Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Insecure login via Firefox - RESOLVED
-
- Posts: 2
- Joined: 2017-11-19 11:25
Insecure login via Firefox - RESOLVED
Hello Debian Forum Administrators,
I registered today only to find that my choice of login credentials was greeted by Firefox as being sent in an insecure way. Has this problem been recognised previously and/or is it necessarily something I should worry about?
Looking forward to my time on this board and so far I am liking very much what I see in Debian Stretch.
PS I note that the forum itself is not https and again is that something you maintainers should be concerned about?
I registered today only to find that my choice of login credentials was greeted by Firefox as being sent in an insecure way. Has this problem been recognised previously and/or is it necessarily something I should worry about?
Looking forward to my time on this board and so far I am liking very much what I see in Debian Stretch.
PS I note that the forum itself is not https and again is that something you maintainers should be concerned about?
Last edited by Debianaire on 2017-12-04 10:45, edited 1 time in total.
-
- df -h | grep > 20TiB
- Posts: 1418
- Joined: 2012-10-06 05:31
- Location: /dev/chair
- Has thanked: 80 times
- Been thanked: 191 times
Re: Insecure login via Firefox
You kinda answered your own question: Firefox has taken to whining if you login to anything that isn't running SSL.Debianaire wrote:I registered today only to find that my choice of login credentials was greeted by Firefox as being sent in an insecure way.
Meh. Don't reuse login credentials and the risk is negligible.Debianaire wrote:I note that the forum itself is not https, is that something you maintainers should be concerned about?
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.
- IzayoiFlandre
- Posts: 35
- Joined: 2017-11-19 13:44
- Location: United Kingdom
Re: Insecure login via Firefox
HTTP deprecation is silly and reinforces centralisation of the web due to having to pick a certified authority for the certificate. It's literally common sense to not have the same passwords everywhere you go and it's your fault if you get hacked and you happen to be.
IzayoiFlandre
Acer Aspire ES1-531-C0XK (Intel Celeron N3050 1.6Ghz, 4 GB RAM DDR3 L, Intel HD Graphics 6000) - Debian 9 Stretch (LXDE)
Compaq Mini CQ10-101SA (Intel Atom N270 1.6Ghz, 1 GB RAM DDR2 SD, Intel GMA 945) - Windows XP
Acer Aspire ES1-531-C0XK (Intel Celeron N3050 1.6Ghz, 4 GB RAM DDR3 L, Intel HD Graphics 6000) - Debian 9 Stretch (LXDE)
Compaq Mini CQ10-101SA (Intel Atom N270 1.6Ghz, 1 GB RAM DDR2 SD, Intel GMA 945) - Windows XP
Re: Insecure login via Firefox
well said!IzayoiFlandre wrote:HTTP deprecation is silly and reinforces centralisation of the web due to having to pick a certified authority for the certificate.
mind if i quote you?
- IzayoiFlandre
- Posts: 35
- Joined: 2017-11-19 13:44
- Location: United Kingdom
Re: Insecure login via Firefox
Thanks, I feel grateful, of course you can quote that ^-^
IzayoiFlandre
Acer Aspire ES1-531-C0XK (Intel Celeron N3050 1.6Ghz, 4 GB RAM DDR3 L, Intel HD Graphics 6000) - Debian 9 Stretch (LXDE)
Compaq Mini CQ10-101SA (Intel Atom N270 1.6Ghz, 1 GB RAM DDR2 SD, Intel GMA 945) - Windows XP
Acer Aspire ES1-531-C0XK (Intel Celeron N3050 1.6Ghz, 4 GB RAM DDR3 L, Intel HD Graphics 6000) - Debian 9 Stretch (LXDE)
Compaq Mini CQ10-101SA (Intel Atom N270 1.6Ghz, 1 GB RAM DDR2 SD, Intel GMA 945) - Windows XP
- stevepusser
- Posts: 12930
- Joined: 2009-10-06 05:53
- Has thanked: 41 times
- Been thanked: 72 times
Re: Insecure login via Firefox
Unless someone has built up a lot of reputation here, then someone evil masquerades as them and gives out bad advice or links to repos containing malware.
Can't really think of anyone that could be at risk of that, though...
Can't really think of anyone that could be at risk of that, though...
MX Linux packager and developer
- sunrat
- Administrator
- Posts: 6494
- Joined: 2006-08-29 09:12
- Location: Melbourne, Australia
- Has thanked: 118 times
- Been thanked: 476 times
Re: Insecure login via Firefox
There are enough people here already masquerading as experts when in reality they just search the web for answers to questions. It would be better to encourage questioners to do their own searches and help them to refine search terms properly.stevepusser wrote:Unless someone has built up a lot of reputation here, then someone evil masquerades as them and gives out bad advice or links to repos containing malware.
