Bitcoin Forum

Recently BTC guild replaced all the secure https links on the menu with http links.
Also the site now has google ads which load javascript from insecure http.

This allows man in the middle attacks on your accounts.
An attacker can hijack the insecure request to google and inject javascript into btc guild pages to steal cookies/money, even if your on a https page.
If you click any of the links in the menu, your login cookies are sent over plain text http.
I sent an email to them about this and got no response.

If you use Tor to access btc guild, you are especially vulnerable to this.

Good work getting the BTCGuild thread deleted. :P

I posted to the thread (where did it go btw?) asking if he could deliver ads via ssl and never got a response. Started donating to remove ads and there is still a warning from Chrome that there are still some items not being delivered over ssl. Would be nice to just have everything run over ssl.

Try QuietUrl (https://addons.mozilla.org/en-US/firefox/addon/quieturl/), add
^http://www\.btcguild\.com/(.*) https://www.btcguild.com/$1
and make sure enabled is checked.

wtf who deleted the btcguild thread?

AdSense doesn't support SSL (yet, anyway). Source (http://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528).