Home News Forum Articles
  Welcome back Join CF
You are here You are here: Home | Forum | http - how secure is it?

You are currently viewing our boards as a guest which gives you limited access to view most of the discussions, articles and other free features. By joining our Virgin Media community you will have full access to all discussions, be able to view and post threads, communicate privately with other members (PM), respond to polls, upload your own images/photos, and access many other special features. Registration is fast, simple and absolutely free so please join our community today.


Welcome to Cable Forum
Go Back   Cable Forum > Computers & IT > Internet Discussion

http - how secure is it?
Reply
 
Thread Tools
Old 28-09-2021, 17:14   #31
Paul
Dr Pepper Addict
Cable Forum Team
 
Paul's Avatar
 
Join Date: Oct 2003
Location: Nottingham
Age: 61
Services: Flextel SIP : Sky Mobile : Sky Q TV : VM BB (1000 Mbps) : Aquiss FTTP (330 Mbps)
Posts: 27,615
Paul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered stars
Paul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered stars
Re: http - how secure is it?

Quote:
Originally Posted by tweetiepooh View Post
Mostly not a problem but the software we use in one case only allows one name in the Alt DNS names so we have to put main site name in. Now add we have multiple domains as well and it all gets fun if you want to make it easy to access site(s).
Then you need better software.
Alt names are not new, so restricting them to just one will always have been a ridiculous thing to do.

---------- Post added at 16:14 ---------- Previous post was at 16:09 ----------

Quote:
Originally Posted by MikeyB View Post
Of course that is an extreme example, but today, what benefit is there for a site not running https?
Generally, very little, but then I havent said it anything about that.
My point has clearly been that its not always necessary, and browsers mislead people with their FUD & warnings.
Benefit wise, their is the obvious one of not having to deal with certificates, possibly speed on very old devices, other than that, not much really.
__________________

Baby, I was born this way.
Paul is offline   Reply With Quote
Advertisement
Old 28-09-2021, 18:44   #32
Rillington
cf.mega poster
 
Join Date: Jan 2004
Services: Virgin Media, DAB
Posts: 1,134
Rillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation era
Re: http - how secure is it?

Quote:
Originally Posted by MikeyB View Post
Which is NOT secure!

ANY site running on http can be intercepted and the contents of the site changed before it gets to your browser, https prevents this happening.
Of course, https encrypts all traffic between your browser & the server, so for example your password & any form you fill in, cannot be snooped upon.

But as others have said, https does not mean that the site itself is safe or secure, it's the connection to/from the server.
Thank you for the reply Mike.

So are you saying that there is a higher risk of browsing/downloading content from a site that does not use https?

---------- Post added at 17:44 ---------- Previous post was at 17:42 ----------

Quote:
Originally Posted by Paul View Post
Generally, very little, but then I havent said it anything about that.
My point has clearly been that its not always necessary, and browsers mislead people with their FUD & warnings.
Benefit wise, their is the obvious one of not having to deal with certificates, possibly speed on very old devices, other than that, not much really.
But you're saying is that it makes little difference to site users as to whether the site has https?
Rillington is offline   Reply With Quote
Old 28-09-2021, 18:47   #33
Jaymoss
Just a Geek
 
Join Date: Jul 2015
Posts: 3,559
Jaymoss has a bronzed appealJaymoss has a bronzed appeal
Jaymoss has a bronzed appealJaymoss has a bronzed appealJaymoss has a bronzed appealJaymoss has a bronzed appealJaymoss has a bronzed appealJaymoss has a bronzed appealJaymoss has a bronzed appealJaymoss has a bronzed appealJaymoss has a bronzed appealJaymoss has a bronzed appealJaymoss has a bronzed appealJaymoss has a bronzed appealJaymoss has a bronzed appealJaymoss has a bronzed appealJaymoss has a bronzed appeal
Re: http - how secure is it?

any site can be exploited which in turn could compromise your devices no matter what protocol it uses HTTP, HTTPS, FTP, NNTP and so on
Jaymoss is online now   Reply With Quote
Old 28-09-2021, 19:33   #34
Itshim
Do I care what you think
 
Itshim's Avatar
 
Join Date: Jul 2006
Location: Cardiff South Wales
Age: 73
Services: V6 ,Virgin L. Phone Broadband.sky go Netflix
Posts: 4,255
Itshim has a bronzed appealItshim has a bronzed appeal
Itshim has a bronzed appealItshim has a bronzed appealItshim has a bronzed appealItshim has a bronzed appealItshim has a bronzed appealItshim has a bronzed appealItshim has a bronzed appealItshim has a bronzed appealItshim has a bronzed appealItshim has a bronzed appealItshim has a bronzed appealItshim has a bronzed appealItshim has a bronzed appealItshim has a bronzed appealItshim has a bronzed appealItshim has a bronzed appealItshim has a bronzed appealItshim has a bronzed appealItshim has a bronzed appealItshim has a bronzed appeal
Re: http - how secure is it?