Can't really think of anyone that could be at risk of that, though...
Feed a man a fish and he eats for a day, teach a man to fish and he eats for a lifetime.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!
- IzayoiFlandre
- Posts: 35
- Joined: 2017-11-19 13:44
- Location: United Kingdom
Re: Insecure login via Firefox
I tend to post a problem then search online for help after posting it
I also don't try to masquerade as any kind of expert, I'm really a newbie to Linux and it will probably stay that way...
I also don't try to masquerade as any kind of expert, I'm really a newbie to Linux and it will probably stay that way...
IzayoiFlandre
Acer Aspire ES1-531-C0XK (Intel Celeron N3050 1.6Ghz, 4 GB RAM DDR3 L, Intel HD Graphics 6000) - Debian 9 Stretch (LXDE)
Compaq Mini CQ10-101SA (Intel Atom N270 1.6Ghz, 1 GB RAM DDR2 SD, Intel GMA 945) - Windows XP
Acer Aspire ES1-531-C0XK (Intel Celeron N3050 1.6Ghz, 4 GB RAM DDR3 L, Intel HD Graphics 6000) - Debian 9 Stretch (LXDE)
Compaq Mini CQ10-101SA (Intel Atom N270 1.6Ghz, 1 GB RAM DDR2 SD, Intel GMA 945) - Windows XP
- GarryRicketson
- Posts: 5644
- Joined: 2015-01-20 22:16
- Location: Durango, Mexico
Re: Insecure login via Firefox
https://www.mywot.com/en/scorecard/forums.debian.net
No bad reports there.
And then, here is a example of a site that does use "https",
but I certainly would not trust the site:
https://www.mywot.com/en/scorecard/reviversoft.com
=================
And as far as this thing about people masquerading as experts, I don't know
who that might be. I have never claimed to be a expert, in fact in reverse
I usually admit I don't know the answer, but when I did a search I did find
a lot of results that look like they could be valid solutions.
We do have a lot of "super users", but the masks don't cover anything , it all comes out in the wash.
Besides , this topic has been discussed in several other similar topics,
every so often someone comes along and seems to think that starting
another topic on the same old subject will change something, but it won't.
=========================================
http://forums.debian.net/viewtopic.php?f=12&t=135067
===============
http://forums.debian.net/viewtopic.php?f=12&t=118960
=======================================
http://forums.debian.net/viewtopic.php?f=12&t=131345
( there is no real security issue)
http://forums.debian.net/viewtopic.php?f=12&t=122422
===================================
http://forums.debian.net/viewtopic.php?f=12&t=117758
================================
http://forums.debian.net/viewtopic.php?f=12&t=114433
==========================================
-------------- edited------------
This blog claims to be a expert, but then who knows really ? Not me, I am no expert, but I don't think https really makes any site more secure then other
http sites. I don't use FireFox any more, and don't have the problem with
the browser telling me a site is secure or not secure. My system is secure,
so I don't worry about it.
http://blog.privatewifi.com/ask-the-exp ... -we-think/
===============================
https://security.stackexchange.com/ques ... -or-unsafe
No bad reports there.
And then, here is a example of a site that does use "https",
but I certainly would not trust the site:
https://www.mywot.com/en/scorecard/reviversoft.com
=================
And as far as this thing about people masquerading as experts, I don't know
who that might be. I have never claimed to be a expert, in fact in reverse
I usually admit I don't know the answer, but when I did a search I did find
a lot of results that look like they could be valid solutions.
We do have a lot of "super users", but the masks don't cover anything , it all comes out in the wash.
Besides , this topic has been discussed in several other similar topics,
every so often someone comes along and seems to think that starting
another topic on the same old subject will change something, but it won't.
=========================================
http://forums.debian.net/viewtopic.php?f=12&t=135067
===============
http://forums.debian.net/viewtopic.php?f=12&t=118960
=======================================
http://forums.debian.net/viewtopic.php?f=12&t=131345
( there is no real security issue)
http://forums.debian.net/viewtopic.php?f=12&t=122422
===================================
http://forums.debian.net/viewtopic.php?f=12&t=117758
================================
http://forums.debian.net/viewtopic.php?f=12&t=114433
==========================================
-------------- edited------------
This blog claims to be a expert, but then who knows really ? Not me, I am no expert, but I don't think https really makes any site more secure then other
http sites. I don't use FireFox any more, and don't have the problem with
the browser telling me a site is secure or not secure. My system is secure,
so I don't worry about it.
http://blog.privatewifi.com/ask-the-exp ... -we-think/
===============================
https://security.stackexchange.com/ques ... -or-unsafe
-
- Posts: 2
- Joined: 2017-11-19 11:25
Re: Insecure login via Firefox
@GarryRicketson
Anyway reading the various replies here suggests that a) the maintainers of the board don't see the need for HTTPS and b) consensus opinion appears to suggest there's nothing to worry about if it's not HTTPS.
