user1000 Posted March 4, 2021 Share Posted March 4, 2021 (edited) My browser is telling me connection is not secure when clicking lock on https://www.battlefront.com/ just wanted to report that.... Edited March 4, 2021 by user1000 0 Quote Link to comment Share on other sites More sharing options...
BornGinger Posted March 4, 2021 Share Posted March 4, 2021 Could it be that you are trying this in a hospital? Earlier in the year when I tried to go to this forum and to the battlefront.com website from work I wasn't allowed. But know when the hospital is using the citiy's wifi I can go on to these websites. 0 Quote Link to comment Share on other sites More sharing options...
Vacillator Posted March 4, 2021 Share Posted March 4, 2021 Firefox tells me parts of the BFC site are not secure. As long as those parts aren't accounts / payment then it maybe isn't so much of a problem. Good to to bring up the issue though, and I'm sure @BFCElvis will put our minds at rest. 1 Quote Link to comment Share on other sites More sharing options...
user1000 Posted March 4, 2021 Author Share Posted March 4, 2021 (edited) All jokes aside - haha no, it has nothing to do with a hospital line. Rarely are sites insecure anymore... Edited March 4, 2021 by user1000 0 Quote Link to comment Share on other sites More sharing options...
Lethaface Posted March 5, 2021 Share Posted March 5, 2021 23 hours ago, user1000 said: My browser is telling me connection is not secure when clicking lock on https://www.battlefront.com/ just wanted to report that.... What browser / version you use? I'm on latest chrome (Version 89.0.4389.72), all fine here. What does it say exactly? 'Insecure' usually means that your browser doesn't trust the certificate. However the certificate is valid and issue by a regular CA (Certificate Authority). 0 Quote Link to comment Share on other sites More sharing options...
A Canadian Cat Posted March 5, 2021 Share Posted March 5, 2021 Interesting the BFC website's home page shows this on FF: Â None of the other pages show that warning. @BFCElvis feels like either something on the home page is confusing FF (if Chrome has things right) or there is an image not hosted by https somewhere on that page that has been missed. 1 Quote Link to comment Share on other sites More sharing options...
chuckdyke Posted March 5, 2021 Share Posted March 5, 2021 19 hours ago, Vacilllator said: Firefox tells me parts of the BFC site are not secure. As long as those parts aren't accounts / payment then it maybe isn't so much of a problem. Good to to bring up the issue though, and I'm sure @BFCElvis will put our minds at rest. True if you scan over the warning it says, "don't share personal details." Once you sign in it goes. 0 Quote Link to comment Share on other sites More sharing options...
Thewood1 Posted March 5, 2021 Share Posted March 5, 2021 (edited) This has been like this at least since the rebuild and been talked about a couple times. I think the consensus is its not that big of a deal if its just on the general website pages. The payment transactions still go through a secure server. Theoretically, someone could load malware onto your system through the display and download into cache of images, but the likelihood and danger of it happening is pretty negligible. Edited March 5, 2021 by Thewood1 0 Quote Link to comment Share on other sites More sharing options...
Lethaface Posted March 6, 2021 Share Posted March 6, 2021 (edited) 20 hours ago, Thewood1 said: This has been like this at least since the rebuild and been talked about a couple times. AFAIK the issue before was that the forum didn't have a certificate at all; nowadays that's enough for an 'insecure' notice. 20 hours ago, Thewood1 said: This has been like this at least since the rebuild and been talked about a couple times. I think the consensus is its not that big of a deal if its just on the general website pages. The payment transactions still go through a secure server. Theoretically, someone could load malware onto your system through the display and download into cache of images, but the likelihood and danger of it happening is pretty negligible. It's indeed rather negligible. However what you say isn't fully correct, someone couldn't load malware onto your system because BF host an image over http. This message usually just means that there is an inline image linked in the website, which isn't served through HTTPS but HTTP. The only directly tangible implication of this is that where someone sniffing your traffic to battlefront.com, they can see that you're browser has downloaded that image including the image file in 'plain text', while the other request/response's is encrypted (there is often more than one HTTP(S) call per 'webpage'). In some usecases that can be a problem, but for the average user visit to battlefront the only thing it exposes that they've downloaded the Battlefront logo or something. Edited March 6, 2021 by Lethaface 0 Quote Link to comment Share on other sites More sharing options...
Lethaface Posted March 6, 2021 Share Posted March 6, 2021 22 hours ago, IanL said: Interesting the BFC website's home page shows this on FF: Â None of the other pages show that warning. @BFCElvis feels like either something on the home page is confusing FF (if Chrome has things right) or there is an image not hosted by https somewhere on that page that has been missed. Â I checked chrome dev tools (F12), and I see chrome autofixed the 'issue': "Mixed Content: The page at 'https://battlefront.com/' was loaded over HTTPS, but requested an insecure element 'http://www.battlefront.com/content/images/home/21-02-16-1.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html" @BFCElvis fyi. 0 Quote Link to comment Share on other sites More sharing options...
Thewood1 Posted March 6, 2021 Share Posted March 6, 2021 1 hour ago, Lethaface said: However what you say isn't fully correct, someone couldn't load malware onto your system because BF host an image over http That's different in how it used to be. And I am remembering from XP/7. When you loaded an image on a website, some websites loaded into the cache/temp on your machine. Hence why you had to clear temp folder in IE a lot.  It was a recognized vulnerability that IE and Windows fixed over 10 years ago. I'm not familiar enough with Chrome to know anything of how it works. 0 Quote Link to comment Share on other sites More sharing options...
Lethaface Posted March 6, 2021 Share Posted March 6, 2021 (edited) 3 hours ago, Thewood1 said: That's different in how it used to be. And I am remembering from XP/7. When you loaded an image on a website, some websites loaded into the cache/temp on your machine. Hence why you had to clear temp folder in IE a lot.  It was a recognized vulnerability that IE and Windows fixed over 10 years ago. I'm not familiar enough with Chrome to know anything of how it works. No, you're mixing things up. Visiting websites will always have you downloading images, whether these get stored in a temporary directory or not isn't really relevant. The issue is more that malicious sites might host malicious images, with nasty stuff hidden in it. Which is why it's still not wise to go clicking around on suspect websites. However, indeed, OS and browsers have improved security wise so that it's more difficult to execute the malicious files with the required permissions to actually cause harm. But, having a website load a .png over HTTP instead of HTTPS will never in istelf be the security risk which you talk about; there needs to be malicious code in it, so BFC's website would have need to be compromised before they'd load malicious images. Also your computer would need to actually execute the files in order for the malicious code to be activated. Anyway good weekend.  Edited March 6, 2021 by Lethaface 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.