|
http - how secure is it?
Most sites these days are 'secure' as their web address starts with https.
In contrast, Chrome flags all sites which start with http as being "Not Secure" and advises users not to enter personal information into the website in question. If all you are going to do is browse and download content, does it make any difference to one's security if the site is not 'secure' due to it being http and not https and therefore not having the padlock? |
I think its all scare mongering BS.........
Http is as secure as its ever been....... I really like sites that dont block http for no reason city-data is one of them...Yes they have https but they allow http traffic also.... www.city-data.com/forum (VBB) https://www.city-data.com/forum hipforums is another :) www.hipforums.com/forum (Xen1) https://www.hipforums.com/forum I have a question..... If these sites can do it w/o issues,why cant all sites?? I have been trying to get my friend who runs sitcomsonline.com/boards?styleid=1077 to enable http but he doesnt think it will work..... I have told him of city-data but he doesnt understand :( |
Re: http - how secure is it?
You make me so angry Dude with the amount of clueless Bull Crap you spout about computer and internet security.
:td: :banghead: |
Im sorry buddy,im just mentioning stuff.... Im not meaning to make anyone mad......
|
Re: http - how secure is it?
Quote:
HTTP is a lot less secure, there's a reason HTTPS came out. |
Re: http - how secure is it?
Quote:
Quote:
'Not Secure' does not mean its bad, which is what they are trying to make out with that message. Many sites simply do not need to be secure. A news site for example, or indeed, any informational site. In fact pretty much any site where you dont need to login, or provide private information. I deliberately use that term btw, and not 'Personal information' which is a very vague term. Passwords for example are private, and should always use https when being passed to a website. On the other hand, there is very little reason to worry about your name being sent over http. |
Quote:
I dont think sites like this need to block HTTP,there is no reason.... It just causes connection problems for no reason mate... Ah well............ |
Re: http - how secure is it?
People also make the mistake of thinking that https means that the site itself is secure. Only communication with the site is secure.
|
Re: http - how secure is it?
Quote:
Cable Forum is a site where you have to login (i.e. use a password) and also cookies to keep you logged in. |
Re: http - how secure is it?
Quote:
I se it as a warning not to put personal information into a website without the padlock which is why it is good that this forum, for example, the https security and padlock. With regard to downloading data from a website which does not have the padlock, and whether it be to browse or to keep as say an mp3 file, is there no difference as to whether it is safe to download data from that website and is https only about securing personal information that users give to the site, such as passwords and email addresses? ---------- Post added at 20:29 ---------- Previous post was at 20:26 ---------- Quote:
So when you say communication with the site do you mean passwords/emails addresses or do you mean all forms of communication, such as simply going to the site and streaming/downloading data from that website? |
Re: http - how secure is it?
Quote:
|
Re: http - how secure is it?
Quote:
|
Re: http - how secure is it?
Quote:
|
Re: http - how secure is it?
Quote:
I have no idea about Bit Defender, but you seem to have many issues with your set-up that others do not. Honestly, just ditch them all. |
Re: http - how secure is it?
Quote:
They keep flashing warnings up because they have to be 'seen' to be doing the job . . otherwise you'd think they were crap and not buy it again :D |
Re: http - how secure is it?
Quote:
Some background reading |
Re: http - how secure is it?
HTTPS doesn't just encrypt the data securing it, it also uses certificates to prove that the site is who it says it is. That's probably more important even if just reading data and that no-one is impersonating the site.
If you use a proxy, especially at work, they will install certificates in the browser so the proxy can intercept, decrypt, inspect and rerecrypt on without warnings but generally if the certificate doesn't match or isn't issued properly you browser should warn you. What is causing pain now are the alternate DNS names being enforced on the main name where previously only needing for additional names. This is where you may use variations in name to provide different services but only want one certificate, e.g. www.bbc.co.uk, news.bbc.co.uk (yes I know they do it different now) can all have one certificate, used to be www.bbc and then new.bbc etc in the alternate names, now also have to have www.bbc in the alternate names. |
Re: http - how secure is it?
