Film and Darkroom User

Film and Darkroom User (http://www.film-and-darkroom-user.org.uk/forum/index.php)
-   Help! (http://www.film-and-darkroom-user.org.uk/forum/forumdisplay.php?f=51)
-   -   FADU Site Security Question. (http://www.film-and-darkroom-user.org.uk/forum/showthread.php?t=12256)

Keith Tapscott. 22nd November 2018 12:13 PM

FADU Site Security Question.
 
I logged into FADU this morning using Google Chrome browser and a tab at the top of the page reads as 'Not secure'. When I clicked on the tab, a message come up as follows;

"Your connection to this site is not secure.
You should not enter any sensitive information on this site (for example, passwords or credit cards) because it could be stolen by attackers."

I logged in OK, but is there really a security problem with FADU?

Terry S 22nd November 2018 12:42 PM

I've also had this type of message on other sites that I've tried to look at, with them all not being the type I would normally worry about, but because of it, I have logged out from them straight away. Logging in again later and there's always been no problem. So it's not just on this site it happens. But why it does is a big question.

Terry S

Mike O'Pray 22nd November 2018 03:08 PM

I think it is triggered by the fact that FADU is not a https site so I think that entering financial details such as credit card numbers etc would not be sensible.

Mike

Bill 22nd November 2018 03:55 PM

I agree with Mike. I have seen this on a few sites suggesting they should all now be https if you put any personal or financial information in.
Bill

skellum 22nd November 2018 06:09 PM

I've just tried Explorer, which doesn't offer any warning, and Chrome: in Chrome the 'not secure ' message pops up in the address bar.
Can't think of a reason to be putting my card details into FADU anyhow, so I'm happy to continue visiting.

Bob 22nd November 2018 07:35 PM

Quote:

Originally Posted by Keith Tapscott. (Post 122243)
I logged into FADU this morning using Google Chrome browser and a tab at the top of the page reads as 'Not secure'. When I clicked on the tab, a message come up as follows;

"Your connection to this site is not secure.
You should not enter any sensitive information on this site (for example, passwords or credit cards) because it could be stolen by attackers."

I logged in OK, but is there really a security problem with FADU?

Nope - it is just a general warning from your browser (badly worded so it looks like the specific site has a problem when it does not - it is just a general warning when not using HTTPS). The main browsers want you to only use HTTPS sites - these use encrypted connections as mentioned by others in case you want to enter any important info (which this site never asks you for of course).

It's a bit of a "bolting the stable door" issue now as all this prevents is a man-in-the-middle attack, preventing anyone from connecting to your wifi for example and sniffing your internet traffic - as the connections are encrypted at both ends when you connect to a site using HTTPS, all they will see is apparently random data.

Unfortunately, that is a bit of a "last-year's problem" as the most common way for miscreants to get your details is to send you an email saying your paypal or bank account has a problem so you need to log in and fix it - and they conveniently provide a link in the email to help you. Of course, the link actually goes to a server under their control where you log in (you think) to your bank - so now they have your bank login details...

A more sophisticated way is if they can manage to load a bit of code on the real server that sends them the details as you log in - banks are generally too secure for this trick but other places like online stores have been hit.

There are loads of other ways, none of which are prevented by using HTTPS...

A more worrying error is if it says something about the site's security certificate not being correct - that might be an indication that the site is not what you think it is (or it may simply be someone messed up installing the certificate or accidentally let it expire :) )

Frankly, it has become a minefield...

Have fun, Bob.


All times are GMT. The time now is 02:03 AM.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.