Why unsecure site?

[Cassia]

When I log into other sites the http says secured site, but CH says it's an unsecure site. Why is that?

 

[Brighten04]

Yes I see that too.

 

[user1234]

When I log into other sites the http says secured site, but CH says it's an unsecure site. Why is that?

Yes I see that too.

Yes, and if I click on the little icon in my chrome browser, it says 'Your connection to this site is not private' , and it makes no difference what I do to settings, it still says it's not private, even if I try the 'incognito' setting in chrome.
I guess we're all pretty vulnerable, everything is being watched and/or tracked.
Dont forget to wave to all the 'guests'. eep::wave:

 

[Cassia]

Yes the admins seem scarce these days too. Says passwords are not safe either. Hopefully they can fix it.

 

[user1234]

Well, I'm guessing if any intruder wanted to exploit vulnerabilities, the damage is probably done. The thing I don't get is why everybody praises Chrome so much, but there's almost no privacy with it, even with incognito on.
But it seems like alot of us have troubles using other browsers on the site, so it seems like we're stuck with the vulnerabilities.

 

[Stravinsk]

This should be fixed right away, for both the security of members as well as any who may be thinking of joining.

Note: I can get a version of the forum using https:// , the secure protocol - but cannot log in under it.

 

[Lamb]

I have passed on your concerns to Romanos. The site is using http in its password form login which Chrome and Firefox are marking ALL http sites with forms (for passwords and credit cards) as being insecure. This is not something that has suddenly cropped up overnight so please remain calm. Google has wanted sites to start using https for years now and this is their way to force them to comply.

Here is an article from vbulletin which is the software that CH uses:
https://www.vbulletin.com/forum/articles/4361080-converting-your-forum-to-https

 

[MoreCoffee]

When I log into other sites the http says secured site, but CH says it's an unsecure site. Why is that?

https means that the web page is encrypted and your messages to and from it are encrypted so that does make it more secure but it does not make it "safe". CH is safe because no malicious code is present in its web pages. CH is not yet encrypted. It is an easy thing to make it encrypted and I am sure Romanos may be able to make it https. Let's see what happens.

 

[Lamb]

https means that the web page is encrypted and your messages to and from it are encrypted so that does make it more secure but it does not make it "safe". CH is safe because no malicious code is present in its web pages. CH is not yet encrypted. It is an easy thing to make it encrypted and I am sure Romanos may be able to make it https. Let's see what happens.

The host will have to be involved to give him a secure certificate to use https. I'm not sure how soon this will be able to happen. We don't store your credit card information on the site so I think you guys should be fine

 

[Stravinsk]

I wonder how often log ins (to take one example) are sniffed out and intercepted. I'm not fond of the idea of someone intercepting my password, logging in as me and then saying whatever.

 

[MoreCoffee]

The host will have to be involved to give him a secure certificate to use https. I'm not sure how soon this will be able to happen. We don't store your credit card information on the site so I think you guys should be fine

Perhaps some forum users are concerned that their userid and password could be compromised. If that is the case then https will help alleviate that concern.

 

[Lamb]

Perhaps some forum users are concerned that their userid and password could be compromised. If that is the case then https will help alleviate that concern.

Anything can be compromised on the internet. I have asked Romanos to look into this. It's not something I can do since I do not have any access pertaining to it.

 

[MoreCoffee]

Anything can be compromised on the internet. I have asked Romanos to look into this. It's not something I can do since I do not have any access pertaining to it.

Yes, I understood that. Perhaps Romanos will find this link helpful. https://newevolutiondesigns.com/convert-http-to-https

 

[Lamb]

I wonder how often log ins (to take one example) are sniffed out and intercepted. I'm not fond of the idea of someone intercepting my password, logging in as me and then saying whatever.

This is not something new. It's been this way for years now so don't start to panic. One thing users can do is make sure they use a very strong type of password.

Use a Capital letter somewhere in your password
Use a number somewhere in the password
Use a symbol somewhere in the password
Use 12 characters minimum

Don't use a short password
Don't use your pet's name or your child's name
Don't use anything personal to you in the password
Don't use real words
Don't substitute characters within a real word such as H0use


Don't store your password on your browser. If you lose your tablet, phone, computer, etc...if your password is in there then the thief has all he needs.
Don't click on phishing sites asking you to login.

Whenever I get an email asking me to login someplace I don't follow the link. If it's for my bank needing something I actually type in the bank's URL and login through that.

Stay safe.

 

[Lamb]

Yes, I understood that. Perhaps Romanos will find this link helpful. https://newevolutiondesigns.com/convert-http-to-https

That's some of the information in the vbulletin link I shared above on page 1

 

[MoreCoffee]

That's some of the information in the vbulletin link I shared above on page 1

Excellent. It ought not be expensive then

 

[Lamb]

Excellent. It ought not be expensive then

No, it shouldn't cost a thing. It's the time involved plus checking to make sure that all the http throughout the entire site gets changed to https. Then there is a problem with us using external images. I read that some vbulletin owners were still getting unsecure messages because they allowed images from external links. You know, like when we post funny pics from the net or memes.

 

[MoreCoffee]

No, it shouldn't cost a thing. It's the time involved plus checking to make sure that all the http throughout the entire site gets changed to https. Then there is a problem with us using external images. I read that some vbulletin owners were still getting unsecure messages because they allowed images from external links. You know, like when we post funny pics from the net or memes.

Indeed - we're such media hounds!

 

[Stravinsk]

This is not something new. It's been this way for years now so don't start to panic. One thing users can do is make sure they use a very strong type of password.

Use a Capital letter somewhere in your password
Use a number somewhere in the password
Use a symbol somewhere in the password
Use 12 characters minimum

Don't use a short password
Don't use your pet's name or your child's name
Don't use anything personal to you in the password
Don't use real words
Don't substitute characters within a real word such as H0use


Don't store your password on your browser. If you lose your tablet, phone, computer, etc...if your password is in there then the thief has all he needs.
Don't click on phishing sites asking you to login.

Whenever I get an email asking me to login someplace I don't follow the link. If it's for my bank needing something I actually type in the bank's URL and login through that.

Stay safe.

Thanks, although (usually) I store passwords in an encrypted file, and I have so many and they are so complicated I don't remember them. I just remember how to get into the encrypted file. The wording of the warning makes it seem as if http transfer is easily intercepted, so anyone with enough know how could simply monitor traffic, and pick up usernames and passwords as they were entered. I've never hacked a website or attempted anything like this, so I wouldn't know. The list you have given is good practical everyday sense though.

 

[Rens]

I wonder how often log ins (to take one example) are sniffed out and intercepted. I'm not fond of the idea of someone intercepting my password, logging in as me and then saying whatever.

Lol I did that once with a guy who got banned on a Dutch forum and couldn't say what he thought about it anymore. Frustrating. They were highly unfair so I said: here's my password. You can use it. Hahahahahahaha all of a sudden totally different posts under my name. LOL I got banned too. Later on cf when they banned me, he didnt use that anyway, I asked the favor back. Hahahahaha I sent a lot of people pm's with his name, noone knew him, funny, they didn't trust it at all.