Quote:
Run one from bitdefender, run one from an online scan such as eset download and install RKill https://www.bleepingcomputer.com/download/rkill/ and run this program. This will stop any processes that might be malware and block deletion if required. Then download and install malwarebytes and run a scan with that I have a feeling something else is causing your flags ---------- Post added at 12:13 ---------- Previous post was at 12:12 ---------- Quote:
|
Re: http - how secure is it?
I use Windows Defender.
I don't download dodgy stuff, and I scan the relevent files. |
Re: http - how secure is it?
Quote:
|
Re: http - how secure is it?
Quote:
ANY site running on http can be intercepted and the contents of the site changed before it gets to your browser, https prevents this happening. Of course, https encrypts all traffic between your browser & the server, so for example your password & any form you fill in, cannot be snooped upon. Here's a very good article about why every website needs https https://www.troyhunt.com/heres-why-y...e-needs-https/ There's a video with a demo of changing the contents of a site, without actually changing the site, just what is delivered to your browser. But as others have said, https does not mean that the site itself is safe or secure, it's the connection to/from the server Quote:
If your friend does allow http then he may as well disable https altogether, no point in having it then. Quote:
There is no excuse for not having https these days, can be done totally for free with a little work. |
Re: http - how secure is it?
Quote:
|
Re: http - how secure is it?
Quote:
ssssh, qualified people talking.... |
Re: http - how secure is it?
Quote:
You could have a valid https certificate for cableforum.uk or cablef0rum.uk. A valid certificate doesn't guarantee anything about the trustworthiness of the site you're on. |
Re: http - how secure is it?
I vaguely recall a year or two ago, I had quite a few certificate warnings on various sites/pages that normally were ok . . . not sure if it was down to a change in how they're done or a cock up somewhere in the system?
|
Re: http - how secure is it?
Quote:
News sites do not need to use https, of course, they can choose to. Quote:
A single SSL certificate can have many alt names, hundreds if you are daft enough (our own cerificate here has nine). You can also get wildcard certificates to cover all the sub domains on a main domain. |
Re: http - how secure is it?
Quote:
One of the biggest was Symantec https://www.thesslstore.com/blog/sym...usted-tuesday/ Quote:
|
Quote:
Or the site can install 'NO BROWSER LEFT BEHIND' which lets even older browsers connect HTTPS http://blog.cloudflare.com/sha-1-dep...er-left-behind Quote:
|
Re: http - how secure is it?
Quote:
|
Re: http - how secure is it?
Quote:
Quote:
As I said before, there is no excuse today, for any website not to allow only https connection. |
Re: http - how secure is it?
Quote:
Alt names are not new, so restricting them to just one will always have been a ridiculous thing to do. ---------- Post added at 16:14 ---------- Previous post was at 16:09 ---------- Quote:
My point has clearly been that its not always necessary, and browsers mislead people with their FUD & warnings. Benefit wise, their is the obvious one of not having to deal with certificates, possibly speed on very old devices, other than that, not much really. |
Re: http - how secure is it?
Quote:
So are you saying that there is a higher risk of browsing/downloading content from a site that does not use https? ---------- Post added at 17:44 ---------- Previous post was at 17:42 ---------- Quote:
|
Re: http - how secure is it?
any site can be exploited which in turn could compromise your devices no matter what protocol it uses HTTP, HTTPS, FTP, NNTP and so on
|
Re: http - how secure is it?
Quote:
|
Quote:
This message on tapeheads speaks loudly of this www.tapeheads.net/showthread.php?t=59798 Although he does have an SSL cert now but not many use it. |
Re: http - how secure is it?
Quote:
The most issues you would get are if your browser is old(er) and cannot handle the later SSL (TLS) versions that are now in use. Most sites (inc CF) now disable SSLv2, SSLv3, and TLS 1.0. Indeed, most modern browsers dont support them now either. TLS 1.1 & 1.2 are the most common (1.1 is old now, but most sites still support it). TLS 1.3 is the latest version, but is still not supported by many sites. Quote:
Its not, and you're wrong, and pretty much everyone will move to using it. Regardless of the FUD, and whether its always strictly necessary, there are no significant downsides to using it. http hasnt been an option here since Jan 2018, and that wont ever change. |
Re: http - how secure is it?
