Mikes10 Â Â 10 #13 Posted March 19, 2017 On the contrary, Sheffield Forum do not use encryption as it breaks embedding images from unencrypted sources. Or at least that was the excuse I was told. Â According to Mozilla: Â https://support.mozilla.org/t5/Protect-your-privacy/How-do-I-tell-if-my-connection-to-a-website-is-secure/ta-p/1637 Share this post Link to post Share on other sites Share this content via...
sgtkate   10 #14 Posted March 19, 2017 Well to be fair he's pretty much right. Anyone can buy an SSL cert these days with no checking so they have become almost worthless for checking a sites validity. Yes they still mean data is encrypted going to and from them, but if the site is run by someone unscrupulous then the encrypted data will still get to them.  Have a look at the number of sites with valid SSL certs that have the PayPal name in them but are clearly fraud sites and you'll see what i mean.  https://isc.sans.edu/forums/diary/Paypal+scam+site+using+SSL+spotted/16/ https://community.letsencrypt.org/t/a-fake-paypal-phishing-website-is-using-lets-encrypt-certificate/20760  Those are links to articles about it and not to the scam sites BTW.  Just because a site has the padlock does not mean it's legit.  ---------- Post added 19-03-2017 at 08:53 ----------  On the contrary, Sheffield Forum do not use encryption as it breaks embedding images from unencrypted sources. Or at least that was the excuse I was told.  Erm:  https://www.sheffieldforum.co.uk Share this post Link to post Share on other sites Share this content via...
Obelix   11 #15 Posted March 20, 2017 Because they are trying to scare ppl for no reason......  All sites ARE NOT SECURE (Even HTTPS ones) -- The elite can still see everything!  Really? You've found a way to break TLS encryption?  ---------- Post added 20-03-2017 at 10:54 ----------  And it can cause connection problems for older browsers!! No reason for a site like this to FORCE HTTPS ... Its totally insane....   This site does it right.... (cellar.org does the same) If you wanna use HTTPS you can but if you dont want to,etc you dont have to.....  Why on earth would you not want to have secure comms? Share this post Link to post Share on other sites Share this content via...
altus   540 #16 Posted March 20, 2017 Really? You've found a way to break TLS encryption? There are man in the middle attacks against HTTPS using proxies and forged certificates. Companies can do it easily enough for their own computers (install forged certificate authority certificates on all your machines and have your proxy supply forged site certificates). Beyond that you're probably talking security services using more sophisticated forged site certificates (that validate against real certificate authority certificates) and forcing ISPs to use their proxies.  All of that's no reason to not encrypt to protect your information from all the other people you'd want to protect it from so Dude111's advice is still very bad. Share this post Link to post Share on other sites Share this content via...
