Insecure login via Firefox - RESOLVED

Have something to say about forums.debian.net itself?

Insecure login via Firefox - RESOLVED

Postby Debianaire » 2017-11-19 11:34

Hello Debian Forum Administrators,
I registered today only to find that my choice of login credentials was greeted by Firefox as being sent in an insecure way. Has this problem been recognised previously and/or is it necessarily something I should worry about?
Looking forward to my time on this board and so far I am liking very much what I see in Debian Stretch.
PS I note that the forum itself is not https and again is that something you maintainers should be concerned about?
Last edited by Debianaire on 2017-12-04 10:45, edited 1 time in total.
Debianaire
 
Posts: 2
Joined: 2017-11-19 11:25

Re: Insecure login via Firefox

Postby steve_v » 2017-11-19 13:13

Debianaire wrote:I registered today only to find that my choice of login credentials was greeted by Firefox as being sent in an insecure way.
You kinda answered your own question: Firefox has taken to whining if you login to anything that isn't running SSL.
Debianaire wrote:I note that the forum itself is not https, is that something you maintainers should be concerned about?
Meh. Don't reuse login credentials and the risk is negligible.
steve_v
 
Posts: 532
Joined: 2012-10-06 05:31
Location: New Zealand

Re: Insecure login via Firefox

Postby IzayoiFlandre » 2017-11-19 15:51

HTTP deprecation is silly and reinforces centralisation of the web due to having to pick a certified authority for the certificate. It's literally common sense to not have the same passwords everywhere you go and it's your fault if you get hacked and you happen to be.
IzayoiFlandre

Acer Aspire ES1-531-C0XK (Intel Celeron N3050 1.6Ghz, 4 GB RAM DDR3 L, Intel HD Graphics 6000) - Debian 9 Stretch (LXDE)
Compaq Mini CQ10-101SA (Intel Atom N270 1.6Ghz, 1 GB RAM DDR2 SD, Intel GMA 945) - Windows XP
User avatar
IzayoiFlandre
 
Posts: 35
Joined: 2017-11-19 13:44
Location: United Kingdom

Re: Insecure login via Firefox

Postby debiman » 2017-11-19 18:45

IzayoiFlandre wrote:HTTP deprecation is silly and reinforces centralisation of the web due to having to pick a certified authority for the certificate.

well said!
mind if i quote you?
User avatar
debiman
 
Posts: 1633
Joined: 2013-03-12 07:18

Re: Insecure login via Firefox

Postby IzayoiFlandre » 2017-11-19 18:57

Thanks, I feel grateful, of course you can quote that ^-^
IzayoiFlandre

Acer Aspire ES1-531-C0XK (Intel Celeron N3050 1.6Ghz, 4 GB RAM DDR3 L, Intel HD Graphics 6000) - Debian 9 Stretch (LXDE)
Compaq Mini CQ10-101SA (Intel Atom N270 1.6Ghz, 1 GB RAM DDR2 SD, Intel GMA 945) - Windows XP
User avatar
IzayoiFlandre
 
Posts: 35
Joined: 2017-11-19 13:44
Location: United Kingdom

Re: Insecure login via Firefox

Postby stevepusser » 2017-11-19 20:41

Unless someone has built up a lot of reputation here, then someone evil masquerades as them and gives out bad advice or links to repos containing malware.

Can't really think of anyone that could be at risk of that, though...
The MX Linux repositories: Backports galore! If we don't have something, just ask and we'll try--we like challenges. New packages: Krita 3.3.2.1, Pale Moon 27.6.2, Audacity 2.2.0, mpv 0.27.0, Corebird 1.7.1, Firefox 57.0.2, QMPlay2 17.12.12
User avatar
stevepusser
 
Posts: 8943
Joined: 2009-10-06 05:53

Re: Insecure login via Firefox

Postby sunrat » 2017-11-19 23:16

stevepusser wrote:Unless someone has built up a lot of reputation here, then someone evil masquerades as them and gives out bad advice or links to repos containing malware.

Can't really think of anyone that could be at risk of that, though...

There are enough people here already masquerading as experts when in reality they just search the web for answers to questions. It would be better to encourage questioners to do their own searches and help them to refine search terms properly.
Feed a man a fish and he eats for a day, teach a man to fish and he eats for a lifetime.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!
User avatar
sunrat
 
Posts: 2058
Joined: 2006-08-29 09:12
Location: Melbourne, Australia

Re: Insecure login via Firefox

Postby IzayoiFlandre » 2017-11-19 23:25

I tend to post a problem then search online for help after posting it :P
I also don't try to masquerade as any kind of expert, I'm really a newbie to Linux and it will probably stay that way...
IzayoiFlandre

Acer Aspire ES1-531-C0XK (Intel Celeron N3050 1.6Ghz, 4 GB RAM DDR3 L, Intel HD Graphics 6000) - Debian 9 Stretch (LXDE)
Compaq Mini CQ10-101SA (Intel Atom N270 1.6Ghz, 1 GB RAM DDR2 SD, Intel GMA 945) - Windows XP
User avatar
IzayoiFlandre
 
Posts: 35
Joined: 2017-11-19 13:44
Location: United Kingdom

Re: Insecure login via Firefox

Postby GarryRicketson » 2017-11-19 23:51

https://www.mywot.com/en/scorecard/forums.debian.net
No bad reports there.

