Why do I get security warnings on this site?

see this thread

http://www.iceinspace.com.au/forum/showthread.php?t=171189

:question: Seems sloppy and lazy ! , when you read the linked thread .

Brian

If you’re not a website handlng financial transactions why bother???
Doesn’t mean anything.

Actually it does.

If you use the same password for IceinSpace as you do anything else I would seriously suggest you change it. I would even go as far as to say that you should ensure that it is not even remotely similar to any other password you use.

Additionally I would recommend that you not share any personal information that you wish to remain secure in PM's.

A lot of people consider a secured site as simply having an SSL certificate that verifies the site's identity. Whilst this is certainly the case it also allows the website to encrypt all information and traffic using the SSL protocol over port 443. Typically unsecured sites use port 80 and therefore utilise no encryption protocols. Not only is the data on the website typically stored in plain text and not encrypted the communications are also not encrypted and easily intercepted.

Free SSL certificates are available and whilst they do not provide the same level of verification as a paid for certificate (some certificates cost in to the $10's of thousands of dollars and carry very well recognised verification standards) they do provide the opportunity to encrypt the website and all communications between your browser and the website.

As I mentioned in my previous thread SSL has quickly become the norm. Consider that even google.com which is a simple web search engine has a verified SSL certificate and uses port 443.

Just a few observations...



Using different passwords on different sites is good practice regardless of whether you're interacting with a site that uses TLS/SSL. Plenty of sites using "secure" browser communication have been hacked by other means losing personal data, including encrypted and even clear text passwords.



Also good practice even on secured sites.




The port numbers used are irrelevant, only the protocol matters. Having a X.509 certificate and using TLS encryption over the wire also has nothing to do with how data is stored on the site. A site using secure communications can still store data in plain text on a poorly secured server.



Google is a company with a market cap of 723 billion US dollars...

It would be nice if IIS was updated to have a certificate now that browsers are complaining about it but in reality nothing has changed. The site is behaving exactly the same as it has for years. It's not a banking or e-commerce site so it's just not that big a deal. Even if it was using TLS I wouldn't be sharing any sensitive data in public or private messages.

Cheers,
Rick.