Firefox Complains RR Not Secure

Status
Not open for further replies.

SCPD

QRT
Joined
Feb 24, 2001
Messages
0
Location
Virginia
This really worries me because I am a premium subscriber and wish to keep it that way. Firefox complains this RR does not provide encryption.Once evil hackers get wind of this they'll try to steal premium subscriptions. I will not debate firefox.

First image is forums second image is main site.
 

Attachments

16b

Member
Joined
Feb 28, 2004
Messages
483
Location
Central Ohio
if you are concerned about the hackers, it might be time to consider something other than windows xp
 

dave3825

Member
Premium Subscriber
Joined
Feb 17, 2003
Messages
2,880
Location
New York
I am running Chrome. Chrome reports the following while on https://www.radioreference.com/ and pretty much the same but with more images loaded over http while on https://forums.radioreference.com/

Says the page is not secure but also says I have an encrypted connection to the site.
Is this anything to be concerned about? Just curious.



- - - - - - - - -


This page is not secure.

Valid Certificate
The connection to this site is using a valid, trusted server certificate.

Secure Connection
The connection to this site is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM).

Mixed Content
The site includes HTTP resources.
Reload the page to record requests for HTTP resources.


(index):234 Mixed Content: The page at 'https://www.radioreference.com/' was loaded over HTTPS, but requested an insecure image 'http://s.radioreference.com/i/icons/speaker_s.gif'. This content should also be served over HTTPS.

(index):237 Mixed Content: The page at 'https://www.radioreference.com/' was loaded over HTTPS, but requested an insecure image 'http://s.radioreference.com/i/icons/tags_avail.gif'. This content should also be served over HTTPS.

(index):255 Mixed Content: The page at 'https://www.radioreference.com/' was loaded over HTTPS, but requested an insecure image 'http://s.radioreference.com/i/icons/Document_Tree.gif'. This content should also be served over HTTPS.

(index):261 Mixed Content: The page at 'https://www.radioreference.com/' was loaded over HTTPS, but requested an insecure image 'http://s.radioreference.com/i/icons/speaker_s.gif'. This content should also be served over HTTPS.

(index):264 Mixed Content: The page at 'https://www.radioreference.com/' was loaded over HTTPS, but requested an insecure image 'http://s.radioreference.com/i/icons/tags_avail.gif'. This content should also be served over HTTPS.

(index):282 Mixed Content: The page at 'https://www.radioreference.com/' was loaded over HTTPS, but requested an insecure image 'http://s.radioreference.com/i/icons/Document_Tree.gif'. This content should also be served over HTTPS.

(index):288 Mixed Content: The page at 'https://www.radioreference.com/' was loaded over HTTPS, but requested an insecure image 'http://s.radioreference.com/i/icons/speaker_s.gif'. This content should also be served over HTTPS.

(index):309 Mixed Content: The page at 'https://www.radioreference.com/' was loaded over HTTPS, but requested an insecure image 'http://s.radioreference.com/i/icons/Document_Tree.gif'. This content should also be served over HTTPS.

(index):315 Mixed Content: The page at 'https://www.radioreference.com/' was loaded over HTTPS, but requested an insecure image 'http://s.radioreference.com/i/icons/speaker_s.gif'. This content should also be served over HTTPS.

(index):334 Mixed Content: The page at 'https://www.radioreference.com/' was loaded over HTTPS, but requested an insecure image 'http://s.radioreference.com/i/icons/Document_Tree.gif'. This content should also be served over HTTPS.

(index):340 Mixed Content: The page at 'https://www.radioreference.com/' was loaded over HTTPS, but requested an insecure image 'http://s.radioreference.com/i/icons/speaker_s.gif'. This content should also be served over HTTPS.

(index):359 Mixed Content: The page at 'https://www.radioreference.com/' was loaded over HTTPS, but requested an insecure image 'http://s.radioreference.com/i/icons/Document_Tree.gif'. This content should also be served over HTTPS.

quant.js Failed to load resource: net::ERR_NAME_NOT_RESOLVED
ga.js Failed to load resource: net::ERR_NAME_NOT_RESOLVED
 

blantonl

Founder and CEO
Staff member
Joined
Dec 9, 2000
Messages
9,830
Location
San Antonio, TX
It's not a problem - just some supporting images and icons are loaded over non-secure http while the rest of the page is secure. At some point I'll get that fixed.
 

blantonl

Founder and CEO
Staff member
Joined
Dec 9, 2000
Messages
9,830
Location
San Antonio, TX
Any chance you can support redirects to force all traffic to https? That is the recommended way of rolling out TLS now days.
Yes, it is an easy header change to rollout, but we're not yet prepared to do it just yet.

We have some infrastructure updates coming over the next few months where this will be part of the rollout.
 

iMONITOR

Member
Premium Subscriber
Joined
Sep 20, 2006
Messages
9,095
I'm still getting the warning that the FORUM log-in is insecure.
 

iMONITOR

Member
Premium Subscriber
Joined
Sep 20, 2006
Messages
9,095
Insecure password warning in Firefox


This is a new feature that is available starting in Firefox version 51
.

Firefox will display a grey lock icon with a red strike-through in the address bar, when a login page you’re viewing does not have a secure connection. This is to inform you that if you enter your password it could be stolen by eavesdroppers and attackers.

Starting in Firefox version 52, you will also see a warning message when you click inside the login box to enter a username or password.


What can I do if a login page is insecure?

If a login page for your favorite site is insecure, you can try and see if a secure version of the page exists by typing https:// before the url in the location bar. You can also try to contact the web administrator for the site and ask them to secure their connection.
Not recommended: You can also continue to log in to the website even if the connection is insecure, but do so at your own risk. If you do go this route, try to use a unique password or a password that you don’t also use for other important sites.
About insecure pages

Pages that need to transmit private information, such as credit cards, personal information and passwords, need to have a secure connection to help prevent attackers from stealing your information. (Tip: A secure connection will have "HTTPS" in the address bar, along with a green lock icon.)

Pages that don’t transmit any private information can have an unencrypted connection (HTTP). It is not advised to enter private information, such as passwords, on a web page that shows HTTP in the address bar. The information you enter can be stolen over this insecure connection.
Note for developers

For developers looking to learn more about this warning, please see this page. The page explains when and why Firefox shows this warning, and will also provide some details on how to fix the issue. For more information, see this blog post and this Site Compatibility document.

NOTE: This is not a fault of FireFox, it is a valuable feature. If you're not using FireFox, you are still exposed to the risk. You're just not being warned.

I'm not only concerned about my login password, but the contents of my PM's as well. It appears they are also not encrypted, and in the clear, possibly exposed to hackers.
 
Status
Not open for further replies.
Top