

Author:	kf7mjf [ Fri Sep 23, 2016 2:45 pm ]
Post subject:	Re: Connection not private
So says the NSA mole.

Author:	beckdw [ Fri Sep 23, 2016 2:54 pm ]
Post subject:	Re: Connection not private
kf7mjf wrote: So says the NSA mole. I'm pretty sure I'd be a bad NSA mole. Saying the NSA isn't stopped by a bit of encryption is not something they would be spreading around.

Author:	kf7mjf [ Fri Sep 23, 2016 2:55 pm ]
Post subject:	Re: Connection not private
That's what you want us to believe!

Author:	rayjax82 [ Fri Sep 23, 2016 4:59 pm ]
Post subject:	Re: Connection not private
Massivedesign wrote: Not SSL sites transmit log-in in plain text. A sniffer can grab that info. For the MOST part, that person needs to be on your network with you in order to sniff. If you have it setup to auto-log in each time you visit, then you are still secure(ish), as it's the cookie that is logging you in and not the plain text information. As far as SSL on the site, it's coming. I put it on a few months back and it basically broke everything, so some additional care needs to be taken to emulate it. Also need to work with the forwarders, so that all the old links on this site that are http: don't become dead once we move to https: Just FYI you could probably find a plug in that hashes the login info before it sends it to the server. That might be more trouble than https though. Just be aware that if you happen to login to waguns.org using open unencrypted WiFi you're sending your login info in clear text that can be easily intercepted. If you use the same password on this site that you do others you can open yourself up to other trouble.

Page 1 of 2	All times are UTC - 8 hours
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/

Author:	lunacite [ Fri Sep 23, 2016 9:01 pm ]
Post subject:	Re: Connection not private
Massivedesign wrote: Not SSL sites transmit log-in in plain text. A sniffer can grab that info. For the MOST part, that person needs to be on your network with you in order to sniff. If you have it setup to auto-log in each time you visit, then you are still secure(ish), as it's the cookie that is logging you in and not the plain text information. As far as SSL on the site, it's coming. I put it on a few months back and it basically broke everything, so some additional care needs to be taken to emulate it. Also need to work with the forwarders, so that all the old links on this site that are http: don't become dead once we move to https: You should be able to use nginx as a reverse proxy to serve the same content on port 443 with https encrypting the session. https://letsencrypt.org/ has made this remarkably easy.