Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Insecure login via Firefox - RESOLVED

Code of conduct, suggestions, and information on forums.debian.net.
Post Reply
Message
Author
Debianaire
Posts: 2
Joined: 2017-11-19 11:25

Insecure login via Firefox - RESOLVED

#1 Post by Debianaire »

Hello Debian Forum Administrators,
I registered today only to find that my choice of login credentials was greeted by Firefox as being sent in an insecure way. Has this problem been recognised previously and/or is it necessarily something I should worry about?
Looking forward to my time on this board and so far I am liking very much what I see in Debian Stretch.
PS I note that the forum itself is not https and again is that something you maintainers should be concerned about?
Last edited by Debianaire on 2017-12-04 10:45, edited 1 time in total.

steve_v
df -h | grep > 20TiB
df -h | grep > 20TiB
Posts: 1395
Joined: 2012-10-06 05:31
Location: /dev/chair
Has thanked: 78 times
Been thanked: 173 times

Re: Insecure login via Firefox

#2 Post by steve_v »

Debianaire wrote:I registered today only to find that my choice of login credentials was greeted by Firefox as being sent in an insecure way.
You kinda answered your own question: Firefox has taken to whining if you login to anything that isn't running SSL.
Debianaire wrote:I note that the forum itself is not https, is that something you maintainers should be concerned about?
Meh. Don't reuse login credentials and the risk is negligible.
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.

User avatar
IzayoiFlandre
Posts: 35
Joined: 2017-11-19 13:44
Location: United Kingdom

Re: Insecure login via Firefox

#3 Post by IzayoiFlandre »

HTTP deprecation is silly and reinforces centralisation of the web due to having to pick a certified authority for the certificate. It's literally common sense to not have the same passwords everywhere you go and it's your fault if you get hacked and you happen to be.
IzayoiFlandre

Acer Aspire ES1-531-C0XK (Intel Celeron N3050 1.6Ghz, 4 GB RAM DDR3 L, Intel HD Graphics 6000) - Debian 9 Stretch (LXDE)
Compaq Mini CQ10-101SA (Intel Atom N270 1.6Ghz, 1 GB RAM DDR2 SD, Intel GMA 945) - Windows XP

User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: Insecure login via Firefox

#4 Post by debiman »

IzayoiFlandre wrote:HTTP deprecation is silly and reinforces centralisation of the web due to having to pick a certified authority for the certificate.
well said!
mind if i quote you?

User avatar
IzayoiFlandre
Posts: 35
Joined: 2017-11-19 13:44
Location: United Kingdom

Re: Insecure login via Firefox

#5 Post by IzayoiFlandre »

Thanks, I feel grateful, of course you can quote that ^-^
IzayoiFlandre

Acer Aspire ES1-531-C0XK (Intel Celeron N3050 1.6Ghz, 4 GB RAM DDR3 L, Intel HD Graphics 6000) - Debian 9 Stretch (LXDE)
Compaq Mini CQ10-101SA (Intel Atom N270 1.6Ghz, 1 GB RAM DDR2 SD, Intel GMA 945) - Windows XP

User avatar
stevepusser
Posts: 12930
Joined: 2009-10-06 05:53
Has thanked: 41 times
Been thanked: 71 times

Re: Insecure login via Firefox

#6 Post by stevepusser »

Unless someone has built up a lot of reputation here, then someone evil masquerades as them and gives out bad advice or links to repos containing malware.

Can't really think of anyone that could be at risk of that, though...
MX Linux packager and developer

User avatar
sunrat
Administrator
Administrator
Posts: 6382
Joined: 2006-08-29 09:12
Location: Melbourne, Australia
Has thanked: 115 times
Been thanked: 456 times

Re: Insecure login via Firefox

#7 Post by sunrat »

stevepusser wrote:Unless someone has built up a lot of reputation here, then someone evil masquerades as them and gives out bad advice or links to repos containing malware.

Can't really think of anyone that could be at risk of that, though...
There are enough people here already masquerading as experts when in reality they just search the web for answers to questions. It would be better to encourage questioners to do their own searches and help them to refine search terms properly.
Feed a man a fish and he eats for a day, teach a man to fish and he eats for a lifetime.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!

User avatar
IzayoiFlandre
Posts: 35
Joined: 2017-11-19 13:44
Location: United Kingdom

Re: Insecure login via Firefox

#8 Post by IzayoiFlandre »

I tend to post a problem then search online for help after posting it :P
I also don't try to masquerade as any kind of expert, I'm really a newbie to Linux and it will probably stay that way...
IzayoiFlandre

Acer Aspire ES1-531-C0XK (Intel Celeron N3050 1.6Ghz, 4 GB RAM DDR3 L, Intel HD Graphics 6000) - Debian 9 Stretch (LXDE)
Compaq Mini CQ10-101SA (Intel Atom N270 1.6Ghz, 1 GB RAM DDR2 SD, Intel GMA 945) - Windows XP

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: Insecure login via Firefox

#9 Post by GarryRicketson »

https://www.mywot.com/en/scorecard/forums.debian.net
No bad reports there.