Quote:
Originally Posted by Jaymoss View Post
I think you need to run a few scans

Run one from bitdefender, run one from an online scan such as eset

download and install RKill https://www.bleepingcomputer.com/download/rkill/ and run this program. This will stop any processes that might be malware and block deletion if required. Then download and install malwarebytes and run a scan with that

I have a feeling something else is causing your flags

---------- Post added at 12:13 ---------- Previous post was at 12:12 ----------



I personally think they are flagging warnings where other users are not because the system could be compromised
My Tec * has gone back to uni, won't say what she said when it was happening on kespasky , put on work around ,as she could not see any information hold by cf that couldn't be found easily . * Doing a PhD in some that l have no idea what it intails by is about programming. She and some others are coming for Thanksgiving ,still not happy about going back and fore yet
__________________
No point in being pessimistic. You know it won`t work.
Itshim is offline   Reply With Quote
Old 28-09-2021, 22:15   #35
Dude111
An Awesome Dude
 
Join Date: Mar 2009
Posts: 3,813
Dude111 has a bronzed appealDude111 has a bronzed appeal
Dude111 has a bronzed appealDude111 has a bronzed appealDude111 has a bronzed appealDude111 has a bronzed appealDude111 has a bronzed appealDude111 has a bronzed appealDude111 has a bronzed appealDude111 has a bronzed appeal
Quote:
Originally Posted by MikeyB
And herein lies your issue with https, you are using an unsupported & insecure browser on an unsupported & insecure OS, not much anyone apart from you can do about that.
But I just think its silly to block HTTP.. Its just scare mongering when we have been using HTTP all along and have been fine.....

This message on tapeheads speaks loudly of this

www.tapeheads.net/showthread.php?t=59798

Although he does have an SSL cert now but not many use it.
Dude111 is offline   Reply With Quote
Old 29-09-2021, 06:26   #36
Paul
Dr Pepper Addict
Cable Forum Team
 
Paul's Avatar
 
Join Date: Oct 2003
Location: Nottingham
Age: 61
Services: Flextel SIP : Sky Mobile : Sky Q TV : VM BB (1000 Mbps) : Aquiss FTTP (330 Mbps)
Posts: 27,615
Paul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered stars
Paul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered stars
Re: http - how secure is it?

Quote:
Originally Posted by Rillington View Post
But you're saying is that it makes little difference to site users as to whether the site has https?
Generally, that would be the case. Technically, the site will be slower, but you probably wont notice.
The most issues you would get are if your browser is old(er) and cannot handle the later SSL (TLS) versions that are now in use.

Most sites (inc CF) now disable SSLv2, SSLv3, and TLS 1.0.
Indeed, most modern browsers dont support them now either.
TLS 1.1 & 1.2 are the most common (1.1 is old now, but most sites still support it).

TLS 1.3 is the latest version, but is still not supported by many sites.

Quote:
Originally Posted by Dude111 View Post
But I just think its silly to block HTTP.. Its just scare mongering when we have been using HTTP all along and have been fine......
We are perfectly aware of what you think.
Its not, and you're wrong, and pretty much everyone will move to using it.
Regardless of the FUD, and whether its always strictly necessary, there are no significant downsides to using it.

http hasnt been an option here since Jan 2018, and that wont ever change.
__________________

Baby, I was born this way.
Paul is offline   Reply With Quote
Old 29-09-2021, 13:07   #37
MikeyB
cf.geek
 
MikeyB's Avatar
 
Join Date: Jun 2003
Location: Swindon
Age: 52
Services: BT FTTP, Humax Foxsat HDR Freesat+
Posts: 810
MikeyB has much to be proud ofMikeyB has much to be proud ofMikeyB has much to be proud ofMikeyB has much to be proud ofMikeyB has much to be proud ofMikeyB has much to be proud ofMikeyB has much to be proud ofMikeyB has much to be proud ofMikeyB has much to be proud ofMikeyB has much to be proud of
Re: http - how secure is it?

Quote:
Originally Posted by Rillington View Post
Thank you for the reply Mike.

