Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1508 posts

Uber Geek
+1 received by user: 213


# 208186 30-Jan-2017 21:49
Send private message

I see that for a number of pages, such as login pages, Geekzone has https enabled. Now that Chrome and Firefox are applying stricter controls to pages, is Geekzone going to go full https? I thought I had seen somewhere I could use https, but https://www.geekzone.co.nz just redirects back to http.

 

For most pages everything seems OK, but now clicking in to a thread generates an https warning in the URL bar:

 

 

 

This is Firefox 51 just updated today. Chrome 56 is still giving the grey circle of indifference.

 

Google and now Firefox are apparently going to get tougher on this quickly. https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html.

 

I am sure I read somewhere that by mid 2017, all http pages, not just login and payment pages, were going to be marked insecure. I have not been able to find that reference again though.

 

If the site is hosted in IIS, URL_Rewrite is a quick and pretty effective tool to redirect all links to https.





Try Vultr using this link and get us both some credit:

 

http://www.vultr.com/?ref=7033587-3B


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3
22069 posts

Uber Geek
+1 received by user: 4683

Trusted
Subscriber

  # 1713027 30-Jan-2017 23:07
Send private message

Considering you are not entering a login on the insecure page I don't see what the problem is with it being insecure?





Richard rich.ms

278 posts

Ultimate Geek
+1 received by user: 102


  # 1713031 30-Jan-2017 23:12
Send private message

Making a complex site "full https" is far from easy, specially if they load content from third-parties (ad networks,...)


 
 
 
 


14760 posts

Uber Geek
+1 received by user: 2746

Trusted
Subscriber

  # 1713052 31-Jan-2017 06:55
Send private message

I just updated to Firefox 51, no warnings or problems on the Geekzone login page. Chrome is working fine too.


BDFL - Memuneh
63357 posts

Uber Geek
+1 received by user: 13867

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1713194 31-Jan-2017 11:00
One person supports this post
Send private message

It's not a "Warning" per se but a status. The page is not encrypted so the browser just reflects that. A "Warning" would be an encrypted page that has been compromised (MITM attack, invalid certificated, mixed content, etc).

 

Even our non-encrypted pages have content served over HTTPS (images, CSS and scripts) and the main reason is speed. All those elements are served using HTTP/2 and this gives a speed boost. Also we do serve encrypted pages (login, messages, profile, gallery) and the reasons are obvious.

 

I'd like to serve the whole site over HTTPS but there are (as mentioned) two reasons why this is not possible at the moment: advertising and mixed content.

 

One network we use is not able to provide HTTPS yet. Dropping this network would mean big cut in revenue so we keep pushing them to have this added.

 

Mixed content is another area that involves a lot of "training". It seems people rather post images from third party sites (sometimes their own servers) instead of uploading to Geekzone (where the images are available as HTTPS). These third-party images will not appear on encrypted pages if not served over HTTPS themselves. We could block these images from being added to messages but hey...







1508 posts

Uber Geek
+1 received by user: 213


  # 1713217 31-Jan-2017 12:08
Send private message

Thanks for the informative reply Freitasm.

 

I am more interested in how others are looking to handle the transition to https everywhere as Google, Mozilla and I believe even Microsoft start to enforce it by upgrading their browser warnings for plain http sites. Browsers have been training people to not trust sites that have red in the URL bar and soon there is going to be a whole lot more red showing up even if the page doesn't need https security. 

 

@timmay, it isn't the login page I have an issue with, that appears as secure. It is when I click into a thread I see the warning in firefox 51.





Try Vultr using this link and get us both some credit:

 

http://www.vultr.com/?ref=7033587-3B


BDFL - Memuneh
63357 posts

Uber Geek
+1 received by user: 13867

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1713246 31-Jan-2017 13:10
Send private message

As I mentioned is not a warning really - a warning would be "Something is wrong here". That's more of a signal meaning "This page is not encrypted, just so you know".





Mr Snotty
8608 posts

Uber Geek
+1 received by user: 4503

Moderator
Trusted
Lifetime subscriber

  # 1713248 31-Jan-2017 13:18
Send private message

Are you accessing this from your work? At my work they have SSL inspection enabled which generates errors on Chrome with Geekzone and other SSL enabled sites - try going to https://murfy.nz to see if this is the case (as it uses the same Cloudflare SSL certificate).





