Page 1 of 2

Insecure login via Firefox - RESOLVED

PostPosted: 2017-11-19 11:34
by Debianaire
Hello Debian Forum Administrators,
I registered today only to find that my choice of login credentials was greeted by Firefox as being sent in an insecure way. Has this problem been recognised previously and/or is it necessarily something I should worry about?
Looking forward to my time on this board and so far I am liking very much what I see in Debian Stretch.
PS I note that the forum itself is not https and again is that something you maintainers should be concerned about?

Re: Insecure login via Firefox

PostPosted: 2017-11-19 13:13
by steve_v
Debianaire wrote:I registered today only to find that my choice of login credentials was greeted by Firefox as being sent in an insecure way.
You kinda answered your own question: Firefox has taken to whining if you login to anything that isn't running SSL.
Debianaire wrote:I note that the forum itself is not https, is that something you maintainers should be concerned about?
Meh. Don't reuse login credentials and the risk is negligible.

Re: Insecure login via Firefox

PostPosted: 2017-11-19 15:51
by IzayoiFlandre
HTTP deprecation is silly and reinforces centralisation of the web due to having to pick a certified authority for the certificate. It's literally common sense to not have the same passwords everywhere you go and it's your fault if you get hacked and you happen to be.

Re: Insecure login via Firefox

PostPosted: 2017-11-19 18:45
by debiman
IzayoiFlandre wrote:HTTP deprecation is silly and reinforces centralisation of the web due to having to pick a certified authority for the certificate.

well said!
mind if i quote you?

Re: Insecure login via Firefox

PostPosted: 2017-11-19 18:57
by IzayoiFlandre
Thanks, I feel grateful, of course you can quote that ^-^

Re: Insecure login via Firefox

PostPosted: 2017-11-19 20:41
by stevepusser
Unless someone has built up a lot of reputation here, then someone evil masquerades as them and gives out bad advice or links to repos containing malware.

Can't really think of anyone that could be at risk of that, though...

Re: Insecure login via Firefox

PostPosted: 2017-11-19 23:16
by sunrat
stevepusser wrote:Unless someone has built up a lot of reputation here, then someone evil masquerades as them and gives out bad advice or links to repos containing malware.

Can't really think of anyone that could be at risk of that, though...

There are enough people here already masquerading as experts when in reality they just search the web for answers to questions. It would be better to encourage questioners to do their own searches and help them to refine search terms properly.
Feed a man a fish and he eats for a day, teach a man to fish and he eats for a lifetime.

Re: Insecure login via Firefox

PostPosted: 2017-11-19 23:25
by IzayoiFlandre
I tend to post a problem then search online for help after posting it :P
I also don't try to masquerade as any kind of expert, I'm really a newbie to Linux and it will probably stay that way...

Re: Insecure login via Firefox

PostPosted: 2017-11-19 23:51
by GarryRicketson
https://www.mywot.com/en/scorecard/forums.debian.net
No bad reports there.

And then, here is a example of a site that does use "https",
but I certainly would not trust the site:
https://www.mywot.com/en/scorecard/reviversoft.com
=================

And as far as this thing about people masquerading as experts, I don't know
who that might be. I have never claimed to be a expert, in fact in reverse
I usually admit I don't know the answer, but when I did a search I did find
a lot of results that look like they could be valid solutions.
We do have a lot of "super users", but the masks don't cover anything , it all comes out in the wash.
Besides , this topic has been discussed in several other similar topics,
every so often someone comes along and seems to think that starting
another topic on the same old subject will change something, but it won't.
=========================================
http://forums.debian.net/viewtopic.php?f=12&t=135067
===============
http://forums.debian.net/viewtopic.php?f=12&t=118960
=======================================
http://forums.debian.net/viewtopic.php?f=12&t=131345
( there is no real security issue)
http://forums.debian.net/viewtopic.php?f=12&t=122422
===================================
http://forums.debian.net/viewtopic.php?f=12&t=117758
================================
http://forums.debian.net/viewtopic.php?f=12&t=114433
==========================================
-------------- edited------------
This blog claims to be a expert, but then who knows really ? Not me, I am no expert, but I don't think https really makes any site more secure then other
http sites. I don't use FireFox any more, and don't have the problem with
the browser telling me a site is secure or not secure. My system is secure,
so I don't worry about it.
http://blog.privatewifi.com/ask-the-expert-are-secure-websites-really-as-secure-as-we-think/
===============================
https://security.stackexchange.com/questions/66355/can-an-https-site-be-malicious-or-unsafe

Re: Insecure login via Firefox

PostPosted: 2017-11-20 11:05
by Debianaire
@GarryRicketson
Besides , this topic has been discussed in several other similar topics,
every so often someone comes along and seems to think that starting
another topic on the same old subject will change something, but it won't.


As a new forum member I did use the search button to see if something had already been posted. Put it down to unfamiliarity with this board but I didn't find anything that would suggest my post wasn't reasonable.
Anyway reading the various replies here suggests that a) the maintainers of the board don't see the need for HTTPS and b) consensus opinion appears to suggest there's nothing to worry about if it's not HTTPS.
So thank you one and all.

Re: Insecure login via Firefox

PostPosted: 2017-11-20 11:47
by Thorny
IzayoiFlandre wrote:I tend to post a problem then search online for help after posting it :P

Since you are pretty new here and might not have looked at some of the stickies available, have a look at this post from a DUF admin.

"Please Read... What we expect you have already Done."
viewtopic.php?f=30&t=47078

Re: Insecure login via Firefox

PostPosted: 2017-11-20 12:01
by IzayoiFlandre
Normally I do search google and try things, annoyingly I tend to forget to read the man pages... :(
Thanks for that, though ^_^

Re: Insecure login via Firefox

PostPosted: 2017-11-20 12:09
by Lysander
IzayoiFlandre wrote:Normally I do search google and try things, annoyingly I tend to forget to read the man pages... :(
Thanks for that, though ^_^


Indeed.

Step 1. Search the Debian Wiki
Step 2. Search Google
Step 3. Test, rinse, repeat
Step 4. Post in forum with what has been attempted.

Re: Insecure login via Firefox

PostPosted: 2017-11-20 17:57
by IzayoiFlandre
I always feel scared to try things tho because I don't wanna risk screwing up my system completely :(

Re: Insecure login via Firefox

PostPosted: 2017-11-20 18:02
by duffy
I use Chromium because Firefox refuses secure connections to many websites. I could not find an option in the Firefox preferences that would perform the secure connection for every website I wanted to visit. Many sites were viewed in the past with Chromium in a secure fashion. Then I found the following:

https://www.eff.org/https-everywhere

This seems to be the answer to my problem. Maybe it will be a solution for you. I still prefer Chromium for other reasons.