Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


JNA



21 posts

Geek
+1 received by user: 5


Topic # 210196 17-Mar-2017 13:36 Send private message quote this post

Hi All,

 

I would like to know if there is a way to enable all HTTP connections to the Spark HG659B Home Gateway device to be HTTPS by default?

 

IMHO this should be the only way to connect to your modem as if I purchased a current quality, alternative from TP-Link, HTTPS would be activated.

 

I've have looked through all the sections on the device portal, read the Huawei Manual and quite a few pages of this forum to no avail.

 

If there is no way to do this, fine however a feedback channel to Spark NZ in relation to this would be appreciated.

 

TIA. JNA.


Create new topic
5975 posts

Uber Geek
+1 received by user: 2527

Moderator
Trusted
Subscriber

  Reply # 1742751 17-Mar-2017 13:44 4 people support this post Send private message quote this post

Erm why? You shouldn't need HTTPS if it is just on your local network as you're only going to man in the middle yourself. If you've got it exposed to the internet then disable this now.





Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router Guide | Community UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


JNA



21 posts

Geek
+1 received by user: 5


  Reply # 1742784 17-Mar-2017 14:49 Send private message quote this post

It's internal but still, why not mandate HTTPS?


 

 



196 posts

Master Geek
+1 received by user: 57


  Reply # 1742786 17-Mar-2017 14:55 9 people support this post Send private message quote this post

How would you add a valid certificate? A self-signed certificate would throw a browser error that would freak most users out.


3135 posts

Uber Geek
+1 received by user: 1628

Trusted
Spark NZ

  Reply # 1742788 17-Mar-2017 14:55 Send private message quote this post

I'm not aware of any way to force this. The router will respond to HTTPS if you address it directly, but doesn't appear to be able to force it - at least not in a standard and supported way. I don't know what you might be able to do from a CLI but it's not going to be a supported config.

 

FWIW - I agree with the above that this is not particularly valuable. If someone is already on your network then you've already lost.

 

Cheers - N

 

 


24886 posts

Uber Geek
+1 received by user: 4786

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1742795 17-Mar-2017 15:09 2 people support this post Send private message quote this post

Why do you believe it's such an essential feature?

 

HTTPS without signed certs is a waste of time due to the errors it throw up in modern browsers.


739 posts

Ultimate Geek
+1 received by user: 186

Trusted

  Reply # 1742799 17-Mar-2017 15:14 Send private message quote this post

Latest firefox throws up warnings about inputing passwords over an unencrypted connection, which I noticed recently on my HG659B. So, some users are going to freak out either way.

19488 posts

Uber Geek
+1 received by user: 3411

Trusted
Subscriber

  Reply # 1742801 17-Mar-2017 15:22 One person supports this post Send private message quote this post

The only way to make it not freak people out is to rely on it DNS intercepting a fully qualified name they have the ability to get a cert generated for, which IMO is a much more messy solution than just using http and putting up with the not secure message.





Richard rich.ms

1476 posts

Uber Geek
+1 received by user: 415

Subscriber

  Reply # 1749127 28-Mar-2017 01:50 One person supports this post Send private message quote this post

To get a trusted cert installed on a router would mean the private keys for that cert would have to also be saved into that router. This would be very,very bad. As anyone who has that router would be able to get access to those private keys and issue their own fake certs for any website. That would then be trusted by web browsers.

 

And if the connection is getting bounced between you - server somewhere on the internet - router. Then you have to also trust that server.

 

I would be very worried if routers are getting shipped out with trusted certs installed in them. To make it at least semi secure the router would need a TPM installed. And then it would need a way of been securely updated, as certs only last for 2 years. Since consumer grade routers are cheaply made, and various models have been previously hacked. I see 0 chance of certs on a consumer router not getting hacked almost immediately. And if you don't have internet access, how would your browser check if the cert has been revoked or not?






Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

National AI group launching next month
Posted 25-May-2017 09:54


New Zealand Digital Future, according to tech companies
Posted 25-May-2017 09:51


New Microsoft Surface Pro delivers outstanding battery life, performance
Posted 25-May-2017 09:34


Garmin VIRB 360 brings immersive 360-degree 5.7K camera experience
Posted 25-May-2017 09:30


Telecommunications monitoring report: Are you being served?
Posted 24-May-2017 11:54


NetValue partners with CRM Provider SugarCRM
Posted 23-May-2017 20:04


Terabyte looms as Vocus users download 430GB a month
Posted 19-May-2017 14:51


2degrees tips into profit after seven lean years
Posted 19-May-2017 09:47


2degrees growth story continues
Posted 17-May-2017 15:25


Symantec Blocks 22 Million Attempted WannaCry Ransomware Attacks Globally
Posted 17-May-2017 12:41


HPE Unveils Computer Built for the Era of Big Data
Posted 17-May-2017 12:39


Samsung Galaxy S8 Plus review: Beautiful, feature-packed
Posted 16-May-2017 20:14


After ten years of mail pain Spark is done with Yahoo
Posted 15-May-2017 13:12


Warnings from security firms: do not click that link or risk your computer being infected
Posted 15-May-2017 10:11


Pushpay named NZ Hi-Tech Company of the Year 2017
Posted 15-May-2017 09:59



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.