Welcome to the Invelos forums. Please read the forum rules before posting.

Read access to our public forums is open to everyone. To post messages, a free registration is required.

If you have an Invelos account, sign in to post.

    Invelos Forums->General: Website Discussion Page: 1  Previous   Next
Insecure Connection
Author Message
DVD Profiler Desktop and Mobile Registrantmediadogg
Aim high. Ride the wind.
Registered: March 18, 2007
Reputation: Highest Rating
United States Posts: 4,846
Posted:
PM this userVisit this user's homepageDirect link to this postReply with quote
I am now getting a warning from FireFox that Invelos.com is an insecure connection and subject to password capture. When I try https://www.Invelos.com, it doesn't work.

Should I, or anybody else be concerned about this?
Thanks for your support.
Free Plugins available here.
Advanced plugins available here.
DVD Profiler Desktop and Mobile RegistrantStar ContributorDJ Doena
Battle Troll
Registered: March 14, 2007
Reputation: Highest Rating
Germany Posts: 6,047
Posted:
PM this userEmail this userVisit this user's homepageView this user's DVD collectionDirect link to this postReply with quote
In recent years there have been a lot of issues regarding security with the unencrypted HTTProtocol.

It is much saver and better for everyone to switch to the SSL encrypted communication denoted by the https:// prefix.

Last year the browser manufactures like Mozilla (Firefox) and Google (Chrome) decided to force the issue and display http:// as untrusted.

Unfortunately Ken has not yet opted to provide the secure connection yet. That's why it's getting flagged by the browsers.

https://motherboard.vice.com/en_us/article/xygdxq/google-will-soon-shame-all-websites-that-are-unencrypted-chrome-https
Karsten
DVD Collectors Online
Amazon Price Observer

 Last edited: by DJ Doena
DVD Profiler Desktop and Mobile RegistrantStar ContributorDJ Doena
Battle Troll
Registered: March 14, 2007
Reputation: Highest Rating
Germany Posts: 6,047
Posted:
PM this userEmail this userVisit this user's homepageView this user's DVD collectionDirect link to this postReply with quote
However, what do you mean by password capture?
Karsten
DVD Collectors Online
Amazon Price Observer

DVD Profiler Desktop and Mobile Registrantmediadogg
Aim high. Ride the wind.
Registered: March 18, 2007
Reputation: Highest Rating
United States Posts: 4,846
Posted:
PM this userVisit this user's homepageDirect link to this postReply with quote
Quoting DJ Doena:
Quote:
However, what do you mean by password capture?

I didn't realize it was not clear. The FireFox message says that using an unsecure connection exposes any data that is entered on the web page to a third party that might have intercepted the transmission. Anything "in the clear," such as user IDs and passwords can be captured for illegal use. Not sure why you put me to the task of explaining it, since I'm quite certain you know all that. 

(unless of course the browser encrypts the data before transmission - maybe that's why you are asking?)

The reason I asked a "dumb" question was that perhaps there was some nuance that I did not know about. Something like the false positive you can often get from antivirus programs. I was hoping it was something like that - and somebody would say "not to worry," and also explain it to me.

(Oh by the way, thanks for taking the time to respond ...    - your linked article explains the situation well)
Thanks for your support.
Free Plugins available here.
Advanced plugins available here.
 Last edited: by mediadogg
DVD Profiler Desktop and Mobile RegistrantStar ContributorDJ Doena
Battle Troll
Registered: March 14, 2007
Reputation: Highest Rating
Germany Posts: 6,047
Posted:
PM this userEmail this userVisit this user's homepageView this user's DVD collectionDirect link to this postReply with quote
Quoting mediadogg:
Quote:
Quoting DJ Doena:
Quote:
However, what do you mean by password capture?

I didn't realize it was not clear. The FireFox message says that using an unsecure connection exposes any data that is entered on the web page to a third party that might have intercepted the transmission. Anything "in the clear," such as user IDs and passwords can be captured for illegal use. Not sure why you put me to the task of explaining it, since I'm quite certain you know all that. 


No I thought there was some actual additional input querying your password or so. Because that would have been suspicious.
Karsten
DVD Collectors Online
Amazon Price Observer

DVD Profiler Desktop and Mobile Registrantmediadogg
Aim high. Ride the wind.
Registered: March 18, 2007
Reputation: Highest Rating
United States Posts: 4,846
Posted:
PM this userVisit this user's homepageDirect link to this postReply with quote
Oh I see. Well thanks again for the article. I didn't realize that there were so many web sites without this protection. Geez, even my own little web site has it. I can't imagine why any company with a large user base such as Invelos would not have this. Do you? Is there a cost issue? Maintenance? Or just plain laziness?
Thanks for your support.
Free Plugins available here.
Advanced plugins available here.
DVD Profiler Desktop and Mobile RegistrantStar ContributorDJ Doena
Battle Troll
Registered: March 14, 2007
Reputation: Highest Rating
Germany Posts: 6,047
Posted:
PM this userEmail this userVisit this user's homepageView this user's DVD collectionDirect link to this postReply with quote
Small websites have to pay a few more bucks for SSL on their domains. But since Invelos is probably running on a dedicated server, it should be part of the package.

However, it used to be a bit pricey to have an SSL certificate from a CA (certificate authority).

But now there is Let's Encrypt
Karsten
DVD Collectors Online
Amazon Price Observer

 Last edited: by DJ Doena
DVD Profiler Desktop and Mobile Registrantmediadogg
Aim high. Ride the wind.
Registered: March 18, 2007
Reputation: Highest Rating
United States Posts: 4,846
Posted:
PM this userVisit this user's homepageDirect link to this postReply with quote
Quoting DJ Doena:
Quote:
Small websites have to pay a few more bucks for SSL on their domains. But since Invelos is probably running on a dedicated server, it should be part of the package.

However, it used to be a bit pricey to have an SSL certificate from a CA (certificate authority).

But now there is Let's Encrypt

Good Info.
Man, is there anything you don't know about I/T?   

Let's hope Ken is watching and takes advantage ...
Thanks for your support.
Free Plugins available here.
Advanced plugins available here.
 Last edited: by mediadogg
    Invelos Forums->General: Website Discussion Page: 1  Previous   Next