Thread: Hacking Threat
View Single Post
  #10  
Old 01-06-2021, 09:36 PM
gary
Registered User

gary is offline 		 
Join Date: Apr 2005
Location: Mt. Kuring-Gai
Posts: 5,999
Quote:
Originally Posted by PeterM View Post
Thanks for this Al,

The site is Not Secure, so I am left wondering does this make it more attractive to hackers? I don't know so maybe someone in the know can explain to members just exactly what the potential issues might be?
If IceMan has no intention of making it secure then what does that mean for IIS long term? Well someone had to ask the question.....
Hi Peter,

When you see the "Not Secure" message and an open padlock icon
next to the URL field on your browser, it means you accessed it
via a URL of the form http://www.iceinspace.com.au

If you have an existing bookmark, you might want to edit it to
be of the form https://www.iceinspace.com.au

As TrevorW pointed out, HTTPS stands for HTTP Secure.

So, what, you may ask, does accessing the site using https do?

Unfortunately, not all the magic you may have been hoping.
The browser's use of the term "Not Secure" and its implied opposite,
"Secure", are somewhat of a misnomer.

And this applies to all web sites, not just IceInSpace.

Back at the server there is a digital certificate that has been signed by a
"trusted" certification authority (CA).

In a nutshell, when you enter https://www.iceinspace.com, your browser
requests the certificate and it checks that, indeed, the certificate
corresponds to https://www.iceinspace.com and not some other web site.

In a similar vain, if you intentionally go to a hypothetical web site called
https://nastywebsite.com that exploits a security flaw in the browser,
if that web site also has a valid certificate for https://nastywebsite.com
that is signed by a "trusted" CA, then your browser will show it too
is "Secure".

So beware.

When running the https protocol, the communications between you
and the web site are encrypted to try and prevent a "man-in-the-middle"
attack.

However, if, for example, someone has installed a key logger on your
computer through some other piece of malware, encryption isn't
going to do you much good, because they are logging the key presses
before they are encrypted.

Additionally, if a web site itself has a security flaw, for example some
way to access the member database and edit the passwords, then
whether you run http or https matters not.

I like to think of those browser padlock icons like the "Sanitised For
Your Protection" paper bands they leave on hotel toilet seats.
From a professional computer science perspective, they don't mean s**t.
Attached Thumbnails
Click for full-size image (santized.jpg)
61.0 KB30 views
Last edited by gary; 01-06-2021 at 11:55 PM.
Reply With Quote