Page 3 of 3

Re: Use HTTPS

PostPosted: 2018-10-22 16:28
by needsch
It is unbelievable that this needs to be discussed in 2018...

The reasons given for not implementing HTTPS are ridiculous. The logic is completely flawed. Just because HTTPS does not provide 100% security and can be bypassed by exploiting security vulnerabilities in apps implementing or using it, does not at all mean that it doesn't add security at all.

"Only a Sith deals in absolutes."
Admin here = Sith? :lol:

Re: Use HTTPS

PostPosted: 2018-11-24 09:32
by sallybrown
needsch wrote:It is unbelievable that this needs to be discussed in 2018...

The reasons given for not implementing HTTPS are ridiculous. The logic is completely flawed. Just because HTTPS does not provide 100% security and can be bypassed by exploiting security vulnerabilities in apps implementing or using it, does not at all mean that it doesn't add security at all.


I don't suppose you would care at all, but I use an old computer and an old browser. Adding https to this site would lock me out of using it (as my browser will not recognize the certificate). The same has happened with numerous other sites already. I can no longer use those sites. I cannot update my browser (because mozilla says my OS is "deprecated"). I cannot update my OS (because microsoft and linux both say my computer is "deprecated"). I cannot buy a new computer because I have no money (I guess I'm "deprecated").

Not everyone in the world is rich enough to buy whatever they're told to whenever large corporations decide to boost their profits by "deprecating" all the stuff that would otherwise still work just fine.

I'm just pointing it out, that's all.

Re: Use HTTPS

PostPosted: 2018-11-24 10:08
by Head_on_a_Stick
sallybrown wrote:I cannot update my OS (because microsoft and linux both say my computer is "deprecated").

Have you tried OpenBSD? They support much older machines than Linux and the resource usage is significantly lower as well.

In respect of https:

http://n-gate.com/software/2017/07/12/0/

^ I'm with that guy :D

Re: Use HTTPS

PostPosted: 2018-11-24 17:00
by sallybrown
Head_on_a_Stick wrote:In respect of https:

http://n-gate.com/software/2017/07/12/0/

^ I'm with that guy :D


It took me a while to work out if that page (and therefore you) were for or against https, mostly because I have no idea what a "block quote" is and because, laughably, when I go to the site that it links to (https://doesmysiteneedhttps.com/), I get "An error occurred during a connection to doesmysiteneedhttps.com. Cannot communicate securely with peer: no common encryption algorithm(s)." Perhaps that only seems laughable to me though.

Head_on_a_Stick wrote:
sallybrown wrote:I cannot update my OS (because microsoft and linux both say my computer is "deprecated").

Have you tried OpenBSD? They support much older machines than Linux and the resource usage is significantly lower as well.


I tried that once and didn't like it. It reminds me of the terminals we had to use when I made the mistake of doing a university degree. Perhaps I should add to "I cannot update my OS", that "I don't want to update my OS". I'm perfectly happy with XP and I don't really care how safe/unsafe anyone else thinks it is. I've never had a virus in 20 years of using it, and I've never run an antivirus either. I have a firewall and a HIPS system. The only time either have ever flagged anything was when I purposefully ran that sample virus whatnot (the one that all antivirus programs recognize as a virus, and that's used to test if your antivirus is working).

Re: Use HTTPS

PostPosted: 2018-11-24 17:22
by Head_on_a_Stick
sallybrown wrote:when I go to the site that it links to (https://doesmysiteneedhttps.com/), I get "An error occurred during a connection to doesmysiteneedhttps.com. Cannot communicate securely with peer: no common encryption algorithm(s)." Perhaps that only seems laughable to me though.

No, that is funny :D

n-gate.com is utterly brilliant but the author is rather scathing (which I find entertaining).

sallybrown wrote:I'm perfectly happy with XP

Fair play to you, I loved Win XP, it was ace.

Re: Use HTTPS

PostPosted: 2019-01-01 22:59
by pcalvert
It's a good idea for websites that people need to log into to use, or ones that have web forms for entering personal information. But I don't understand the push to make every website use SSL.

Phil

Re: Use HTTPS

PostPosted: 2019-01-02 15:04
by None1975
pcalvert wrote: But I don't understand the push to make every website use SSL.Phil

Maybe it is more secure? HTTP protocol is built on top of TCP. TCP guarantees that the data will be delivered, or it is impossible to deliver (target not reachable, etc.). You open a TCP connection and send HTTP messages through it. But TCP does not guarantee any level of security. Therefore an intermediate layer named SSL is put between TCP and HTTP and you get the so called HTTPS. This way of working is called tunneling – you dump data into one end of (SSL) tunnel and collect it at the other one. SSL gets HTTP messages, encrypts them, sends them over TCP and decrypts them again at the other end. Encryption protects you from eavesdropping and transparent MITM attack (altering the messages). But SSL does not only provide encryption, it also provides authentication. Server must have a certificate signed by a well known certification authority (CA) that proves its identity. Without authentication, encryption is useless as MITM attack is still possible. The attacker could trick you into thinking that he is the server you want to connect to. Private chat with the devil is not what you want, you want to verify that the server you are connecting to really is the one you want to connect to. Authentication protects you from MITM.

More readings here.