Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»General Discussion»Sites use Secure Login Sc...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

General Discussion

Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region Forums

TheBlackAdder

(28,183 posts) Sat Mar 11, 2017, 10:14 AM Mar 2017

Sites use Secure Login Screens - Firefox alterts me DU Login Screen is not HTTPS, subject to hijack!

.


Is anyone else getting this warning?


The userid and password I send in, as part of the login process, is NOT ENCRYPTED and visible to sniffers and line analyzers at telco offices and ISP providers. I am unable to obtain an HTTPS session for logins.


.

InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 5 replies, 820 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (1) ReplyReply to this post
5 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Sites use Secure Login Screens - Firefox alterts me DU Login Screen is not HTTPS, subject to hijack! (Original Post) TheBlackAdder Mar 2017 OP
This was added in Firefox Release 52 Hokie Mar 2017 #1
I saw that notice. This is my only site doing it. In light of the security breech... TheBlackAdder Mar 2017 #2
No SSL certificate GregD Mar 2017 #3
They might use a pseudo password encryption, but those schemes are public hacker knowledge. TheBlackAdder Mar 2017 #4
Skinner said it is the next item on their agenda. Make7 Mar 2017 #5

Hokie

(4,286 posts)
1. This was added in Firefox Release 52
Reply to TheBlackAdder (Original post)
Sat Mar 11, 2017, 10:22 AM
Mar 2017
Firefox 52 release notes:

Added user warnings for non-secure HTTP pages with logins. Firefox now displays a “This connection is not secure” message when users click into the username and password fields on pages that don’t use HTTPS.


I think Mozilla is trying to encourage sites to use secure HTTP for login pages. It just means your password is not encrypted going from your computer to DU so technically a sniffer program could see your password. By using HTTPS it would be end to end encrypted.

Nothing has changed on DU. It is as secure (or not secure) as it was before.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

TheBlackAdder

(28,183 posts)
2. I saw that notice. This is my only site doing it. In light of the security breech...
Reply to Hokie (Reply #1)
Sat Mar 11, 2017, 10:31 AM
Mar 2017

.


HTTPS for initial logins was generally a site standard for a couple of years.

I believe I've raised this issue with the admins a year ago, and I sent them another email this week.


No response. I find that security is lax in a site that highlights, in yellow, a security breech on its login page.

It takes minutes to implement this, so I have no idea why the delay.


Hopefully this won't get locked, as this discussion needs to be had.


.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

GregD

(2,263 posts)
3. No SSL certificate
Reply to TheBlackAdder (Original post)
Sat Mar 11, 2017, 11:20 AM
Mar 2017

I just tried to force my browser to HTTPS and it did not work.

This confirms it - no SSL
https://www.sslshopper.com/ssl-checker.html#hostname=www.democraticunderground.com

I find it curious that for as inexpensive as SSL certificates are these days, that the site does not have an SSL assigned and the "my account" section absolutely forced to use that. And particularly in the light of having been hacked. WTF?

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
Reply to this discussion
Latest Discussions»General Discussion»Sites use Secure Login Sc...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.