So are you saying that there is a higher risk of browsing/downloading content from a site that does not use https?
No, HTTPS does not mean the contents (or the coding/backend security) of the site is any more secure than a site without HTTPS, they are two separate things completely.

HTTPS means that the data sent between your browser & the website is encrypted so no one else can snoop on it or tamper with it before it gets to you.

I would be wary of completing any form on a site with just HTTP as anything you put in is sent back to the server in text exactly as you put on the form. HTTPS will encrypt this.

---------- Post added at 12:07 ---------- Previous post was at 11:54 ----------

Quote:
Originally Posted by Dude111 View Post
But I just think its silly to block HTTP.. Its just scare mongering when we have been using HTTP all along and have been fine.....

This message on tapeheads speaks loudly of this

www.tapeheads.net/showthread.php?t=59798

Although he does have an SSL cert now but not many use it.
What absolute nonsense, there is no scare mongering about HTTPS.
HTTP is in no way secure, everything is sent in plain text, whereas HTTPS encrypts data, it's as simple as that.

As for that post you link to on tapeheads, I really don't know what to say.
First goes on about "compromise of your computer" well if your computer is compromised, HTTPS will not help you!

"At Tapeheads, everything you send and everything you receive is handled in plain, unencrypted text." well yes, if you don't use HTTPS then everything is transmitted & received unencrypted.

"We don't run a secure connection to users because we don't need to" so why do they have HTTPS as well now, and why are they not redirecting HTTP to HTTPS?

"Enabling an https connection adds overhead and complexity that's just not of any benefit whatsoever to anyone." No it doesn't, get a certificate (can be got for free) add it to your hosting, and setup an HTTP to HTTPS redirect, and it's a benefit to everyone

"The only possible ramification of this is that if a user is subject to a man-in-the-middle exploit, their login might be compromised" So they don't care if your login details get stolen whilst logging in, great site! one to stay away from!

And finally "secure connections break this version of vBulletin" Um, so update your software, easy!
MikeyB is offline   Reply With Quote
Old 29-09-2021, 21:04   #38
Rillington
cf.mega poster
 
Join Date: Jan 2004
Services: Virgin Media, DAB
Posts: 1,134
Rillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation era
Re: http - how secure is it?

Quote:
Originally Posted by MikeyB View Post
No, HTTPS does not mean the contents (or the coding/backend security) of the site is any more secure than a site without HTTPS, they are two separate things completely.

HTTPS means that the data sent between your browser & the website is encrypted so no one else can snoop on it or tamper with it before it gets to you.

I would be wary of completing any form on a site with just HTTP as anything you put in is sent back to the server in text exactly as you put on the form. HTTPS will encrypt this.
Thank you for your reply.

Basically, what you are saying, if I am correct, is that there is no increased risk by just downloading/streaming from a site which does not have https.
Rillington is offline   Reply With Quote
Old 30-09-2021, 13:21   #39
tweetiepooh
Virgin Media Employee
 
tweetiepooh's Avatar
 
Join Date: Sep 2005
Location: Winchester
Services: Staff MyRates BB: VM XXL TV: VM XL Phone : VM XL
Posts: 3,107
tweetiepooh has a bronzed appealtweetiepooh has a bronzed appeal
tweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appeal
Re: http - how secure is it?

To Paul,
It takes a long time for big companies to update stuff especially in my arena. It's only the inbuilt CSR generation that's like that, we can use the underlying tools to put more names in. The issue though is the change to needing the main site name in the Alt DNS list


To Rillington
The risk is that the site may not be the one you think it is as part of HTTPS is authenticating the site as well as encrypting the data. True not many people carefully check certificates but you could.
__________________
I work for VMO2 but reply here in my own right. Any help or advice is made on a best-effort basis. No comments construe any obligation on VMO2 or its employees.
tweetiepooh is offline   Reply With Quote
Old 30-09-2021, 14:21   #40
MikeyB
cf.geek
 
MikeyB's Avatar
 
Join Date: Jun 2003
Location: Swindon
Age: 52
Services: BT FTTP, Humax Foxsat HDR Freesat+
Posts: 810
MikeyB has much to be proud ofMikeyB has much to be proud ofMikeyB has much to be proud ofMikeyB has much to be proud ofMikeyB has much to be proud ofMikeyB has much to be proud ofMikeyB has much to be proud ofMikeyB has much to be proud ofMikeyB has much to be proud ofMikeyB has much to be proud of
Re: http - how secure is it?

