Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | (show all)   Print Thread
Standard User realj42
(regular) Sun 05-Feb-17 10:11:05
Print Post

New browser security warnings - do you care?


[link to this post]
 
If you are using (up to date) Chrome or Firefox browsers did you notice the security warnings they now flag up when you logged in to the forum? And do you care?

Basically Chrome and Firefox are now flagging any login page, or any form which takes 'personal information' as 'Not Secure' if they do not use HTTPS (example thinkbroadband...) Now I am not criticising TB, all such websites including the ones I run have been caught out by this, I just want to get an idea if there is a lot of feeling about this before advising clients to spend hundreds of pounds on security upgrades on sites which are not exactly huge money-earners.

It does look off-putting to me but maybe I worry too much! Yes it's a good thing to improve internet security but I worry how this will affect voluntary and low income websites which run forums etc.

Cheerts
Standard User micksharpe
(legend) Sun 05-Feb-17 11:06:03
Print Post

Re: New browser security warnings - do you care?


[re: realj42] [link to this post]
 
The fact that this site does not use HTTPS has been a bugbear for a long time, so much so that I had forgotten all about it. I would care if it was an e-commerce site, and I would prefer at least the logon page to use SSL.
Standard User gomezz
(eat-sleep-adslguide) Sun 05-Feb-17 11:13:31
Print Post

Re: New browser security warnings - do you care?


[re: realj42] [link to this post]
 
This is why I login to TBB and other HTTP sites using my lowest level password regime. Nothing of any real worth to lose.

BT Infinity 1 (unlimited)


Register (or login) on our website and you will not see this ad.

Standard User Kenneth
(legend) Sun 05-Feb-17 11:23:36
Print Post

Re: New browser security warnings - do you care?


[re: realj42] [link to this post]
 
I haven't noticed on this site - but then I haven't logged in recently as it remembers who I am.

If you re-use the password anywhere important - then yes you probably should be a little concerned (you shouldn't be doing that anyway).

Hopefully most websites use standard forum software so will be updated pretty quickly and it should be a simple update as part of normal security updates

Ken

Nostalgia is memory with the pain removed
Standard User realj42
(regular) Sun 05-Feb-17 13:47:57
Print Post

Re: New browser security warnings - do you care?


[re: Kenneth] [link to this post]
 
Unfortunately this is not a simple upgrade. Each site/domain will have to install its own security certificate at a cost of £39 +VAT per annum, plus there may be at least some fixes to links around the site and setting up of 301 redirects at a minimum.
Standard User Davey_H
(learned) Sun 05-Feb-17 13:51:06
Print Post

Re: New browser security warnings - do you care?


[re: realj42] [link to this post]
 
https://letsencrypt.org
Standard User realj42
(regular) Sun 05-Feb-17 15:39:18
Print Post

Re: New browser security warnings - do you care?


[re: Davey_H] [link to this post]
 
Cheers that is something I wasn't aware of. Looks cool but it looks like it's only suitable if you have root access to your host which is not usually the case, or if your web host company supports it directly. Will bear it in mind for future projects but for now my clients will have to pay. I will certainly try it out on my AWS hosted site though.

[Update] - wouldn't you know it I just found out my hosting company (Vidahost) do support Let's Encrypt, with the caveat that as they are new with an uncertain funding regime so your certificate may not renewed. Whatever I'll give it a go.

Edited by realj42 (Sun 05-Feb-17 15:50:28)

Standard User caffn8me
(knowledge is power) Sun 05-Feb-17 16:19:14
Print Post

Re: New browser security warnings - do you care?


[re: realj42] [link to this post]
 
If you have no luck getting Let's Encrypt working with Vidahost, https://www.cheapsslsecurity.co.uk offers domain validated cetificates from as little as £4 a year.

Once your encryption's up and running you can fine tune security settings by checking your site at;The High-Tech Bridge SSL/TLS test and the Qualys SSL Labs test do have slight differences in what they test for and how they score so it's worth doing both.

Enjoy smile

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Standard User realj42
(regular) Sun 05-Feb-17 19:35:14
Print Post

Re: New browser security warnings - do you care?


[re: caffn8me] [link to this post]
 
Cheers, but these certificates still seem to need root access. I have one website working with Vidahost and Let's Encrypt so that does work.
Standard User GeeTee
(committed) Sun 05-Feb-17 19:44:08
Print Post

Re: New browser security warnings - do you care?


[re: realj42] [link to this post]
 
If set up correctly on the host with the supplied LetsEncrypt scripts then the certificates automagically get renewed as required with no further intervention.
Pages in this thread: 1 | 2 | (show all)   Print Thread

Jump to