Security

geegad

Can't cheat fate..
Joined
Mar 7, 2010
Messages
2,065
Points
83
First Name
John
Just come back to this site but why does it keeps saying at the top that the site is not secure and showing a warning sign.
 

Ian M

GB Mod
Staff member
Administrator
Moderator
SMF Supporter
Joined
Dec 14, 2008
Messages
12,152
Points
113
Location
Falster, Denmark
First Name
Ian
@John
This is one for you I think. I have had a look as to why, but have no idea.
 

John

Administrator
Staff member
Administrator
Joined
Mar 4, 2004
Messages
3,893
Points
113
It doesn’t say it at the top of my screen, but it isn’t secure, it doesn’t have a SSL (HTTPS) installed.
 
D

Deleted member 5819

Guest
Hi, I to have the same problem as John, site not secure and a warning triangle sign ?
Happen in the last hour check everything my end can't find any fault?
Pete
 

stillp

SMF Supporter
Joined
Nov 17, 2016
Messages
1,770
Points
113
First Name
Peter
Don't worry about it! You're not going to be buying anything on the forum are you?

Pete
 

stillp

SMF Supporter
Joined
Nov 17, 2016
Messages
1,770
Points
113
First Name
Peter
If you go to the shop, you'll see the https, showing that it is a secure site.

Pete
 

John

Administrator
Staff member
Administrator
Joined
Mar 4, 2004
Messages
3,893
Points
113
The forum doesn’t need to be secure.
 

rtfoe

SMF Supporter
Joined
Apr 29, 2018
Messages
1,520
Points
113
Location
Malaysia
First Name
Richard
Oh good ...for a while there I thought there was something wrong with the site or my security system.

Cheers,
Richard
 

Ian M

GB Mod
Staff member
Administrator
Moderator
SMF Supporter
Joined
Dec 14, 2008
Messages
12,152
Points
113
Location
Falster, Denmark
First Name
Ian
The forum doesn’t need to be secure.
So remember, no Email adresses, Phone numbers or home adresses in posts on the forum or messages. 99% never do but I still see the odd one here and there...
 

geegad

Can't cheat fate..
Joined
Mar 7, 2010
Messages
2,065
Points
83
First Name
John
Ok that's for clearing that up and many thank for the speedy answers
 

Jakko

SMF Supporter
Joined
Apr 28, 2018
Messages
2,269
Points
113
First Name
Jakko
The forum doesn’t need to be secure.
It does if Google has anything to say about it. They’ve been pushing for all sites to use HTTPS, regardless of what’s on it, and I seem to remember they intend for Chrome in future to block any that don’t.

Common sense is what’s needed, really: if your browser tells you a site isn’t secure, ask yourself, “Am I going to enter any sensitive information on it?” If not, you can ignore the warning. For example, with a forum like this, anyone eavesdropping on visitors will only really get usernames and passwords to the forum. As long as you don’t use those same names and passwords for important sites (like your bank, PayPal, etc.) there’s no real danger — at worst, someone could impersonate you here on this forum.
 

BarryW

SMF Supporter
Joined
Jul 23, 2011
Messages
2,436
Points
113
Location
Dover & Hythe
First Name
Barry
There is this push to have security certificates on sites. On my business site, which is just an online brochure site and means of contact I have has to buy a certificate to stop the security alert. There is no real reason to need one but people get worried if they see that. The cost was about £25 from memory but at least visitors to the site won’t be put off by it.
 
B

Bobbingalong

Guest
at worst, someone could impersonate you here on this forum.
potential is to take the password & user identity of any account so that means a threat actor could become a John or an Ian m. I'm sure they have some interesting abilities that we do not.

If there is the potential to modify the content that is presented to you to include malware then there is a lot more at risk than just impersonating someone, even if the risk is limited to the potential of impersonating someone, could I use that to some advantage? maybe.
 

Jakko

SMF Supporter
Joined
Apr 28, 2018
Messages
2,269
Points
113
First Name
Jakko
potential is to take the password & user identity of any account so that means a threat actor could become a John or an Ian m. I'm sure they have some interesting abilities that we do not.
True, but that’s not an issue for you and me, the regular visitors of this site who (may) get a warning from their web browsers that the site isn’t secure.
 
Joined
Nov 22, 2018
Messages
8
Points
3
First Name
Simon
The forum doesn’t need to be secure.
Hi @John , in light of GDPR you may want to have a think about that, whilst the forum does not store "sensitive" personal data, it does store email addresses and if someone has entered date of birth, location etc. it stores personal data that can be used to identify a data subject. In the event of a data breach you'd be on a very sticky wicket arguing with the information commissioners office that a site that stores personal data that can be used to identify a subject does not need to be secure. The penalties are pretty draconian.

It's a low risk since I don't think the forum is very high on Moscow's target list and the ICO are after the banks etc. but thought you may appreciate the heads-up.
 

John

Administrator
Staff member
Administrator
Joined
Mar 4, 2004
Messages
3,893
Points
113
The forum is secure, it's just Google browser saying it hasn't got an SSL, the forum is always up to date with the latest patches, having an SSL wouldn't stop any real hacker getting in, just ask the many big companies and governments that have been hacked.

I will change the GDPR text to reflect this, if people don't want to use the forum because of this then that's fine.
 

John

Administrator
Staff member
Administrator
Joined
Mar 4, 2004
Messages
3,893
Points
113
I've installed an SSL certificate, you will need to change your bookmarks to include https
 
Top