And then, here is a example of a site that does use "https",
but I certainly would not trust the site:
https://www.mywot.com/en/scorecard/reviversoft.com
=================

And as far as this thing about people masquerading as experts, I don't know
who that might be. I have never claimed to be a expert, in fact in reverse
I usually admit I don't know the answer, but when I did a search I did find
a lot of results that look like they could be valid solutions.
We do have a lot of "super users", but the masks don't cover anything , it all comes out in the wash.
Besides , this topic has been discussed in several other similar topics,
every so often someone comes along and seems to think that starting
another topic on the same old subject will change something, but it won't.
=========================================
http://forums.debian.net/viewtopic.php?f=12&t=135067
===============
http://forums.debian.net/viewtopic.php?f=12&t=118960
=======================================
http://forums.debian.net/viewtopic.php?f=12&t=131345
( there is no real security issue)
http://forums.debian.net/viewtopic.php?f=12&t=122422
===================================
http://forums.debian.net/viewtopic.php?f=12&t=117758
================================
http://forums.debian.net/viewtopic.php?f=12&t=114433
==========================================
-------------- edited------------
This blog claims to be a expert, but then who knows really ? Not me, I am no expert, but I don't think https really makes any site more secure then other
http sites. I don't use FireFox any more, and don't have the problem with
the browser telling me a site is secure or not secure. My system is secure,
so I don't worry about it.
http://blog.privatewifi.com/ask-the-exp ... -we-think/
===============================
https://security.stackexchange.com/ques ... -or-unsafe

Debianaire
Posts: 2
Joined: 2017-11-19 11:25

Re: Insecure login via Firefox

#10 Post by Debianaire »

@GarryRicketson
Besides , this topic has been discussed in several other similar topics,
every so often someone comes along and seems to think that starting
another topic on the same old subject will change something, but it won't.
As a new forum member I did use the search button to see if something had already been posted. Put it down to unfamiliarity with this board but I didn't find anything that would suggest my post wasn't reasonable.
Anyway reading the various replies here suggests that a) the maintainers of the board don't see the need for HTTPS and b) consensus opinion appears to suggest there's nothing to worry about if it's not HTTPS.
So thank you one and all.

User avatar
Thorny
Posts: 542
Joined: 2011-02-27 13:40

Re: Insecure login via Firefox

#11 Post by Thorny »

IzayoiFlandre wrote:I tend to post a problem then search online for help after posting it :P
Since you are pretty new here and might not have looked at some of the stickies available, have a look at this post from a DUF admin.

"Please Read... What we expect you have already Done."
http://forums.debian.net/viewtopic.php?f=30&t=47078

User avatar
IzayoiFlandre
Posts: 35
Joined: 2017-11-19 13:44
Location: United Kingdom

Re: Insecure login via Firefox

#12 Post by IzayoiFlandre »

Normally I do search google and try things, annoyingly I tend to forget to read the man pages... :(
Thanks for that, though ^_^
IzayoiFlandre

Acer Aspire ES1-531-C0XK (Intel Celeron N3050 1.6Ghz, 4 GB RAM DDR3 L, Intel HD Graphics 6000) - Debian 9 Stretch (LXDE)
Compaq Mini CQ10-101SA (Intel Atom N270 1.6Ghz, 1 GB RAM DDR2 SD, Intel GMA 945) - Windows XP

User avatar
Lysander
Posts: 643
Joined: 2017-02-23 10:07
Location: London
Been thanked: 1 time

Re: Insecure login via Firefox

#13 Post by Lysander »

IzayoiFlandre wrote:Normally I do search google and try things, annoyingly I tend to forget to read the man pages... :(
Thanks for that, though ^_^
Indeed.

Step 1. Search the Debian Wiki
Step 2. Search Google
Step 3. Test, rinse, repeat
Step 4. Post in forum with what has been attempted.

User avatar
IzayoiFlandre
Posts: 35
Joined: 2017-11-19 13:44
Location: United Kingdom

Re: Insecure login via Firefox

#14 Post by IzayoiFlandre »

I always feel scared to try things tho because I don't wanna risk screwing up my system completely :(
IzayoiFlandre

Acer Aspire ES1-531-C0XK (Intel Celeron N3050 1.6Ghz, 4 GB RAM DDR3 L, Intel HD Graphics 6000) - Debian 9 Stretch (LXDE)
Compaq Mini CQ10-101SA (Intel Atom N270 1.6Ghz, 1 GB RAM DDR2 SD, Intel GMA 945) - Windows XP

duffy
Posts: 20
Joined: 2016-09-14 19:28

Re: Insecure login via Firefox

#15 Post by duffy »

I use Chromium because Firefox refuses secure connections to many websites. I could not find an option in the Firefox preferences that would perform the secure connection for every website I wanted to visit. Many sites were viewed in the past with Chromium in a secure fashion. Then I found the following:

https://www.eff.org/https-everywhere

This seems to be the answer to my problem. Maybe it will be a solution for you. I still prefer Chromium for other reasons.

User avatar
sunrat
Administrator
Administrator
Posts: 6382
Joined: 2006-08-29 09:12
Location: Melbourne, Australia
Has thanked: 115 times
Been thanked: 456 times

Re: Insecure login via Firefox

#16 Post by sunrat »

IzayoiFlandre wrote:I always feel scared to try things tho because I don't wanna risk screwing up my system completely :(
If you do a regular full system backup you won't be scared as you can restore the backup in a few minutes if something goes horribly wrong.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!

Lisa265
Posts: 1
Joined: 2018-12-15 08:28

Re: Insecure login via Firefox - RESOLVED

#17 Post by Lisa265 »

I tend to post a problem then search online for help after posting it

Post Reply