Comments for How can an https web site still be nonsecure?

Comment from chesscanoe on 2011-08-02

2011-08-02T21:31:59Z

The Google Chrome browser version 13.0.782.107 beta-m, and perhaps earlier versions are smart enough to show https in green when it's safe, and in red when it's not. The Walmart prescription renewal url is one example that demonstrates this.

Again, that's the page that you're on, and it does not reflect the security of the page that you're going to when you press "Submit", "Login" or whatever after filling in your account details.

04-Aug-2011

]]>

A comment on: How can an https web site still be nonsecure?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Steve on 2011-08-02

2011-08-02T21:05:34Z

JayFlight - I searched Firefox help and found this for Ver 4. It also appears to apply to ver 5.

The only way I know to do this in Firefox 4 is to change hidden preferences.

Type about:config into the location bar and press enter
Accept the warning message that appears, you will be taken to a list of preferences
In the filter box type security.warn this will show a few preferences, you can double-click on them to change their values, the settings are:
security.warn_viewing_mixed -I'm about to view an encrypted page that contains some unencrypted information
security.warn_submit_insecure - I submit information that's not encrypted
security.warn_leaving_secure - I leave an encrypted page for one that isn't encrypted
security.warn_entering_weak - I am about to view a page that uses low-grade encryption
security.warn_entering_secure - I am about to view an encrypted page

]]>

A comment on: How can an https web site still be nonsecure?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from JayFlight on 2011-08-02

2011-08-02T15:54:39Z

Can anyone help with the settings for Firefox? It looks like the article was written in 2008 and those settings (Tools, Options, Security, Settings) was available in Firefox 3.5. In the newer version of Firefox (I'm on v5), there's no "Settings" button, and I can't find a similar one anywhere in Options. Please advise if you find a solution!

Unfortunately that's been moved to a set of hidden preferences in about:config. I found this on that: http://support.mozilla.com/en-US/questions/829577.

03-Aug-2011

]]>

A comment on: How can an https web site still be nonsecure?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Jimmy Boyd on 2008-09-21

2008-09-21T11:38:31Z

Hi Leo,

Excellent article! You mentioned 'always using an encrypted VPN' in your article. How is a VPN more secure than a single https web site implementation? Wouldn't I need using your browser settings trick within a VPN? Thanks a lot.

A VPN will encrypt all data between yourself and the VPN provider, whether it's https or not. After the VPN provider it travels encrypted, or not, dependong on whether it's https, or not.

An https connection is encrypted all the way between you and the web site you're accessing.

Most sniffing attacks happen at your end, so making sure that the data is encrypted as it leaves your computer - https or VPN - is what's important, IMO.

- Leo
21-Sep-2008

]]>

A comment on: How can an https web site still be nonsecure?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from David Sorge on 2008-08-10

2008-08-11T02:40:24Z

Speaking of bad web design. I went to read "Why didn't you answer my question?" and a grayed out screen with modal box asking me if I wanted to receive your news letter in the middle of it came up. Ironically I was trying to read the article Because of the news letter. I had no scroll bar and so I was not able to scroll down to close it. I used the back button.and here I am. I'm going to try again. This time it worked.

FWIW: that popup does have a close button (x in the upper right corner, like most windows), and as long as cookies are enabled should only appear once ever 180 days.

More here: Why do I keep getting a newsletter subscribe pop-up on your site?

-Leo

]]>

A comment on: How can an https web site still be nonsecure?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from David Sorge on 2008-08-10

2008-08-11T02:27:38Z

I don't know of a better way to get info to you and it may be important. In your News letter just below the link to this article I found this: MailScanner has detected a possible fraud attempt from "clicks.aweber.com" claiming to be http://www.ThisIsTrue.com. "MailScanner has detected a possible fraud attempt from "clicks.aweber.com" claiming to be" was in RED. I think I have MailScanner on my computer so I think this may be bad. I won't click on it unless you can say nothing to worry about. More information would be appreciated.

"Aweber" is the company that processes my mailing list, and they modify links so that I can see which links people are clicking on. So the link is safe.

-Leo

]]>

A comment on: How can an https web site still be nonsecure?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Guy on 2008-08-05

2008-08-06T03:24:25Z

Since hovering over the 'Login' didn't work, I tried entering a fake username and password. Clicking 'Login' gave me an unknown user/password message but the URL started 'https' - could this be an easy way to verify the URL of the target page?

Unfortunately no. It's very possible that the URL you went to first was some other URL that, for example, captured your information and then automatically and transparently sent you on to the https URL.

-Leo

]]>

A comment on: How can an https web site still be nonsecure?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Bob Rutske on 2008-08-05

2008-08-06T02:37:13Z

Agaian, a great topic, well explained.
Thank you

]]>

A comment on: How can an https web site still be nonsecure?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Feyisayo on 2008-08-05

2008-08-05T16:15:22Z

Thanks Leo. That was enlightening (as always).
Thanks a lot.

]]>

A comment on: How can an https web site still be nonsecure?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Tom on 2008-08-05

2008-08-05T15:43:02Z

You've done it again! Not only made the subject clear and understandable, but gave easy to follow instructions that even a senior citizen can follow.
Thanks - I feel safer now - for a while.

]]>

A comment on: How can an https web site still be nonsecure?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from peter on 2008-07-31

2008-07-31T10:37:41Z

Great article Leo ,you explained http/https method in details with extra information and solutions , really great article for beginners and professionals....thanks Leo.

]]>

A comment on: How can an https web site still be nonsecure?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Ryan on 2008-07-30

2008-07-31T03:09:40Z

Hi Leo, I am a high school student. I am familiar with html but I was wondering is there a way of creating an online database that can be accessed by anyone using HTLM only. If so what are the necessary steps in doing so. And if not is there a way of creating and online database using other methods eg PHP, XHTML etc. And what would be the necessary steps.

]]>

A comment on: How can an https web site still be nonsecure?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Bucky on 2008-07-30

2008-07-31T00:41:47Z

Great explanation! I never fully realized that it was the target page that really mattered, not the current page.

]]>

A comment on: How can an https web site still be nonsecure?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from David on 2008-07-30

2008-07-30T21:35:17Z

yes leo, as you kind of alluded to, you can "view" "source" and read the html for where the link is pointed to but you just about have to have atleast some knowledge of html, like us geeks...lol

That's why I mention AJAX, since that is often incomprehensible to even those of us who could read it.

-Leo

]]>

A comment on: How can an https web site still be nonsecure?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Ken B on 2008-07-30

2008-07-30T16:10:11Z

I read several months ago, in an article on some of the "worst" spyware out there, that it's possible for spyware to read https information, by installing itself in the browser between the browser and the SSL layer. (Unfortunately, I didn't save a link to the online version.)

Basically, the browser communicates internally with the SSL layer unencrypted. By wedging itself in that layer, the spyware can see everything unencrypted.

Have you heard anything of this?

Spyware and viruses can to ANYTHING - that's why they're to be avoided at all costs.

-Leo

]]>

A comment on: How can an https web site still be nonsecure?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.