Support our Sponsors, they keep FADU free:   AG Photographic   Keyphoto   The Imaging Warehouse   Process Supplies   RH Designs   RK Photo   Second-hand Darkroom Supplies   Silverprint Ltd

Notices

Go Back   Film and Darkroom User > Site Forums > Help!

  ***   Click here for the FADU 2015/2014 Yearbooks   ***

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 22nd November 2018, 11:13 AM
Keith Tapscott.'s Avatar
Keith Tapscott. Keith Tapscott. is offline
Friend
 
Join Date: Jun 2009
Posts: 1,006
Question FADU Site Security Question.

I logged into FADU this morning using Google Chrome browser and a tab at the top of the page reads as 'Not secure'. When I clicked on the tab, a message come up as follows;

"Your connection to this site is not secure.
You should not enter any sensitive information on this site (for example, passwords or credit cards) because it could be stolen by attackers."

I logged in OK, but is there really a security problem with FADU?
Reply With Quote
  #2  
Old 22nd November 2018, 11:42 AM
Terry S Terry S is offline
Friend
 
Join Date: Dec 2011
Location: Southend on Sea, Essex, England UK
Posts: 3,181
Default

I've also had this type of message on other sites that I've tried to look at, with them all not being the type I would normally worry about, but because of it, I have logged out from them straight away. Logging in again later and there's always been no problem. So it's not just on this site it happens. But why it does is a big question.

Terry S
Reply With Quote
  #3  
Old 22nd November 2018, 02:08 PM
Mike O'Pray Mike O'Pray is offline
Friend
 
Join Date: Oct 2008
Location: Daventry, Northants
Posts: 8,439
Default

I think it is triggered by the fact that FADU is not a https site so I think that entering financial details such as credit card numbers etc would not be sensible.

Mike
Reply With Quote
  #4  
Old 22nd November 2018, 02:55 PM
Bill's Avatar
Bill Bill is online now
Moderator & Keeper of the Calendar
 
Join Date: Sep 2008
Location: Barrow - in - Furness
Posts: 1,756
Default

I agree with Mike. I have seen this on a few sites suggesting they should all now be https if you put any personal or financial information in.
Bill
Reply With Quote
  #5  
Old 22nd November 2018, 05:09 PM
skellum's Avatar
skellum skellum is offline
Friend
 
Join Date: Dec 2011
Location: Isle of Lewis
Posts: 1,330
Default

I've just tried Explorer, which doesn't offer any warning, and Chrome: in Chrome the 'not secure ' message pops up in the address bar.
Can't think of a reason to be putting my card details into FADU anyhow, so I'm happy to continue visiting.
Reply With Quote
  #6  
Old 22nd November 2018, 06:35 PM
Bob's Avatar
Bob Bob is offline
Administrator
 
Join Date: Aug 2008
Location: London(ish)
Posts: 2,575
Default

Quote:
Originally Posted by Keith Tapscott. View Post
I logged into FADU this morning using Google Chrome browser and a tab at the top of the page reads as 'Not secure'. When I clicked on the tab, a message come up as follows;

"Your connection to this site is not secure.
You should not enter any sensitive information on this site (for example, passwords or credit cards) because it could be stolen by attackers."

I logged in OK, but is there really a security problem with FADU?
Nope - it is just a general warning from your browser (badly worded so it looks like the specific site has a problem when it does not - it is just a general warning when not using HTTPS). The main browsers want you to only use HTTPS sites - these use encrypted connections as mentioned by others in case you want to enter any important info (which this site never asks you for of course).

It's a bit of a "bolting the stable door" issue now as all this prevents is a man-in-the-middle attack, preventing anyone from connecting to your wifi for example and sniffing your internet traffic - as the connections are encrypted at both ends when you connect to a site using HTTPS, all they will see is apparently random data.

Unfortunately, that is a bit of a "last-year's problem" as the most common way for miscreants to get your details is to send you an email saying your paypal or bank account has a problem so you need to log in and fix it - and they conveniently provide a link in the email to help you. Of course, the link actually goes to a server under their control where you log in (you think) to your bank - so now they have your bank login details...

A more sophisticated way is if they can manage to load a bit of code on the real server that sends them the details as you log in - banks are generally too secure for this trick but other places like online stores have been hit.

There are loads of other ways, none of which are prevented by using HTTPS...

A more worrying error is if it says something about the site's security certificate not being correct - that might be an indication that the site is not what you think it is (or it may simply be someone messed up installing the certificate or accidentally let it expire )

Frankly, it has become a minefield...

Have fun, Bob.
Reply With Quote
Reply
Support our Sponsors, they keep FADU free:   AG Photographic   Keyphoto   The Imaging Warehouse   Process Supplies   RH Designs   RK Photo   Second-hand Darkroom Supplies   Silverprint Ltd

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
FADU site insecure? Mike O'Pray News and Announcements 23 13th January 2018 09:47 AM
Security Richard L Photography in general 36 20th August 2010 06:01 PM
Agfa APX400S security film PMarkey Monochrome Film 5 27th December 2008 10:57 PM


All times are GMT. The time now is 10:59 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.