Page 1 of 1

Site not secure?

Posted: Mon Sep 10, 2018 11:14 am
by spyderg
My iPad has been telling me this site is not secure for a while now. I don’t log in much because of it.

Re: Site not secure?

Posted: Sun Sep 16, 2018 8:07 pm
by TazKristi
spyderg wrote:
Mon Sep 10, 2018 11:14 am
My iPad has been telling me this site is not secure for a while now. I don’t log in much because of it.
Hey, spyderg:
I'm not seeing anything like that but I'm on desktop or Android devices. Could you post a screenshot?

Kristi

Re: Site not secure?

Posted: Sun Sep 16, 2018 9:28 pm
by Sharp Guy
Hi Kristi,

I saw spyderg's post the other day. I looked into it and saw that my browser (Chrome) said the forum was indeed unsecured (http not https) and didn't think much of it. I figured as long as users weren't entering personal info here why should it matter? The main Spyderco site is secured which makes sense.

I can see this same site info on my PC with Chrome or Firefox and with same browsers on my Android devices. From Chrome on my tablet, there's a little "i" in a circle (information?) in the address bar (finding this is a little different on my phone). When you touch it a little pop up message shows that the site an unsecured (http) address. See the screenshot below.

Image

What interesting is that with Firefox I get basically the same message but it shows that the site is a "https" site but parts ("such as images") are unsecured.

Image

What's more interesting is that the stock Android browser shows that the site is secure. However, if I click "view certificate" it does say that my connection to the site is not private.

Image

Re: Site not secure?

Posted: Mon Sep 17, 2018 9:23 am
by flasharry
I suspect that your browsers are complaining about things such as 3rd party hosted images, which are part of what can in the HTTPS standard is "mixed content" , so that if the HTTPS page you visit includes HTTP content, the HTTP portion can be read or modified by attackers, even though the main page is served over HTTPS. When an HTTPS page has HTTP content, content is deemed “mixed”. The page is only partially encrypted.

Re: Site not secure?

Posted: Mon Sep 17, 2018 9:27 am
by MichaelScott
flasharry wrote:
Mon Sep 17, 2018 9:23 am
I suspect that your browsers are complaining about things such as 3rd party hosted images, which are part of what can in the HTTPS standard is "mixed content" , so that if the HTTPS page you visit includes HTTP content, the HTTP portion can be read or modified by attackers, even though the main page is served over HTTPS. When an HTTPS page has HTTP content, content is deemed “mixed”. The page is only partially encrypted.
Sounds right to me (an old tech geek). My Safari browsers don’t flag it.

Re: Site not secure?

Posted: Sun Sep 30, 2018 6:57 am
by spyderg
7EF41893-8861-4D22-A5B0-91599299C266.jpeg

Re: Site not secure?

Posted: Fri Oct 26, 2018 5:11 am
by Evil D
I noticed on my phone yesterday a little circle with a lower case i inside it on the left of the site address, so I clicked it and it said my connection is not secured. Kinda interesting. I also get the same message on Firefox (also from Android) and on Chrome on my PC.

Re: Site not secure?

Posted: Sat Oct 27, 2018 9:49 pm
by TazKristi
David,
We don't enforce https on the forum because there aren't any transactions that take place here. I have been able to duplicate what some are seeing but it's due to images on the forum that are hosted elsewhere (just as Michael said above). The site is secure as is the forum. We force the https protocol on the main site but essentially it's overkill on the forum.

Re: Site not secure?

Posted: Fri Nov 09, 2018 7:03 am
by SpyderEdgeForever
Kristi, thank you for this explanation because I was wondering along those same lines.

And here is a related question: From what you know, is this true? Someone told me that if a person is making any sort of online financial transaction when purchasing a product such as a knife or anything else from an internet retailer, they should close all other windows and browser windows they have open, except for the secured online purchase window, because, according to this person, hackers can somehow
"piggy back" on other windows, and steal the person's credit card or other personal information. Have you ever heard anything like that?

And so, does this mean that before a person purchases something online, they should first close the window to the Spyderco forum website?