So thank you one and all.
As a new forum member I did use the search button to see if something had already been posted. Put it down to unfamiliarity with this board but I didn't find anything that would suggest my post wasn't reasonable.Besides , this topic has been discussed in several other similar topics,
every so often someone comes along and seems to think that starting
another topic on the same old subject will change something, but it won't.
Anyway reading the various replies here suggests that a) the maintainers of the board don't see the need for HTTPS and b) consensus opinion appears to suggest there's nothing to worry about if it's not HTTPS.
So thank you one and all.
Re: Insecure login via Firefox
Since you are pretty new here and might not have looked at some of the stickies available, have a look at this post from a DUF admin.IzayoiFlandre wrote:I tend to post a problem then search online for help after posting it
"Please Read... What we expect you have already Done."
http://forums.debian.net/viewtopic.php?f=30&t=47078
- IzayoiFlandre
- Posts: 35
- Joined: 2017-11-19 13:44
- Location: United Kingdom
Re: Insecure login via Firefox
Normally I do search google and try things, annoyingly I tend to forget to read the man pages...
Thanks for that, though ^_^
Thanks for that, though ^_^
IzayoiFlandre
Acer Aspire ES1-531-C0XK (Intel Celeron N3050 1.6Ghz, 4 GB RAM DDR3 L, Intel HD Graphics 6000) - Debian 9 Stretch (LXDE)
Compaq Mini CQ10-101SA (Intel Atom N270 1.6Ghz, 1 GB RAM DDR2 SD, Intel GMA 945) - Windows XP
Acer Aspire ES1-531-C0XK (Intel Celeron N3050 1.6Ghz, 4 GB RAM DDR3 L, Intel HD Graphics 6000) - Debian 9 Stretch (LXDE)
Compaq Mini CQ10-101SA (Intel Atom N270 1.6Ghz, 1 GB RAM DDR2 SD, Intel GMA 945) - Windows XP
Re: Insecure login via Firefox
Indeed.IzayoiFlandre wrote:Normally I do search google and try things, annoyingly I tend to forget to read the man pages...
Thanks for that, though ^_^
Step 1. Search the Debian Wiki
Step 2. Search Google
Step 3. Test, rinse, repeat
Step 4. Post in forum with what has been attempted.
- IzayoiFlandre
- Posts: 35
- Joined: 2017-11-19 13:44
- Location: United Kingdom
Re: Insecure login via Firefox
I always feel scared to try things tho because I don't wanna risk screwing up my system completely
IzayoiFlandre
Acer Aspire ES1-531-C0XK (Intel Celeron N3050 1.6Ghz, 4 GB RAM DDR3 L, Intel HD Graphics 6000) - Debian 9 Stretch (LXDE)
Compaq Mini CQ10-101SA (Intel Atom N270 1.6Ghz, 1 GB RAM DDR2 SD, Intel GMA 945) - Windows XP
Acer Aspire ES1-531-C0XK (Intel Celeron N3050 1.6Ghz, 4 GB RAM DDR3 L, Intel HD Graphics 6000) - Debian 9 Stretch (LXDE)
Compaq Mini CQ10-101SA (Intel Atom N270 1.6Ghz, 1 GB RAM DDR2 SD, Intel GMA 945) - Windows XP
Re: Insecure login via Firefox
I use Chromium because Firefox refuses secure connections to many websites. I could not find an option in the Firefox preferences that would perform the secure connection for every website I wanted to visit. Many sites were viewed in the past with Chromium in a secure fashion. Then I found the following:
https://www.eff.org/https-everywhere
This seems to be the answer to my problem. Maybe it will be a solution for you. I still prefer Chromium for other reasons.
https://www.eff.org/https-everywhere
This seems to be the answer to my problem. Maybe it will be a solution for you. I still prefer Chromium for other reasons.
- sunrat
- Administrator
- Posts: 6494
- Joined: 2006-08-29 09:12
- Location: Melbourne, Australia
- Has thanked: 118 times
- Been thanked: 476 times
Re: Insecure login via Firefox
If you do a regular full system backup you won't be scared as you can restore the backup in a few minutes if something goes horribly wrong.IzayoiFlandre wrote:I always feel scared to try things tho because I don't wanna risk screwing up my system completely
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!
Re: Insecure login via Firefox - RESOLVED
I tend to post a problem then search online for help after posting it