Bitcoin Forum
December 10, 2016, 03:08:13 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Bitcointalk https is not staying secure  (Read 1811 times)
check_status
Full Member
***
Offline Offline

Activity: 196


Web Dev, Db Admin, Computer Technician


View Profile
March 20, 2012, 03:12:53 AM
 #1

When first landing at the website https is good, secure. As I drill down to post into a topic it becomes normal or insecure. With the latest chrome 18 it is fine until in a topic, then https is lost, backing out and refreshing 'secure' returned, enter topic, https is lost. Chrome 17 and Opera 11.61, once you drill down into a topic, the https is lost; up one directory, refreshing does not return https, it remains insecure.

Is this a site issue, a certificate issue, or a browser issue?

For Bitcoin to be a true global currency the value of BTC needs always to rise.
If BTC became the global currency & money supply = 100 Trillion then ⊅1.00 BTC = $4,761,904.76.
P2Pool Server List | How To's and Guides Mega List |  1EndfedSryGUZK9sPrdvxHntYzv2EBexGA
1481382493
Hero Member
*
Offline Offline

Posts: 1481382493

View Profile Personal Message (Offline)

Ignore
1481382493
Reply with quote  #2

1481382493
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481382493
Hero Member
*
Offline Offline

Posts: 1481382493

View Profile Personal Message (Offline)

Ignore
1481382493
Reply with quote  #2

1481382493
Report to moderator
1481382493
Hero Member
*
Offline Offline

Posts: 1481382493

View Profile Personal Message (Offline)

Ignore
1481382493
Reply with quote  #2

1481382493
Report to moderator
1481382493
Hero Member
*
Offline Offline

Posts: 1481382493

View Profile Personal Message (Offline)

Ignore
1481382493
Reply with quote  #2

1481382493
Report to moderator
Kluge
Donator
Legendary
*
Offline Offline

Activity: 1218


Michael, send me some coins before I hitman you


View Profile
March 20, 2012, 03:14:48 AM
 #2

Experiencing something similar. "Some resources" are not secure when in a topic. I'm guessing it's an irrelevant alert, but would be nice to know.

Don't mix your coins someone said isn't legal
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
March 20, 2012, 03:17:35 AM
 #3

When first landing at the website https is good, secure. As I drill down to post into a topic it becomes normal or insecure. With the latest chrome 18 it is fine until in a topic, then https is lost, backing out and refreshing 'secure' returned, enter topic, https is lost. Chrome 17 and Opera 11.61, once you drill down into a topic, the https is lost; up one directory, refreshing does not return https, it remains insecure.

Is this a site issue, a certificate issue, or a browser issue?

I am assuming that you mean you lose the padlock icon, or the blue bar? That could be caused by loading external images from non-secure sites. Or do you mean it actually switches between https:// and http:// ? I haven't seen that happening.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Kluge
Donator
Legendary
*
Offline Offline

Activity: 1218


Michael, send me some coins before I hitman you


View Profile
March 20, 2012, 03:18:55 AM
 #4

Could it be avatars? It appears the forum software does not host them locally (unless it was uploaded from PC, not URL), but simply redirects to the original site hosting the image.

Don't mix your coins someone said isn't legal
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
March 20, 2012, 03:19:54 AM
 #5

Could it be avatars? It appears the forum software does not host them locally, but simply redirects to the original site hosting the image.
That would be it it. There is an option for local storage, but no one seems to use it.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
DILLIGAF
Full Member
***
Offline Offline

Activity: 168



View Profile
March 20, 2012, 03:21:02 AM
 #6

When first landing at the website https is good, secure. As I drill down to post into a topic it becomes normal or insecure. With the latest chrome 18 it is fine until in a topic, then https is lost, backing out and refreshing 'secure' returned, enter topic, https is lost. Chrome 17 and Opera 11.61, once you drill down into a topic, the https is lost; up one directory, refreshing does not return https, it remains insecure.

Is this a site issue, a certificate issue, or a browser issue?


This is what chrome tells me when I check the certificate and I see the same lock it has yellow triangle for a warning on it no matter the page.

Quote
Your connection to bitcointalk.org is encrypted with 256-bit encryption. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page.

The connection uses TLS 1.0.

The connection is encrypted using CAMELLIA_256_CBC, with SHA1 for message authentication and DHE_RSA as the key exchange mechanism.

The connection is compressed with DEFLATE.
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
March 20, 2012, 03:25:44 AM
 #7

I, too, have been getting that red line through the https:// part of the URL.

~Bruno~
check_status
Full Member
***
Offline Offline

Activity: 196


Web Dev, Db Admin, Computer Technician


View Profile
March 20, 2012, 03:30:55 AM
 #8

Avatars sounds like one good reason.
In Opera, if I open a new site, banking.bs, the degraded security persists. Chrome is not quite the same, https returns, maybe because of process seperation.

For Bitcoin to be a true global currency the value of BTC needs always to rise.
If BTC became the global currency & money supply = 100 Trillion then ⊅1.00 BTC = $4,761,904.76.
P2Pool Server List | How To's and Guides Mega List |  1EndfedSryGUZK9sPrdvxHntYzv2EBexGA
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2506


View Profile
March 20, 2012, 04:04:07 AM
 #9

Yeah, it's avatars and stuff. Nothing to be worried about.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
mowat
Newbie
*
Offline Offline

Activity: 4


View Profile
March 20, 2012, 08:29:12 PM
 #10

The most important thing that you want SSL to protect is your password and cookie. An attacker who MITMs you (for example, at a public wifi AP) could take control of your account otherwise. The way SSL currently works on the site, those should be secure. I have avatars turned off and only lose the padlock when external images are included in a post, so this is most likely the cause.

To an extent, that's a privacy issue, since an attacker could get some idea of the content you are reading from the images. On the other hand, they can read the forum for themselves. They could also look at who posts every time you are connecting to the site. With enough data points, they could narrow it down to your username. The only effective defense against someone in that position would be to publish posts at random time intervals after submitting them.
grue
Global Moderator
Legendary
*
Offline Offline

Activity: 1932



View Profile
March 21, 2012, 12:28:47 AM
 #11

even only sending the html via https is still better than everything via http Tongue
Quote from: YOUR BROWSER
However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page.
was it that hard to find?

It is pitch black. You are likely to be eaten by a grue.

Tired of annoying signature ads? Ad block for signatures
jjjrmy
Member
**
Offline Offline

Activity: 112


View Profile
March 21, 2012, 03:21:10 AM
 #12

I think if any page links to anything other than http:// then it isn't considered secure. All links must be https:// for the green lock.
grue
Global Moderator
Legendary
*
Offline Offline

Activity: 1932



View Profile
March 21, 2012, 03:54:22 PM
 #13

I think if any page links to anything other than http:// then it isn't considered secure. All links must be https:// for the green lock.
insecure links are ok, insecure content (scripts, images, style sheets) are not.

It is pitch black. You are likely to be eaten by a grue.

Tired of annoying signature ads? Ad block for signatures
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!