, regardless of what’s on it, and I seem to remember they intend for Chrome in future to block any that don’t.
Common sense is what’s needed, really: if your browser tells you a site isn’t secure, ask yourself, “Am I going to enter any sensitive information on it?” If not, you can ignore the warning. For example, with a forum like this, anyone eavesdropping on visitors will only really get usernames and passwords to the forum. As long as you don’t use those same names and passwords for important sites (like your bank, PayPal, etc.) there’s no real danger — at worst, someone could impersonate you here on this forum.
There is this push to have security certificates on sites. On my business site, which is just an online brochure site and means of contact I have has to buy a certificate to stop the security alert. There is no real reason to need one but people get worried if they see that. The cost was about £25 from memory but at least visitors to the site won’t be put off by it.
potential is to take the password & user identity of any account so that means a threat actor could become a John or an Ian m. I'm sure they have some interesting abilities that we do not.
If there is the potential to modify the content that is presented to you to include malware then there is a lot more at risk than just impersonating someone, even if the risk is limited to the potential of impersonating someone, could I use that to some advantage? maybe.
Hi @John , in light of GDPR you may want to have a think about that, whilst the forum does not store "sensitive" personal data, it does store email addresses and if someone has entered date of birth, location etc. it stores personal data that can be used to identify a data subject. In the event of a data breach you'd be on a very sticky wicket arguing with the information commissioners office that a site that stores personal data that can be used to identify a subject does not need to be secure. The penalties are pretty draconian.
It's a low risk since I don't think the forum is very high on Moscow's target list and the ICO are after the banks etc. but thought you may appreciate the heads-up.
The forum is secure, it's just Google browser saying it hasn't got an SSL, the forum is always up to date with the latest patches, having an SSL wouldn't stop any real hacker getting in, just ask the many big companies and governments that have been hacked.
I will change the GDPR text to reflect this, if people don't want to use the forum because of this then that's fine.