check_status (OP)
Full Member
 Offline
Activity: 196
Merit: 100
Web Dev, Db Admin, Computer Technician
|
 |
March 20, 2012, 03:12:53 AM |
|
When first landing at the website https is good, secure. As I drill down to post into a topic it becomes normal or insecure. With the latest chrome 18 it is fine until in a topic, then https is lost, backing out and refreshing 'secure' returned, enter topic, https is lost. Chrome 17 and Opera 11.61, once you drill down into a topic, the https is lost; up one directory, refreshing does not return https, it remains insecure.
Is this a site issue, a certificate issue, or a browser issue?
|
For Bitcoin to be a true global currency the value of BTC needs always to rise. If BTC became the global currency & money supply = 100 Trillion then ⊅1.00 BTC = $4,761,904.76. P2Pool Server List | How To's and Guides Mega List | 1 EndfedSryGUZK9sPrdvxHntYzv2EBexGA |
|
|
|
|
|
|
|
|
|
No Gods or Kings. Only Bitcoin
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
Kluge
Donator
Legendary
Offline
Activity: 1218
Merit: 1015
|
|
March 20, 2012, 03:14:48 AM |
|
Experiencing something similar. "Some resources" are not secure when in a topic. I'm guessing it's an irrelevant alert, but would be nice to know.
|
|
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
March 20, 2012, 03:17:35 AM |
|
When first landing at the website https is good, secure. As I drill down to post into a topic it becomes normal or insecure. With the latest chrome 18 it is fine until in a topic, then https is lost, backing out and refreshing 'secure' returned, enter topic, https is lost. Chrome 17 and Opera 11.61, once you drill down into a topic, the https is lost; up one directory, refreshing does not return https, it remains insecure.
Is this a site issue, a certificate issue, or a browser issue?
I am assuming that you mean you lose the padlock icon, or the blue bar? That could be caused by loading external images from non-secure sites. Or do you mean it actually switches between https:// and http:// ? I haven't seen that happening. |
|
|
|
Kluge
Donator
Legendary
Offline
Activity: 1218
Merit: 1015
|
|
March 20, 2012, 03:18:55 AM |
|
Could it be avatars? It appears the forum software does not host them locally (unless it was uploaded from PC, not URL), but simply redirects to the original site hosting the image.
|
|
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
March 20, 2012, 03:19:54 AM |
|
Could it be avatars? It appears the forum software does not host them locally, but simply redirects to the original site hosting the image.
That would be it it. There is an option for local storage, but no one seems to use it. |
|
|
|
|
DILLIGAF
|
|
March 20, 2012, 03:21:02 AM |
|
When first landing at the website https is good, secure. As I drill down to post into a topic it becomes normal or insecure. With the latest chrome 18 it is fine until in a topic, then https is lost, backing out and refreshing 'secure' returned, enter topic, https is lost. Chrome 17 and Opera 11.61, once you drill down into a topic, the https is lost; up one directory, refreshing does not return https, it remains insecure.
Is this a site issue, a certificate issue, or a browser issue?
This is what chrome tells me when I check the certificate and I see the same lock it has yellow triangle for a warning on it no matter the page. Your connection to bitcointalk.org is encrypted with 256-bit encryption. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page.
The connection uses TLS 1.0.
The connection is encrypted using CAMELLIA_256_CBC, with SHA1 for message authentication and DHE_RSA as the key exchange mechanism.
The connection is compressed with DEFLATE. |
|
|
|
|
Phinnaeus Gage
Legendary
Offline
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
|
|
March 20, 2012, 03:25:44 AM |
|
I, too, have been getting that red line through the https:// part of the URL.
~Bruno~
|
|
|
|
|
check_status (OP)
Full Member
Offline
Activity: 196
Merit: 100
Web Dev, Db Admin, Computer Technician
|
|
March 20, 2012, 03:30:55 AM |
|
Avatars sounds like one good reason.
In Opera, if I open a new site, banking.bs, the degraded security persists. Chrome is not quite the same, https returns, maybe because of process seperation.
|
For Bitcoin to be a true global currency the value of BTC needs always to rise. If BTC became the global currency & money supply = 100 Trillion then ⊅1.00 BTC = $4,761,904.76. P2Pool Server List | How To's and Guides Mega List | 1 EndfedSryGUZK9sPrdvxHntYzv2EBexGA |
|
|
theymos
Administrator
Legendary
Offline
Activity: 5180
Merit: 12873
|
|
March 20, 2012, 04:04:07 AM |
|
Yeah, it's avatars and stuff. Nothing to be worried about.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
mowat
Newbie
Offline
Activity: 4
Merit: 0
|
|
March 20, 2012, 08:29:12 PM |
|
The most important thing that you want SSL to protect is your password and cookie. An attacker who MITMs you (for example, at a public wifi AP) could take control of your account otherwise. The way SSL currently works on the site, those should be secure. I have avatars turned off and only lose the padlock when external images are included in a post, so this is most likely the cause.
To an extent, that's a privacy issue, since an attacker could get some idea of the content you are reading from the images. On the other hand, they can read the forum for themselves. They could also look at who posts every time you are connecting to the site. With enough data points, they could narrow it down to your username. The only effective defense against someone in that position would be to publish posts at random time intervals after submitting them.
|
|
|
|
|
grue
Legendary
Offline
Activity: 2058
Merit: 1431
|
|
March 21, 2012, 12:28:47 AM |
|
even only sending the html via https is still better than everything via http  However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page. was it that hard to find? |
|
|
|
jjjrmy
Member
Offline
Activity: 221
Merit: 10
|
|
March 21, 2012, 03:21:10 AM |
|
I think if any page links to anything other than http:// then it isn't considered secure. All links must be https:// for the green lock.
|
|
|
|
|
grue
Legendary
Offline
Activity: 2058
Merit: 1431
|
|
March 21, 2012, 03:54:22 PM |
|
I think if any page links to anything other than http:// then it isn't considered secure. All links must be https:// for the green lock.
insecure links are ok, insecure content (scripts, images, style sheets) are not. |
|
|
|
|
