X Marks the Scot - An on-line community of kilt wearers.

   X Marks Partners - (Go to the Partners Dedicated Forums )
USA Kilts website Celtic Croft website Celtic Corner website Houston Kiltmakers

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Join Date
    7th February 08
    Location
    Abbotsford, BC, Canada
    Posts
    853
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Website not secure

    Just got a “ website not secure “ warning, about this website, from my browser.
    Any thing to be concerned about?
    waulk softly and carry a big schtick

  2. #2
    Join Date
    24th September 04
    Location
    Victoria, BC Canada 48° 25' 47.31"N 123° 20' 4.59" W
    Posts
    4,337
    Mentioned
    18 Post(s)
    Tagged
    0 Thread(s)
    No, nothing to be concerned about. This is a new thing that is popping up.

    It has to do with a certificate that e-commerce sites are converting to.

    As X Marks is not an e-commerce site we have not felt a need to convert over to this type of site.

    For now, just ignore the message. We may convert at some later date and we will make an announcement before we do.
    Steve Ashton
    Forum Owner

  3. #3
    Join Date
    8th February 18
    Location
    Near the Summit, above Silicon Valley
    Posts
    426
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Steve............A few minutes ago, while trying to post a comment, I hit the the Preview Post button. For a split second (literally), I saw a white screen, with WARNING followed by other words. Is this part of the same "Nothing to be concerned about"? .

    Cheers,
    Steve
    "I can draw a mouse with a pencil, but I can't draw a pencil with a mouse"

  4. #4
    Join Date
    24th September 04
    Location
    Victoria, BC Canada 48° 25' 47.31"N 123° 20' 4.59" W
    Posts
    4,337
    Mentioned
    18 Post(s)
    Tagged
    0 Thread(s)
    As I said before this is a fairly recent addition to browsers like Chrome and Firefox. It is your browser, not X Marks, that is displaying the "not secure" message.

    This message does not mean that there is anything wrong with X Marks.

    The new addition on browsers looks for the difference between sites that use the http protocol v.s. those that use the https protocol. Any page with a website address starting with "http:// v.s. "https:// will cause the browser to display the “Not Secure” warning.

    The additional 's' in https stands for 'secure' and denotes that the site has purchased an SSL certificate. An SSL (Secure Sockets Layer) certificate then installs a code on the website which activates an encryption 'padlock' between the site and a customer. This padlock adds an additional level of security for those sites which transmit sensitive data such as credit card numbers, payments and payment information between a site and a customer. Sort of like a secure or encrypted telephone, like those used in the Pentagon, v.s. a regular phone in your home.

    Amazon is an https site.

    I have spoken to kiltedcodewarrior about this and he advises, that while we could purchase an SSL certificate, it does not really give us any added features or security for an on-line forum where no credit card information or payments are transmitted between X Marks and our members.

    But yes, I will probably be forced to purchase an SSL certificate, in the near future, just to end the "not secure" being displayed and our members becoming concerned.
    Steve Ashton
    Forum Owner

  5. The Following User Says 'Aye' to Steve Ashton For This Useful Post:


  6. #5
    Join Date
    24th September 04
    Location
    Victoria, BC Canada 48° 25' 47.31"N 123° 20' 4.59" W
    Posts
    4,337
    Mentioned
    18 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Baeau View Post
    Steve............A few minutes ago, while trying to post a comment, I hit the the Preview Post button. For a split second (literally), I saw a white screen, with WARNING followed by other words. Is this part of the same "Nothing to be concerned about"? .

    Cheers,
    Steve

    No, I do not believe your white screen is part of the same thing. I am not sure what you saw.
    Steve Ashton
    Forum Owner

  7. #6
    Join Date
    8th February 18
    Location
    Near the Summit, above Silicon Valley
    Posts
    426
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That's two of us, that aren't sure what I saw. This moment, I hit Preview Post. No white screen. All is normal. The sky isn't falling. Thanks for the SSL Certificate explaination.
    "I can draw a mouse with a pencil, but I can't draw a pencil with a mouse"

  8. #7
    Join Date
    26th November 18
    Location
    Central Pennsylvania, USA
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Steve Ashton View Post
    I have spoken to kiltedcodewarrior about this and he advises, that while we could purchase an SSL certificate, it does not really give us any added features or security for an on-line forum where no credit card information or payments are transmitted between X Marks and our members.

    But yes, I will probably be forced to purchase an SSL certificate, in the near future, just to end the "not secure" being displayed and our members becoming concerned.
    Beyond the minor annoyance of newer browsers displaying warnings, the other reason you might consider installing a security certificate is to fully encrypt our login credentials. A lot of people will use the same password or two across many different platforms and non-encrypted traffic is fairly trivial to sniff and parse, which means cracking a password on one site can lead to a malicious actor being able to access many, if not all, other sites/services that person uses.

    Looking at the website's code, it is apparently doing an MD5 hash (encryption) of the password when you click the "Log in" button, which means the passwords at least aren't being sent as plain-text. However, while MD5 is not a directly reversible algorithm, its long history and known limitations/problems make it relatively easy to crack MD5-encrypted strings, especially on modern hardware which can calculate 10s-100s of millions of MD5 hashes per second.
    Last edited by TheGratefulNed; 5th April 19 at 02:21 PM.
    Verbing weirds language.

  9. #8
    EdinSteve is offline Registration terminated at the member's request
    Join Date
    3rd September 18
    Location
    Scotland
    Posts
    16
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I seem to remember this coming up a while ago and it is a salutary lesson for everyone not to use the same password across websites.

  10. #9
    Join Date
    24th September 04
    Location
    Victoria, BC Canada 48° 25' 47.31"N 123° 20' 4.59" W
    Posts
    4,337
    Mentioned
    18 Post(s)
    Tagged
    0 Thread(s)
    I'm sorry EdinSteve but this has nothing to do with passwords.
    Steve Ashton
    Forum Owner

  11. #10
    EdinSteve is offline Registration terminated at the member's request
    Join Date
    3rd September 18
    Location
    Scotland
    Posts
    16
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Steve Ashton View Post
    I'm sorry EdinSteve but this has nothing to do with passwords.
    I see that I get the "Not Secure" message. I take it then that there is no possibility of the site being hacked and passwords stolen so that is reassuring. Thanks Steve.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

» Log in

User Name:

Password:

Not a member yet?
Register Now!
Powered by vBadvanced CMPS v4.2.0