Jump to content
Special Upgrade 4 Tech Tips

Connection Not Secure

user1000
 Share

Recommended Posts

  • user1000 changed the title to Connection Not Secure
Lethaface Senior Member

Lethaface

Posted
Posted
23 hours ago, user1000 said:

My browser is telling me connection is not secure when clicking lock on https://www.battlefront.com/

😬

just wanted to report that....

What browser / version you use? I'm on latest chrome (Version 89.0.4389.72), all fine here.

What does it say exactly? 'Insecure' usually means that your browser doesn't trust the certificate. However the certificate is valid and issue by a regular CA (Certificate Authority).

0
Link to comment
Share on other sites
chuckdyke Senior Member

chuckdyke

Posted
Posted
19 hours ago, Vacilllator said:

Firefox tells me parts of the BFC site are not secure.  As long as those parts aren't accounts / payment then it maybe isn't so much of a problem.  Good to to bring up the issue though, and I'm sure @BFCElvis will put our minds at rest.

True if you scan over the warning it says, "don't share personal details." Once you sign in it goes. 

0
Link to comment
Share on other sites
Thewood1 Senior Member

Thewood1

Posted
Posted (edited)

This has been like this at least since the rebuild and been talked about a couple times.  I think the consensus is its not that big of a deal if its just on the general website pages.  The payment transactions still go through a secure server.  Theoretically, someone could load malware onto your system through the display and download into cache of images, but the likelihood and danger of it happening is pretty negligible. 

Edited by Thewood1
0
Link to comment
Share on other sites
Lethaface Senior Member

Lethaface

Posted
Posted (edited)
20 hours ago, Thewood1 said:

This has been like this at least since the rebuild and been talked about a couple times. 

AFAIK the issue before was that the forum didn't have a certificate at all; nowadays that's enough for an 'insecure' notice.

20 hours ago, Thewood1 said:

This has been like this at least since the rebuild and been talked about a couple times.  I think the consensus is its not that big of a deal if its just on the general website pages.  The payment transactions still go through a secure server.  Theoretically, someone could load malware onto your system through the display and download into cache of images, but the likelihood and danger of it happening is pretty negligible. 

It's indeed rather negligible. However what you say isn't fully correct, someone couldn't load malware onto your system because BF host an image over http. This message usually just means that there is an inline image linked in the website, which isn't served through HTTPS but HTTP. 

The only directly tangible implication of this is that where someone sniffing your traffic to battlefront.com, they can see that you're browser has downloaded that image including the image file in 'plain text', while the other request/response's is encrypted (there is often more than one HTTP(S) call per 'webpage').

In some usecases that can be a problem, but for the average user visit to battlefront the only thing it exposes that they've downloaded the Battlefront logo or something.

Edited by Lethaface
0
Link to comment
Share on other sites
Lethaface Senior Member

Lethaface

Posted
Posted
22 hours ago, IanL said:

Interesting the BFC website's home page shows this on FF:

image.png.d94eb8f247c3095ae0cf1afd1d40e33d.png

 

None of the other pages show that warning. @BFCElvis feels like either something on the home page is confusing FF (if Chrome has things right) or there is an image not hosted by https somewhere on that page that has been missed.

 

I checked chrome dev tools (F12), and I see chrome autofixed the 'issue':

"Mixed Content: The page at 'https://battlefront.com/' was loaded over HTTPS, but requested an insecure element 'http://www.battlefront.com/content/images/home/21-02-16-1.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html"

@BFCElvis fyi.

0
Link to comment
Share on other sites
Thewood1 Senior Member

Thewood1

Posted
Posted
1 hour ago, Lethaface said:

However what you say isn't fully correct, someone couldn't load malware onto your system because BF host an image over http

That's different in how it used to be.  And I am remembering from XP/7.  When you loaded an image on a website, some websites loaded into the cache/temp on your machine.  Hence why you had to clear temp folder in IE a lot.  It was a recognized vulnerability that IE and Windows fixed over 10 years ago.  I'm not familiar enough with Chrome to know anything of how it works.

0
Link to comment
Share on other sites
Lethaface Senior Member

Lethaface

Posted
Posted (edited)
3 hours ago, Thewood1 said:

That's different in how it used to be.  And I am remembering from XP/7.  When you loaded an image on a website, some websites loaded into the cache/temp on your machine.  Hence why you had to clear temp folder in IE a lot.  It was a recognized vulnerability that IE and Windows fixed over 10 years ago.  I'm not familiar enough with Chrome to know anything of how it works.

No, you're mixing things up. Visiting websites will always have you downloading images, whether these get stored in a temporary directory or not isn't really relevant. The issue is more that malicious sites might host malicious images, with nasty stuff hidden in it. Which is why it's still not wise to go clicking around on suspect websites. However, indeed, OS and browsers have improved security wise so that it's more difficult to execute the malicious files with the required permissions to actually cause harm. But, having a website load a .png over HTTP instead of HTTPS will never in istelf be the security risk which you talk about; there needs to be malicious code in it, so BFC's website would have need to be compromised before they'd load malicious images. Also your computer would need to actually execute the files in order for the malicious code to be activated.

Anyway good weekend.

 

Edited by Lethaface
1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...