Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOff topicAir New Zealand also Unencrypted
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
dclegg
2806 posts

Uber Geek
+1 received by user: 810

Trusted

  #1078176 1-Jul-2014 19:32
Send private message

sidefx: I think this thread is fair enough TBH.  Going to https://www.airnewzealand.co.nz/onesmart actually redirects you from https TO http :?   so the sign in then looks like the following. It does ultimately POST over https but still seems like pretty poor form from the point of view of educating users...


Posting over HTTPS from HTTP is not secure. Troy Hunt explains why.



sidefx
3775 posts

Uber Geek
+1 received by user: 1295

Trusted

  #1078178 1-Jul-2014 19:35
Send private message

dclegg: 
Posting over HTTPS from HTTP is not secure. Troy Hunt explains why.


Thanks, yeah, I thought there were issues with it too but didn't have time to look them up.




"I was born not knowing and have had only a little time to change that here and there."         | Octopus Energy | Sharesies
              - Richard Feynman

richms
29105 posts

Uber Geek
+1 received by user: 10222

Trusted
Lifetime subscriber

  #1078192 1-Jul-2014 20:05
Send private message

It comes down to the usability of the site winning over security of the site.

IMO if they allow a login form to be loaded over non SSL, they dont give a crap about security.




Richard rich.ms



BTR

BTR
1527 posts

Uber Geek
+1 received by user: 449


  #1078442 2-Jul-2014 09:46
Send private message

michaelmurfy: In terms of bad things happening for using this site, you have more of a chance of getting hax0red for your use of Internet Explorer.


I noticed that as well, using IE and complaining about security is almost asking for it haha.

lyonrouge

1993 posts

Uber Geek
+1 received by user: 20

Trusted
Lifetime subscriber

  #1078445 2-Jul-2014 09:55
Send private message

My grumble was regarding encryption, not security. Encryption in this example is browser agnostic, and although encryption contributes to the security practice is not security in itself.

itxtme
2102 posts

Uber Geek
+1 received by user: 557


  #1078547 2-Jul-2014 12:13
Send private message

dclegg:
sidefx: I think this thread is fair enough TBH.  Going to https://www.airnewzealand.co.nz/onesmart actually redirects you from https TO http :?   so the sign in then looks like the following. It does ultimately POST over https but still seems like pretty poor form from the point of view of educating users...


Posting over HTTPS from HTTP is not secure. Troy Hunt explains why.


How does he insert his logger code into the woolworths site? NVM he had access to the network proxy.  The chance of this actually happening???  Although I did see the comments regarding server performance is 1-2% according to google when they switched gmail to https only.  That in itself is an excellent argument to switching to SSL only!

 
 
 
 

Shop now on AliExpress (affiliate link).
dclegg
2806 posts

Uber Geek
+1 received by user: 810

Trusted

  #1078549 2-Jul-2014 12:17
Send private message

itxtme:
dclegg:
sidefx: I think this thread is fair enough TBH.  Going to https://www.airnewzealand.co.nz/onesmart actually redirects you from https TO http :?   so the sign in then looks like the following. It does ultimately POST over https but still seems like pretty poor form from the point of view of educating users...


Posting over HTTPS from HTTP is not secure. Troy Hunt explains why.


How does he insert his logger code into the woolworths site? NVM he had access to the network proxy.  The chance of this actually happening???  Although I did see the comments regarding server performance is 1-2% according to google when they switched gmail to https only.  That in itself is an excellent argument to switching to SSL only!


Any Man-in-the-middle attack could make you vulnerable to this.

If you have any interest in web security at all, I'd recommend following what Troy has to say on the subject. He really knows his stuff. Here is his talk from this years Codemania conference.

richms
29105 posts

Uber Geek
+1 received by user: 10222

Trusted
Lifetime subscriber

  #1078573 2-Jul-2014 12:43
Send private message

If you are going to start using free wifi then the chances are quite high and will get higher as the entry barrier comes down more to doing this sort of thing.




Richard rich.ms

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright