#1  
Old 02-11-2018, 02:34 PM
astroron's Avatar
astroron (Ron)
Supernova Searcher

astroron is offline
 
Join Date: Mar 2005
Location: Cambroon Queensland Australia
Posts: 9,313
Not Secure?

Since when has iceinspace.com.au become "not secure"
The HTTPS has disappeared
I have tried to reload it from google and it still comes up in the address bar as not secure
Reply With Quote
  #2  
Old 02-11-2018, 02:41 PM
nsavage (Nick)
Registered User

nsavage is offline
 
Join Date: Aug 2018
Location: Adelaide
Posts: 87
Google changed the way Chrome worked to better highlight sites that are not using SSL (HTTPS, Port 443). I do not know if Ice In Space historically used a SSL certificate but it currently does not. Hence it shows as "Not Secure".
Reply With Quote
  #3  
Old 02-11-2018, 03:55 PM
RB's Avatar
RB (Andrew)
Moderator

RB is offline
 
Join Date: Aug 2005
Posts: 25,732
Quote:
Originally Posted by astroron View Post
Since when has iceinspace.com.au become "not secure"
Ron it hasn't been secure since Lewis joined on 24-08-2012.

Reply With Quote
  #4  
Old 02-11-2018, 04:07 PM
Merlin66's Avatar
Merlin66 (Ken)
Registered User

Merlin66 is offline
 
Join Date: Oct 2005
Location: Junortoun Vic
Posts: 8,904
Looking at Crazy Domains who look after my webpage....they can add SSL from $24 to $180 per year.
https://www.crazydomains.com.au/ssl-certificates/
Reply With Quote
  #5  
Old 02-11-2018, 04:22 PM
nsavage (Nick)
Registered User

nsavage is offline
 
Join Date: Aug 2018
Location: Adelaide
Posts: 87
Without going in to too many details it is actually possible to get a free SSL certificate. Free certificates are usually only valid for 90 days however it is also possible to automate renewal.
Reply With Quote
  #6  
Old 02-11-2018, 06:55 PM
astroron's Avatar
astroron (Ron)
Supernova Searcher

astroron is offline
 
Join Date: Mar 2005
Location: Cambroon Queensland Australia
Posts: 9,313
Quote:
Originally Posted by RB View Post
Ron it hasn't been secure since Lewis joined on 24-08-2012.

If it's not secure then I will have to think really hard about
remaining on iceinspace.com.au.

PS why was the security tab removed??????
Reply With Quote
  #7  
Old 02-11-2018, 08:44 PM
PCH's Avatar
PCH (Paul)
Registered User

PCH is offline
 
Join Date: Feb 2007
Location: Perth WA
Posts: 2,296
You can get a free SSL cert from most hostile providers and it’s easy as pie to set up. Ron, whether it’s secure or not won’t affect us as users of the site in any way. SSL is really just a way of allowing online (financial) transactions To be carried out safely by encrypting the sensitive data. So for sites like IIS where you’re just reading stuff, it doesn’t matter a jot!
Reply With Quote
  #8  
Old 02-11-2018, 08:45 PM
RickS's Avatar
RickS (Rick)
PI cult recruiter

RickS is offline
 
Join Date: Apr 2010
Location: Brisbane
Posts: 10,584
Quote:
Originally Posted by astroron View Post
If it's not secure then I will have to think really hard about remaining on iceinspace.com.au.
Ron,

What your browser is telling you is that you don't have an encrypted connection to the IIS web site. The data that you see when you look at a forum post was sent to you in clear text. If this was an internet banking site that would be something to worry about. On an astro forum I think the potential for mischief is pretty limited and I'm not particularly worried about it...

Cheers,
Rick.
Reply With Quote
  #9  
Old 02-11-2018, 09:01 PM
LewisM's Avatar
LewisM
Novichok test rabbit

LewisM is offline
 
Join Date: Aug 2012
Location: Somewhere in the cosmos...
Posts: 10,388
Quote:
Originally Posted by RB View Post
Ron it hasn't been secure since Lewis joined on 24-08-2012.

I am a hack hacker, so I wouldn't worry.

I managed to get Mike Sidonio's bank details and sell them to the Dutch Antilles Mafia, but they said they already had enough debt...

Hmmm, 24-08-12...6th wedding anniversary...mustn't have been doing anything worthwhile
Reply With Quote
  #10  
Old 02-11-2018, 09:11 PM
Zuts
Registered User

Zuts is offline
 
Join Date: Mar 2007
Location: sydney
Posts: 1,830
Hi,

Unlikely, but since it is not encrypted and assuming you are on wireless to your router, your next door neighbour or someone in a car out the front of your house can look at what you are sending to IIS, grab your password and id and then change it and impersonate you.

They could also intercept bank account details, and postal addresses when you send a pm to someone offering to pay someone for something you bought off iceinspace.

Just saying.....

p.s of course you could provide your own security via a vpn.
Reply With Quote
  #11  
Old 02-11-2018, 09:15 PM
LewisM's Avatar
LewisM
Novichok test rabbit

LewisM is offline
 
Join Date: Aug 2012
Location: Somewhere in the cosmos...
Posts: 10,388
Quote:
Originally Posted by Zuts View Post
Hi,



p.s of course you could provide your own security via a vpn.
Yup, I "dial in" from A different country every time

I am currently in Macedonia
Reply With Quote
  #12  
Old 02-11-2018, 09:22 PM
Zuts
Registered User

Zuts is offline
 
Join Date: Mar 2007
Location: sydney
Posts: 1,830
Quote:
Originally Posted by LewisM View Post
Yup, I "dial in" from A different country every time

I am currently in Macedonia
I don't bother but

https://www.expressvpn.com/blog/non-...ed-http-sites/

or maybe IIS should move to the dark web
Reply With Quote
  #13  
Old 02-11-2018, 09:50 PM
GrahamL's Avatar
GrahamL
pro lumen

GrahamL is offline
 
Join Date: Jun 2006
Location: ballina
Posts: 3,263
Quote:
Ron it hasn't been secure since Lewis joined on 24-08-2012.



Great answer to a reasonable ask ?
Reply With Quote
  #14  
Old 02-11-2018, 10:24 PM
astroron's Avatar
astroron (Ron)
Supernova Searcher

astroron is offline
 
Join Date: Mar 2005
Location: Cambroon Queensland Australia
Posts: 9,313
No one has answered the question, why the security was removed?
In a world were Cyber security is a must,it seems strange to reduce security not increase it.?
The part of my post suggesting I may leave IIS was partly done with tongue
in cheek,but the main question was in my opinion legitimate.
Reply With Quote
  #15  
Old 02-11-2018, 10:30 PM
Zuts
Registered User

Zuts is offline
 
Join Date: Mar 2007
Location: sydney
Posts: 1,830
Quote:
Originally Posted by astroron View Post
No one has answered the question, why the security was removed?
In a world were Cyber security is a must,it seems strange to reduce security not increase it.?
The part of my post suggesting I may leave IIS was partly done with tongue
in cheek,but the main question was in my opinion legitimate.
The security was never removed. It was never there in the first place. Google has decided that if you browse to a site that does not use ssl it will tell you by placing the words Not Secure in the browser bar. In a similar way if the site does use ssl they will place a padlock in the browser bar, informing you the the browser will encrypt your data stream.

They are simply telling you that the site does not encrypt your data stream and consequently that anyone can eavesdrop what you type and send to the site, no one has changed anything.

The padlock also tells you that the website you are browsing is in fact IIS (if it used SSL) and not some dodgy mirrored site in the Dutch Antilles that has hijacked your browser

At the end of the day, I wouldn't worry, as others have said it's not a banking site, and IIS does not have enough traffic to be a great target for hackers, and I trust my neighbours. However in this day and age its basic internet sanitation to secure your site.

Note the CloudyNights url https://www.cloudynights.com/ it is https not http so it is secure; and so google displays a padlock.


EDIT: I am not advertising CloudyNights just trying to explain something to Ron, hope I havn't breached TOS

Cheers
Paul

Last edited by Zuts; 02-11-2018 at 11:04 PM.
Reply With Quote
  #16  
Old 02-11-2018, 11:29 PM
glend (Glen)
Registered User

glend is offline
 
Join Date: Jun 2013
Location: Lake Macquarie
Posts: 7,033
Quote:
Originally Posted by RB View Post
Ron it hasn't been secure since Lewis joined on 24-08-2012.

Classic
Reply With Quote
  #17  
Old 03-11-2018, 07:36 AM
astroron's Avatar
astroron (Ron)
Supernova Searcher

astroron is offline
 
Join Date: Mar 2005
Location: Cambroon Queensland Australia
Posts: 9,313
I thought ISS had the HTTPS to show it was secure?
Reply With Quote
  #18  
Old 03-11-2018, 08:01 AM
RickS's Avatar
RickS (Rick)
PI cult recruiter

RickS is offline
 
Join Date: Apr 2010
Location: Brisbane
Posts: 10,584
Quote:
Originally Posted by Zuts View Post
anyone can eavesdrop what you type and send to the site
Mounting a man-in-the-middle attack is not entirely trivial, so perhaps it would be better to say thay "someone" could eavesdrop

Quote:
Originally Posted by astroron View Post
I thought ISS had the HTTPS to show it was secure?
Nup, Ron. The only thing that changed is that your browser has started to complain. We've all been using IIS insecurely for years and it hasn't killed us
Reply With Quote
  #19  
Old 03-11-2018, 09:06 AM
multiweb's Avatar
multiweb (Marc)
ze frogginator

multiweb is offline
 
Join Date: Oct 2007
Location: Sydney
Posts: 22,060
I'm also disappointed that the lock doesn't mean anything. It used to be gold too.
Reply With Quote
  #20  
Old 03-11-2018, 10:16 AM
nsavage (Nick)
Registered User

nsavage is offline
 
Join Date: Aug 2018
Location: Adelaide
Posts: 87
It seriously is not hard to implement a free SSL cert and secure the site. HTTPS has become the norm for websites and IMO should be implemented.

For anyone that uses the same username and password to login to IceInSpace as they do other websites I would seriously consider changing it.
Reply With Quote
Reply

Bookmarks

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +10. The time is now 09:11 PM.

Powered by vBulletin Version 3.8.7 | Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Advertisement
Bintel
Advertisement
Testar
Advertisement