And then, here is a example of a site that does use "https",
but I certainly would not trust the site:
https://www.mywot.com/en/scorecard/reviversoft.com
=================

And as far as this thing about people masquerading as experts, I don't know
who that might be. I have never claimed to be a expert, in fact in reverse
I usually admit I don't know the answer, but when I did a search I did find
a lot of results that look like they could be valid solutions.
We do have a lot of "super users", but the masks don't cover anything , it all comes out in the wash.
Besides , this topic has been discussed in several other similar topics,
every so often someone comes along and seems to think that starting
another topic on the same old subject will change something, but it won't.
=========================================
http://forums.debian.net/viewtopic.php?f=12&t=135067
===============
http://forums.debian.net/viewtopic.php?f=12&t=118960
=======================================
http://forums.debian.net/viewtopic.php?f=12&t=131345
( there is no real security issue)
http://forums.debian.net/viewtopic.php?f=12&t=122422
===================================
http://forums.debian.net/viewtopic.php?f=12&t=117758
================================
http://forums.debian.net/viewtopic.php?f=12&t=114433
==========================================
-------------- edited------------
This blog claims to be a expert, but then who knows really ? Not me, I am no expert, but I don't think https really makes any site more secure then other
http sites. I don't use FireFox any more, and don't have the problem with
the browser telling me a site is secure or not secure. My system is secure,
so I don't worry about it.
http://blog.privatewifi.com/ask-the-expert-are-secure-websites-really-as-secure-as-we-think/
===============================
https://security.stackexchange.com/questions/66355/can-an-https-site-be-malicious-or-unsafe
User avatar
GarryRicketson
 
Posts: 4477
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: Insecure login via Firefox

Postby Debianaire » 2017-11-20 11:05

@GarryRicketson
Besides , this topic has been discussed in several other similar topics,
every so often someone comes along and seems to think that starting
another topic on the same old subject will change something, but it won't.


As a new forum member I did use the search button to see if something had already been posted. Put it down to unfamiliarity with this board but I didn't find anything that would suggest my post wasn't reasonable.
Anyway reading the various replies here suggests that a) the maintainers of the board don't see the need for HTTPS and b) consensus opinion appears to suggest there's nothing to worry about if it's not HTTPS.
So thank you one and all.
Debianaire
 
Posts: 2
Joined: 2017-11-19 11:25

Re: Insecure login via Firefox

Postby Thorny » 2017-11-20 11:47

IzayoiFlandre wrote:I tend to post a problem then search online for help after posting it :P

Since you are pretty new here and might not have looked at some of the stickies available, have a look at this post from a DUF admin.

"Please Read... What we expect you have already Done."
viewtopic.php?f=30&t=47078
Thorny
 
Posts: 349
Joined: 2011-02-27 13:40

Re: Insecure login via Firefox

Postby IzayoiFlandre » 2017-11-20 12:01

Normally I do search google and try things, annoyingly I tend to forget to read the man pages... :(
Thanks for that, though ^_^
IzayoiFlandre

Acer Aspire ES1-531-C0XK (Intel Celeron N3050 1.6Ghz, 4 GB RAM DDR3 L, Intel HD Graphics 6000) - Debian 9 Stretch (LXDE)
Compaq Mini CQ10-101SA (Intel Atom N270 1.6Ghz, 1 GB RAM DDR2 SD, Intel GMA 945) - Windows XP
User avatar
IzayoiFlandre
 
Posts: 35
Joined: 2017-11-19 13:44
Location: United Kingdom

Re: Insecure login via Firefox

Postby Lysander » 2017-11-20 12:09

IzayoiFlandre wrote:Normally I do search google and try things, annoyingly I tend to forget to read the man pages... :(
Thanks for that, though ^_^


Indeed.

Step 1. Search the Debian Wiki
Step 2. Search Google
Step 3. Test, rinse, repeat
Step 4. Post in forum with what has been attempted.
User avatar
Lysander
 
Posts: 364
Joined: 2017-02-23 10:07
Location: London

Re: Insecure login via Firefox

Postby IzayoiFlandre » 2017-11-20 17:57

I always feel scared to try things tho because I don't wanna risk screwing up my system completely :(
IzayoiFlandre

Acer Aspire ES1-531-C0XK (Intel Celeron N3050 1.6Ghz, 4 GB RAM DDR3 L, Intel HD Graphics 6000) - Debian 9 Stretch (LXDE)
Compaq Mini CQ10-101SA (Intel Atom N270 1.6Ghz, 1 GB RAM DDR2 SD, Intel GMA 945) - Windows XP
User avatar
IzayoiFlandre
 
Posts: 35
Joined: 2017-11-19 13:44
Location: United Kingdom

Re: Insecure login via Firefox

Postby duffy » 2017-11-20 18:02

I use Chromium because Firefox refuses secure connections to many websites. I could not find an option in the Firefox preferences that would perform the secure connection for every website I wanted to visit. Many sites were viewed in the past with Chromium in a secure fashion. Then I found the following:

https://www.eff.org/https-everywhere

This seems to be the answer to my problem. Maybe it will be a solution for you. I still prefer Chromium for other reasons.
duffy
 
Posts: 9
Joined: 2016-09-14 19:28

Next

Return to Forum stuff & feedback

Who is online

Users browsing this forum: No registered users and 3 guests

fashionable