Quote:
HTTPS means that the data sent between your browser & the website is encrypted so no one else can snoop on it or tamper with it before it gets to you. I would be wary of completing any form on a site with just HTTP as anything you put in is sent back to the server in text exactly as you put on the form. HTTPS will encrypt this. ---------- Post added at 12:07 ---------- Previous post was at 11:54 ---------- Quote:
HTTP is in no way secure, everything is sent in plain text, whereas HTTPS encrypts data, it's as simple as that. As for that post you link to on tapeheads, I really don't know what to say. First goes on about "compromise of your computer" well if your computer is compromised, HTTPS will not help you! "At Tapeheads, everything you send and everything you receive is handled in plain, unencrypted text." well yes, if you don't use HTTPS then everything is transmitted & received unencrypted. "We don't run a secure connection to users because we don't need to" so why do they have HTTPS as well now, and why are they not redirecting HTTP to HTTPS? "Enabling an https connection adds overhead and complexity that's just not of any benefit whatsoever to anyone." No it doesn't, get a certificate (can be got for free) add it to your hosting, and setup an HTTP to HTTPS redirect, and it's a benefit to everyone "The only possible ramification of this is that if a user is subject to a man-in-the-middle exploit, their login might be compromised" So they don't care if your login details get stolen whilst logging in, great site! one to stay away from! And finally "secure connections break this version of vBulletin" Um, so update your software, easy! |
Re: http - how secure is it?
Quote:
Basically, what you are saying, if I am correct, is that there is no increased risk by just downloading/streaming from a site which does not have https. |
Re: http - how secure is it?
To Paul,
It takes a long time for big companies to update stuff especially in my arena. It's only the inbuilt CSR generation that's like that, we can use the underlying tools to put more names in. The issue though is the change to needing the main site name in the Alt DNS list To Rillington The risk is that the site may not be the one you think it is as part of HTTPS is authenticating the site as well as encrypting the data. True not many people carefully check certificates but you could. |
Re: http - how secure is it?
Quote:
I could go & create a site now, get a certificate and make sure it's only accessible via HTTPS, and fill it with "dodgy" downloads for you to get, which could then infect your PC. This is where your anti-virus/anti-malware software & common sense comes into play. The increased risk of an HTTP only site is that (with the right skills & willing) someone could see anything you put into a form, or see exactly what you are looking at & downloading. HTTPS prevents this as the communications between you & the website are encrypted. But for any website at all, if you're concerned about downloading anything, simply don't, or search around & try to verify that it's safe. |
Re: http - how secure is it?
It doesnt help when certificate issuers change things.
One of Lets Encrypt's intermediate certificates expires imminently, and thats causing some issues. :( |
Re: http - how secure is it?
Quote:
For me, the issue is whether there is any addition risk simply by visiting a site which does not have https because as soon as you visit any website you are downloading content, and from what you have indicated, there is no difference as all https does is encrypt data sent between user and site and vice versa to stop sone else from seeing what you are doing and what data is being transferred. Correct? |
Re: http - how secure is it?
Quote:
|
Re: http - how secure is it?
Thank you for the clarification.
|
Re: http - how secure is it?
and am i right that regardless of whether a site is 'secure' or 'not secure', you are downloading content onto your hard-drive just by visiting the site and there is no difference regarding safety if you choose to save the content you download rather than getting rid of it by clearing your browsing data.
|
Re: http - how secure is it?
Most browsers cache files, so technically, yes, you are downloading content.
Thats different to choosing to download specific files though. |
Re: http - how secure is it?
Quote:
|
Re: http - how secure is it?
Quote:
---------- Post added at 17:36 ---------- Previous post was at 17:35 ---------- Quote:
|
Quote:
|
| All times are GMT +1. The time now is 20:26. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2025, vBulletin Solutions Inc.
All Posts and Content are © Cable Forum