Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
2625 posts

Uber Geek
+1 received by user: 607

Trusted

  Reply # 1078176 1-Jul-2014 19:32
3 people support this post
Send private message

sidefx: I think this thread is fair enough TBH.  Going to https://www.airnewzealand.co.nz/onesmart actually redirects you from https TO http :?   so the sign in then looks like the following. It does ultimately POST over https but still seems like pretty poor form from the point of view of educating users...


Posting over HTTPS from HTTP is not secure. Troy Hunt explains why.

3191 posts

Uber Geek
+1 received by user: 910

Trusted

  Reply # 1078178 1-Jul-2014 19:35
Send private message

dclegg: 
Posting over HTTPS from HTTP is not secure. Troy Hunt explains why.


Thanks, yeah, I thought there were issues with it too but didn't have time to look them up.

21450 posts

Uber Geek
+1 received by user: 4354

Trusted
Subscriber

  Reply # 1078192 1-Jul-2014 20:05
One person supports this post
Send private message

It comes down to the usability of the site winning over security of the site.

IMO if they allow a login form to be loaded over non SSL, they dont give a crap about security.




Richard rich.ms

BTR

1477 posts

Uber Geek
+1 received by user: 433


  Reply # 1078442 2-Jul-2014 09:46
Send private message

michaelmurfy: In terms of bad things happening for using this site, you have more of a chance of getting hax0red for your use of Internet Explorer.


I noticed that as well, using IE and complaining about security is almost asking for it haha.



1990 posts

Uber Geek
+1 received by user: 20

Trusted
Subscriber

  Reply # 1078445 2-Jul-2014 09:55
Send private message

My grumble was regarding encryption, not security. Encryption in this example is browser agnostic, and although encryption contributes to the security practice is not security in itself.

1622 posts

Uber Geek
+1 received by user: 275

Subscriber

  Reply # 1078547 2-Jul-2014 12:13
Send private message

dclegg:
sidefx: I think this thread is fair enough TBH.  Going to https://www.airnewzealand.co.nz/onesmart actually redirects you from https TO http :?   so the sign in then looks like the following. It does ultimately POST over https but still seems like pretty poor form from the point of view of educating users...


Posting over HTTPS from HTTP is not secure. Troy Hunt explains why.


How does he insert his logger code into the woolworths site? NVM he had access to the network proxy.  The chance of this actually happening???  Although I did see the comments regarding server performance is 1-2% according to google when they switched gmail to https only.  That in itself is an excellent argument to switching to SSL only!

2625 posts

Uber Geek
+1 received by user: 607

Trusted

  Reply # 1078549 2-Jul-2014 12:17
Send private message

itxtme:
dclegg:
sidefx: I think this thread is fair enough TBH.  Going to https://www.airnewzealand.co.nz/onesmart actually redirects you from https TO http :?   so the sign in then looks like the following. It does ultimately POST over https but still seems like pretty poor form from the point of view of educating users...


Posting over HTTPS from HTTP is not secure. Troy Hunt explains why.


How does he insert his logger code into the woolworths site? NVM he had access to the network proxy.  The chance of this actually happening???  Although I did see the comments regarding server performance is 1-2% according to google when they switched gmail to https only.  That in itself is an excellent argument to switching to SSL only!


Any Man-in-the-middle attack could make you vulnerable to this.

If you have any interest in web security at all, I'd recommend following what Troy has to say on the subject. He really knows his stuff. Here is his talk from this years Codemania conference.





21450 posts

Uber Geek
+1 received by user: 4354

Trusted
Subscriber

  Reply # 1078573 2-Jul-2014 12:43
Send private message

If you are going to start using free wifi then the chances are quite high and will get higher as the entry barrier comes down more to doing this sort of thing.





Richard rich.ms

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.