Quote:
Originally Posted by Rillington View Post
Thank you for your reply.

Basically, what you are saying, if I am correct, is that there is no increased risk by just downloading/streaming from a site which does not have https.
HTTPS does not guarantee the contents of the site is safe, nor that the what they do with any data is safe, e.g. storing passwords as plain text.

I could go & create a site now, get a certificate and make sure it's only accessible via HTTPS, and fill it with "dodgy" downloads for you to get, which could then infect your PC.

This is where your anti-virus/anti-malware software & common sense comes into play.

The increased risk of an HTTP only site is that (with the right skills & willing) someone could see anything you put into a form, or see exactly what you are looking at & downloading. HTTPS prevents this as the communications between you & the website are encrypted.

But for any website at all, if you're concerned about downloading anything, simply don't, or search around & try to verify that it's safe.
MikeyB is offline   Reply With Quote
Old 30-09-2021, 18:58   #41
Paul
Dr Pepper Addict
Cable Forum Team
 
Paul's Avatar
 
Join Date: Oct 2003
Location: Nottingham
Age: 61
Services: Flextel SIP : Sky Mobile : Sky Q TV : VM BB (1000 Mbps) : Aquiss FTTP (330 Mbps)
Posts: 27,615
Paul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered stars
Paul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered stars
Re: http - how secure is it?

It doesnt help when certificate issuers change things.

One of Lets Encrypt's intermediate certificates expires imminently, and thats causing some issues.
__________________

Baby, I was born this way.
Paul is offline   Reply With Quote
Old 30-09-2021, 22:03   #42
Rillington
cf.mega poster
 
Join Date: Jan 2004
Services: Virgin Media, DAB
Posts: 1,134
Rillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation era
Re: http - how secure is it?

Quote:
Originally Posted by MikeyB View Post
HTTPS does not guarantee the contents of the site is safe, nor that the what they do with any data is safe, e.g. storing passwords as plain text.

I could go & create a site now, get a certificate and make sure it's only accessible via HTTPS, and fill it with "dodgy" downloads for you to get, which could then infect your PC.

This is where your anti-virus/anti-malware software & common sense comes into play.

The increased risk of an HTTP only site is that (with the right skills & willing) someone could see anything you put into a form, or see exactly what you are looking at & downloading. HTTPS prevents this as the communications between you & the website are encrypted.

But for any website at all, if you're concerned about downloading anything, simply don't, or search around & try to verify that it's safe.
And this is why I would never put anything into a site which does not have https.

For me, the issue is whether there is any addition risk simply by visiting a site which does not have https because as soon as you visit any website you are downloading content, and from what you have indicated, there is no difference as all https does is encrypt data sent between user and site and vice versa to stop sone else from seeing what you are doing and what data is being transferred. Correct?
Rillington is offline   Reply With Quote
Old 01-10-2021, 01:27   #43
pip08456
Sad Doig Fan!
 
pip08456's Avatar
 
Join Date: Aug 2007
Location: Barry South Wales
Age: 67
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,647
pip08456 has a nice shiny starpip08456 has a nice shiny star
pip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny star
Re: http - how secure is it?

Quote:
Originally Posted by Rillington View Post
And this is why I would never put anything into a site which does not have https.

For me, the issue is whether there is any addition risk simply by visiting a site which does not have https because as soon as you visit any website you are downloading content, and from what you have indicated, there is no difference as all https does is encrypt data sent between user and site and vice versa to stop sone else from seeing what you are doing and what data is being transferred. Correct?
Bascically yes, the contents could be malicious though. Just because it uses HTTPS does not mean you are safe at all.
pip08456 is offline   Reply With Quote
Old 02-10-2021, 21:47   #44
Rillington
cf.mega poster
 
Join Date: Jan 2004
Services: Virgin Media, DAB
Posts: 1,134
Rillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation era
Re: http - how secure is it?

Thank you for the clarification.
Rillington is offline   Reply With Quote
Old 08-10-2021, 20:30   #45
Rillington
cf.mega poster
 
Join Date: Jan 2004
Services: Virgin Media, DAB
Posts: 1,134
Rillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation eraRillington has entered a golden reputation era
Re: http - how secure is it?

and am i right that regardless of whether a site is 'secure' or 'not secure', you are downloading content onto your hard-drive just by visiting the site and there is no difference regarding safety if you choose to save the content you download rather than getting rid of it by clearing your browsing data.
Rillington is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 22:14.


Server: osmium.zmnt.uk
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.