Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
dclegg
2743 posts

Uber Geek

Trusted
Subscriber

  #1078176 1-Jul-2014 19:32
Send private message

sidefx: I think this thread is fair enough TBH.  Going to https://www.airnewzealand.co.nz/onesmart actually redirects you from https TO http :?   so the sign in then looks like the following. It does ultimately POST over https but still seems like pretty poor form from the point of view of educating users...


Posting over HTTPS from HTTP is not secure. Troy Hunt explains why.

sidefx
3500 posts

Uber Geek

Trusted

  #1078178 1-Jul-2014 19:35
Send private message

dclegg: 
Posting over HTTPS from HTTP is not secure. Troy Hunt explains why.


Thanks, yeah, I thought there were issues with it too but didn't have time to look them up.




"I was born not knowing and have had only a little time to change that here and there."         | Electric Kiwi | Sharesies
              - Richard Feynman


 
 
 
 


richms
23597 posts

Uber Geek

Trusted
Subscriber

  #1078192 1-Jul-2014 20:05
Send private message

It comes down to the usability of the site winning over security of the site.

IMO if they allow a login form to be loaded over non SSL, they dont give a crap about security.




Richard rich.ms

BTR

BTR
1522 posts

Uber Geek


  #1078442 2-Jul-2014 09:46
Send private message

michaelmurfy: In terms of bad things happening for using this site, you have more of a chance of getting hax0red for your use of Internet Explorer.


I noticed that as well, using IE and complaining about security is almost asking for it haha.

lyonrouge

1993 posts

Uber Geek

Trusted
Lifetime subscriber

  #1078445 2-Jul-2014 09:55
Send private message

My grumble was regarding encryption, not security. Encryption in this example is browser agnostic, and although encryption contributes to the security practice is not security in itself.

itxtme
1774 posts

Uber Geek

Subscriber

  #1078547 2-Jul-2014 12:13
Send private message

dclegg:
sidefx: I think this thread is fair enough TBH.  Going to https://www.airnewzealand.co.nz/onesmart actually redirects you from https TO http :?   so the sign in then looks like the following. It does ultimately POST over https but still seems like pretty poor form from the point of view of educating users...


Posting over HTTPS from HTTP is not secure. Troy Hunt explains why.


How does he insert his logger code into the woolworths site? NVM he had access to the network proxy.  The chance of this actually happening???  Although I did see the comments regarding server performance is 1-2% according to google when they switched gmail to https only.  That in itself is an excellent argument to switching to SSL only!

dclegg
2743 posts

Uber Geek

Trusted
Subscriber

  #1078549 2-Jul-2014 12:17
Send private message

itxtme:
dclegg:
sidefx: I think this thread is fair enough TBH.  Going to https://www.airnewzealand.co.nz/onesmart actually redirects you from https TO http :?   so the sign in then looks like the following. It does ultimately POST over https but still seems like pretty poor form from the point of view of educating users...


Posting over HTTPS from HTTP is not secure. Troy Hunt explains why.


How does he insert his logger code into the woolworths site? NVM he had access to the network proxy.  The chance of this actually happening???  Although I did see the comments regarding server performance is 1-2% according to google when they switched gmail to https only.  That in itself is an excellent argument to switching to SSL only!


Any Man-in-the-middle attack could make you vulnerable to this.

If you have any interest in web security at all, I'd recommend following what Troy has to say on the subject. He really knows his stuff. Here is his talk from this years Codemania conference.





 
 
 
 


richms
23597 posts

Uber Geek

Trusted
Subscriber

  #1078573 2-Jul-2014 12:43
Send private message

If you are going to start using free wifi then the chances are quite high and will get higher as the entry barrier comes down more to doing this sort of thing.





Richard rich.ms

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic




News »

Amazon introduces new Echo devices
Posted 25-Sep-2020 11:56


Mad Catz introduces new S.T.R.I.K.E. 13 Mechanical Gaming Keyboard
Posted 25-Sep-2020 11:34


Vodafone NZ upgrades international submarine network
Posted 25-Sep-2020 09:09


Jabra announces wireless noise-cancelling airbuds, upgrade existing model
Posted 24-Sep-2020 14:43


Nokia 3.4 to be available in New Zealand
Posted 24-Sep-2020 14:34


HP announces new HP ENVY laptops aimed at content creators
Posted 24-Sep-2020 14:02


Logitech introduce MX Anywhere 3
Posted 21-Sep-2020 21:17


Countdown unveils contactless shopping with new Scan&Go tech
Posted 21-Sep-2020 09:48


HP unveils new innovations for businesses adapting to rapidly evolving workstyles and workforces
Posted 17-Sep-2020 15:36


GoPro launches new HERO9 Black camera
Posted 17-Sep-2020 09:45


Telecommunications industry launches new 5G Facts website
Posted 17-Sep-2020 07:56


New Zealand ranks 3rd in world in GSMA index
Posted 15-Sep-2020 10:13


Trend Micro Security Suite adds web monitoring to prevent identity theft
Posted 14-Sep-2020 15:37


NVIDIA to acquire Arm for US$ 40 billion
Posted 14-Sep-2020 12:27


Epson launches its next gen A3+ colour EcoTank multi-function printer
Posted 10-Sep-2020 16:08



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.