BDFL - Memuneh
63357 posts

Uber Geek
+1 received by user: 13867

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1713250 31-Jan-2017 13:20
Send private message

No, it's not that - I am at home on 2degrees and see the status he's talking about and it's on non-SSL pages. SSL pages have no warnings and show the green lock just fine.

 

Why would your work give an error on the cert anyway? If it's happening because of Cloudflare then I'd like to know so we can report and have that fixed.





Mr Snotty
8608 posts

Uber Geek
+1 received by user: 4503

Moderator
Trusted
Lifetime subscriber

  # 1713285 31-Jan-2017 14:04
Send private message

@freitasm SSL inspection, inspection certificate loaded on each workstation to allow for this but signed as a SHA1 certificate :) I've already bought this up with them.

Nothing with Cloudflare, it is just how my work has implemented it.




BDFL - Memuneh
63357 posts

Uber Geek
+1 received by user: 13867

Administrator
Trusted
Geekzone
Lifetime subscriber

6564 posts

Uber Geek
+1 received by user: 1285

Trusted
Lifetime subscriber

  # 1713289 31-Jan-2017 14:16
Send private message

freitasm:

 

A failed MITM then... I wouldn't trust anything on that network ;)

 

 

My work started MITMing everything six months ago. IE and Chrome both let this happen silently, while Firefox set off the alarm bells.


14825 posts

Uber Geek
+1 received by user: 2008


  # 1713295 31-Jan-2017 14:45
Send private message

IMO, it is more about these big companies trying to force standards. Using a secure certificate often has additional costs, eg. some servers require dedicated IPs for secure certs, and to convert some websites to https could be a major expensive job.


6564 posts

Uber Geek
+1 received by user: 1285

Trusted
Lifetime subscriber

  # 1713299 31-Jan-2017 14:55
Send private message

In many cases there is no need for HTTPS anyway - take the MetService site as an example. Weather data is hardly a secret!


14825 posts

Uber Geek
+1 received by user: 2008


  # 1713304 31-Jan-2017 15:02
Send private message

Behodar:

 

In many cases there is no need for HTTPS anyway - take the MetService site as an example. Weather data is hardly a secret!

 

 

IMO the bigger problem is websites that use old versions of CMS like wordpress, which have security holes.  I wonder how long it will be before a warming in the browser will appear for people who visit a wordpress website running an old version? I notice that some websites detect when using an old version of Chrome of firefox, although they often incorrectly detect the wrong version, and I am actually using the latest version.


6564 posts

Uber Geek
+1 received by user: 1285

Trusted
Lifetime subscriber

  # 1713307 31-Jan-2017 15:07
Send private message

mattwnz: although they often incorrectly detect the wrong version, and I am actually using the latest version.

 

 

Spark's site to this day tells me that my fully-updated Firefox derivative is "pretty retro" and that some of the site's features will not work. As far as I can tell, everything works fine.


 1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Video game market in New Zealand passes half billion dollar mark
Posted 24-May-2019 16:15


WLG-X festival to celebrate creativity and innovation
Posted 22-May-2019 17:53


HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07


Techweek starting around NZ today
Posted 20-May-2019 09:52


Porirua City Council first to adopt new council software solution Datascape
Posted 15-May-2019 12:00


New survey provides insight into schools' technology challenges and plans
Posted 15-May-2019 09:30


Apple Music now available on Alexa devices in Australia and New Zealand
Posted 15-May-2019 09:11


Make a stand against cyberbullying this Pink Shirt Day
Posted 14-May-2019 20:23


Samsung first TV manufacturer to launch the Apple TV App and Airplay 2
Posted 14-May-2019 20:11


Vodafone New Zealand sold
Posted 14-May-2019 07:25


Kordia boosts cloud performance with locally-hosted Microsoft Azure ExpressRoute
Posted 8-May-2019 10:25


Microsoft Azure ExpressRoute in New Zealand opens up faster, more secure internet for Kiwi businesses
Posted 8-May-2019 09:39


Vocus Communications to deliver Microsoft Azure Cloud Solutions through Azure ExpressRoute
Posted 8-May-2019 09:25


Independent NZ feature film #statusPending to premiere during WLG-X
Posted 6-May-2019 22:13


The ultimate dog photoshoot with Nokia 9 PureView #ForgottenDogsofInstagram
Posted 6-May-2019 09:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.