No HTTPS?

SylvainG · « **on:** January 04, 2019, 10:07:42 pm »

Hi, new here. Was surprised to see that this site doesn't do HTTPS. At least, when I entered https://www.echotalk.org, I was greeted to a

Antirebate
"We find the Deals, You get the Savings!"

site instead of a secure communication version of Echotalk...

In these days an ages, I find this weird and unsettling... Anybody else?

renegade600 · « **Reply #1 on:** January 04, 2019, 10:33:51 pm »

I don't find it weird or unsettling after all, this is just a forum. not like you gave it any credit card info to join.

SylvainG · « **Reply #2 on:** January 05, 2019, 01:23:35 am »

Some unaware of this might reuse passwords and the password here is either sent in Base64 (which is not encryption) or plain text, which is has been a no-no for several years now... All the forums I'm subscribed to have been using encryption for several years. I'm surprised this one doesn't.

renegade600 · « **Reply #3 on:** January 05, 2019, 02:14:40 am »

Quote from: SylvainG on January 05, 2019, 01:23:35 am

Some unaware of this might reuse passwords and the password here is either sent in Base64 (which is not encryption) or plain text, which is has been a no-no for several years now... All the forums I'm subscribed to have been using encryption for several years. I'm surprised this one doesn't.

https does not mean the website is secure. it is too easy to get a ssl certificate whether it be real or fake.

SylvainG · « **Reply #4 on:** January 05, 2019, 01:27:14 pm »

Quote from: renegade600 on January 05, 2019, 02:14:40 am

Quote from: SylvainG on January 05, 2019, 01:23:35 am
Some unaware of this might reuse passwords and the password here is either sent in Base64 (which is not encryption) or plain text, which is has been a no-no for several years now... All the forums I'm subscribed to have been using encryption for several years. I'm surprised this one doesn't.

https does not mean the website is secure. it is too easy to get a ssl certificate whether it be real or fake.

Sites register certificates through third parties like Entrust or Verisign. Sites using self signed certificates or certificate from unknown third parties will be flagged in your browser.

renegade600 · « **Reply #5 on:** January 05, 2019, 02:48:49 pm »

Quote from: SylvainG on January 05, 2019, 01:27:14 pm

Quote from: renegade600 on January 05, 2019, 02:14:40 am
Quote from: SylvainG on January 05, 2019, 01:23:35 am
Some unaware of this might reuse passwords and the password here is either sent in Base64 (which is not encryption) or plain text, which is has been a no-no for several years now... All the forums I'm subscribed to have been using encryption for several years. I'm surprised this one doesn't.

https does not mean the website is secure. it is too easy to get a ssl certificate whether it be real or fake.

Sites register certificates through third parties like Entrust or Verisign. Sites using self signed certificates or certificate from unknown third parties will be flagged in your browser.

most users will just click through most flags since they have no idea of what it is about or they could care less. if you care so much, why are you on this forum? It just proves my point. truth is, even you don't really care.

SylvainG · « **Reply #6 on:** January 06, 2019, 02:42:51 pm »

I care enough to use a password that is unique to THIS forum, hope you do the same for your sake. Not everyone do that hence my warning and question. Don't security bothers you?

SylvainG · « **Reply #7 on:** January 16, 2019, 11:42:43 pm »

HTTPS now works here

mike27oct · « **Reply #8 on:** January 17, 2019, 02:44:26 am »

Much ado about nothing.

SylvainG · « **Reply #9 on:** January 18, 2019, 10:01:51 pm »

Whatever floats your boat but information security is important to me

No HTTPS?

SylvainG

No HTTPS?

renegade600

Re: No HTTPS?

SylvainG

Re: No HTTPS?

renegade600

Re: No HTTPS?

SylvainG

Re: No HTTPS?

renegade600

Re: No HTTPS?

SylvainG

Re: No HTTPS?

SylvainG

Re: No HTTPS?

mike27oct

Re: No HTTPS?

SylvainG

Re: No HTTPS?