That might be the case, but in Google Chrome the https and the padlock are crossed out. That means it isn't safe to use. I (and probably most other people too) will not use this site until this is fixed.
er no, that is NOT what it means.
from
Google's Website Security Indicator A red padlock means
The site uses SSL, but Google Chrome has detected either high-risk insecure content on the page or problems with the site’s certificate. Don’t enter sensitive information on this page. Invalid certificate or other serious https issues could indicate that someone is attempting to tamper with your connection to the site.
Click the padlock.
you will get
Site identity : Green padlock - therefore the site is genuinely registered as vircurex.com
Connection: Red padlock:
"Your connection to the site is encrypted, but Google Chrome has detected mixed scripting on the page. Be careful if you’re entering personal information on this page. Mixed scripting can provide a loophole for someone to take over the page. This content could be third-party scripts or videos embedded on the page.
If you’re connected to the Internet via a public wireless network, mixed scripting is especially risky because wireless networks are easier to tamper with than wired networks."
I'm using Chrome, and have a yellow padlock on this site.
That is a Green padlock for the certificate; ie. the site is genuinely registered as bitcointalk.org
I have a yellow padlock for the connection; ie this site uses content from outside the
https://bitcointalk.org website.
Does that mean that this site is unsafe?
To be honest the only sites that you can definitively trust are those that have the green bar, like paypal.com which has extended validation certificates. In other words they've had to prove that their site is their site through a physical street address. You still have to decide whether to trust PayPal.
A green certificate for vircurex.com doesn't mean that it IS vircurex's site, as I could still have changed the dns, and have a mitm https proxy between them and you feeding you a false certificate registered at another certificate provider.
You need to decide what the risk is
is the connection encrypted? YES
is the content all supplied from the site? NO, there are google ads and analytics (I think it's this last that's causing the problem).
is the site definitively vircurex.com? YES/NO. only EV certificates provide this (so NO). However it is DOMAIN validated in that the owner received and validated the confirmation email (so YES, providing you believe that having control of the email at the time of certificate request is adequate.)
None of this means that there is nothing to fix. I think it's the analytic code which should be changed to https only - it currently determines at runtime. That's just my quick glance though.
above all remember the icon is a quick guide to multiple aspects of the connection, and highlights the worst one, which may not be a risk at all.
marked
