The following warnings occurred:
Warning [2] Undefined variable $search_thread - Line: 60 - File: showthread.php(1617) : eval()'d code PHP 8.1.31 (Linux)
File Line Function
/inc/class_error.php 153 errorHandler->error
/showthread.php(1617) : eval()'d code 60 errorHandler->error_callback
/showthread.php 1617 eval




Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Security
#1
Not sure if this is worth a mention.
But my I pad is showing a “not Secure” message
Regards
           Tim
Reply
#2
So is my computer, with other sites too...
Reply
#3
Only the A7 site so far
Reply
#4
If you use Chrome, and site that is not registered as a secure "HTTPS" it will show as "Not Secure". This is a really stupid thing for Google to do - there are millions of static sites out there using HTTP and not collecting any data at all. Example: my site http://www.lathes.co.uk/ shows as "Not Secure" in Chrome, but not in other browsers, while the commercial site with online payment facilities "Store" does not: https://www.store.lathes.co.uk  (Opera also shows static HTML sites as "Not Secure"). However, switch to Firefox, Microsoft Edge, and the warning should disappear.
Reply
#5
Saying “not secure” on
Apple IPhones, this is new has something changed at the Server?

Bill G
Based near the Scottish Border,
Reply
#6
Hi All

It seems to have happened to me after an Apple software update.  

Howard
Reply
#7
It's always been insecure because as Tony mentions because the site is using HTTP not HTTPS. The difference between those two is when using HTTPS all the messages between the client (your computer) and the server are encrypted so no one can in theory eavesdrop on them. Does it matter on essentially a public forum like this? Probably not.

Different browsers will sometimes warn you in different ways so it sounds like some browsers have updated and are now more aggressively showing the warning. The reason is so that if someone sends you a fake email pretending to be from your bank say and you click on a link in it without checking the actual address they could send you to an insecure site.

These days it's best to consider nothing as being that safe online. Definitely for any site you're sending personal or important information (like banking) always use HTTPS. Also always use different passwords for the very important stuff because data is leaked all the time. Assume anything you put online, no matter how secure, will be breached at some point so think in terms of minimising any damage a breach will cause.

One trick if you use gmail for your email address is you can add a + sign into the first part of the address and all email still comes to you. So if your gmail address is name@gmail.com you can use name+austin7@gmail .com or name+anything@gmail.com and you'll get the mail. The beauty of that is you can use that to have a different email address to sign up for things. Then when they have a data leak you can tell which site leaked. 

You can check if your email is associated with any leak here: https://haveibeenpwned.com/ (yes, that site is safe to use, you only enter an email address).

Those data breaches are why you now get emails from people saying they hacked your computer and know your password (and they include it in the email). They bulk send those blackmail messages out hoping some percentage will reply and be scammed. If you get one, ignore it, never reply and make sure you're not using that password anywhere else. It's handy of them to tell you which password is compromised actually. 

For some sobering reading here is the list of data breaches. And that's KNOWN data breaches. Note there are some very big names in there.

https://en.wikipedia.org/wiki/List_of_data_breaches

Simon

Oh, and the reason it's not a silly thing for the browsers to do it is to prevent phishing type attacks through email. Someone can send you an email that looks exactly like it's from your bank say with an message asking you to log in via a link. Click that link and you get sent to a page. It looks just like your bank so you enter your details but if you don't check the actual URL you might not be logging into your bank. You've just given someone your details. The 'not secure' is just another check that the page isn't where you think it is.

Never click any sort of link like that in an email directly to be safe. If an email asks you to log in somewhere it's always safest to manually go to the site and do it there.

If you do see the not secure then definitely question it so yes, was definitely worth a mention Tim!

Simon
Reply
#8
The process to go from HTTP to HTTPS is extremely easy.
I have my own website for honey and blacksmithing, andybennettuk.co.uk and was worried that Google might start 'downranking' sites not security approved. They haven't yet but it is a natural progression. So I took a look a few months ago expecting time and cost but it was easy.

To go from HTTP to HTTPS you need a 'certificate'. However the process to get it is a simple click.
You go to your service provider (I use 34SP) then go to settings, advanced, and click on the 'ask for SSL certificate' button.
It says 'this might take a couple of hours' then it comes through as 'available' and you click apply, voila HTTP becomes HTTPS.

Andy
Enjoy yourself, it's later than you think!
Reply
#9
One very important point is never, ever, use a laptop or mobile device on a publin Wifi and enter a password. That's how the hackers harvest them - then try to trick you into believing that they've put a key-stroke logger on your compuer, or worse. As Andy says, if you do receive an email along those lines, claiming that they know all about you and what you've been doing, do not, under any circumstances, reply. It's all a scam and, sadly, many people fall for it.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)