Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
2536 posts

Uber Geek
+1 received by user: 545

Trusted

  Reply # 1078176 1-Jul-2014 19:32
3 people support this post
Send private message

sidefx: I think this thread is fair enough TBH.  Going to https://www.airnewzealand.co.nz/onesmart actually redirects you from https TO http :?   so the sign in then looks like the following. It does ultimately POST over https but still seems like pretty poor form from the point of view of educating users...


Posting over HTTPS from HTTP is not secure. Troy Hunt explains why.

3079 posts

Uber Geek
+1 received by user: 845

Trusted

  Reply # 1078178 1-Jul-2014 19:35
Send private message

dclegg: 
Posting over HTTPS from HTTP is not secure. Troy Hunt explains why.


Thanks, yeah, I thought there were issues with it too but didn't have time to look them up.

 
 
 
 


20445 posts

Uber Geek
+1 received by user: 3905

Trusted
Subscriber

  Reply # 1078192 1-Jul-2014 20:05
One person supports this post
Send private message

It comes down to the usability of the site winning over security of the site.

IMO if they allow a login form to be loaded over non SSL, they dont give a crap about security.




Richard rich.ms

BTR

1371 posts

Uber Geek
+1 received by user: 364

Subscriber

  Reply # 1078442 2-Jul-2014 09:46
Send private message

michaelmurfy: In terms of bad things happening for using this site, you have more of a chance of getting hax0red for your use of Internet Explorer.


I noticed that as well, using IE and complaining about security is almost asking for it haha.



1982 posts

Uber Geek
+1 received by user: 19

Trusted
Subscriber

  Reply # 1078445 2-Jul-2014 09:55
Send private message

My grumble was regarding encryption, not security. Encryption in this example is browser agnostic, and although encryption contributes to the security practice is not security in itself.

1517 posts

Uber Geek
+1 received by user: 228

Subscriber

  Reply # 1078547 2-Jul-2014 12:13
Send private message

dclegg:
sidefx: I think this thread is fair enough TBH.  Going to https://www.airnewzealand.co.nz/onesmart actually redirects you from https TO http :?   so the sign in then looks like the following. It does ultimately POST over https but still seems like pretty poor form from the point of view of educating users...


Posting over HTTPS from HTTP is not secure. Troy Hunt explains why.


How does he insert his logger code into the woolworths site? NVM he had access to the network proxy.  The chance of this actually happening???  Although I did see the comments regarding server performance is 1-2% according to google when they switched gmail to https only.  That in itself is an excellent argument to switching to SSL only!

2536 posts

Uber Geek
+1 received by user: 545

Trusted

  Reply # 1078549 2-Jul-2014 12:17
Send private message

itxtme:
dclegg:
sidefx: I think this thread is fair enough TBH.  Going to https://www.airnewzealand.co.nz/onesmart actually redirects you from https TO http :?   so the sign in then looks like the following. It does ultimately POST over https but still seems like pretty poor form from the point of view of educating users...


Posting over HTTPS from HTTP is not secure. Troy Hunt explains why.


How does he insert his logger code into the woolworths site? NVM he had access to the network proxy.  The chance of this actually happening???  Although I did see the comments regarding server performance is 1-2% according to google when they switched gmail to https only.  That in itself is an excellent argument to switching to SSL only!


Any Man-in-the-middle attack could make you vulnerable to this.

If you have any interest in web security at all, I'd recommend following what Troy has to say on the subject. He really knows his stuff. Here is his talk from this years Codemania conference.





20445 posts

Uber Geek
+1 received by user: 3905

Trusted
Subscriber

  Reply # 1078573 2-Jul-2014 12:43
Send private message

If you are going to start using free wifi then the chances are quite high and will get higher as the entry barrier comes down more to doing this sort of thing.





Richard rich.ms

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Zealand government to create digital advisory group
Posted 16-Dec-2017 08:47


Australia datum changes means whole country moving 1.8 metres north-east
Posted 16-Dec-2017 08:39


UAV Traffic Management Trial launching today in New Zealand
Posted 12-Dec-2017 16:06


UFB connections pass 460,000
Posted 11-Dec-2017 11:26


The Warehouse Group to adopt IBM Cloud to support digital transformation
Posted 11-Dec-2017 11:22


Dimension Data peeks into digital business 2018
Posted 11-Dec-2017 10:55


2018 Cyber Security Predictions
Posted 7-Dec-2017 14:55


Global Govtech Accelerator to drive public sector innovation in Wellington
Posted 7-Dec-2017 11:21


Stuff Pix media strategy a new direction
Posted 7-Dec-2017 09:37


Digital transformation is dead
Posted 7-Dec-2017 09:31


Fake news and cyber security
Posted 7-Dec-2017 09:27


Dimension Data New Zealand strengthens cybersecurity practice
Posted 5-Dec-2017 20:27


Epson NZ launches new Expression Premium Photo range
Posted 5-Dec-2017 20:26


Eventbrite and Twickets launch integration partnership in Australia and New Zealand
Posted 5-Dec-2017 20:23


New Fujifilm macro lens lands in New Zealand
Posted 5-Dec-2017 20:16



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.