Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: Not secure

  1. #11
    Senior Member JoeT's Avatar
    Join Date
    Jan 2015
    I am
    Joe T
    Last Online
    04-21-2022
    Preferred Radio
    Futaba, FrSKY

    Posts
    879

    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Thumbs Up
    Received: 77
    Given: 74
    Feedback Score
    0

    0 Not allowed!

    Re: Not secure

    Quote Originally Posted by Daren71 View Post
    I've been getting a "not secure" message in the address bar for awhile now.

    All other sites I visit, this message isn't there. I'm using Chrome, on Win10, if that's any help.

    Thanks, Daren
    The main reason for this is almost all websites / forums have gone to Secure HTTP also shows as https to transmit or broadcast information. This site still uses the old non-certificate http. Any site that does not use https is marked as "Not Secure" to let you know. Not using HTTPS increases the risk of DB injections, host injections, hacking, interceptions, passive listening etc. etc. to capture information from this site. This site can also be used as a relay host to plant malicious applets aka malware. Not saying it's doing it, but the potential increases by not using secure sockets layer or TLS (https).

    You may think that it's ok, since there's nothing on this site that's sensitive. As a relay host, this site can silently place code on your home computer, something as simple as a key logger.

    Instead of HyperText Transfer Protocol Secure (HTTPS), this website uses HyperText Transfer Protocol (HTTP).
    Using HTTPS, the computers agree on a "code" between them, and then they scramble the messages using that "code" so that no one in between can read them. This keeps your information safe from hackers. They use the "code" on a Secure Sockets Layer (SSL), sometimes called Transport Layer Security (TLS) to send the information back and forth.

    Hope this helps clarify.
    Last edited by JoeT; 10-21-2018 at 09:10 AM.

  2. #12
    Senior Member Machzx's Avatar
    Join Date
    Jan 2015
    I am
    Ed
    Last Online
    04-18-2020
    Location
    Sutton
    Preferred Radio
    Futaba 18mz

    Posts
    4,055

    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Thumbs Up
    Received: 525
    Given: 511
    Feedback Score
    0

    0 Not allowed!

    Re: Not secure

    That explains the weird email that says it has my password
    It’s only for this site
    only to ways I like to drink !!
    By myself or with somebody!!
    miss you son always

  3. #13
    Senior Member JoeT's Avatar
    Join Date
    Jan 2015
    I am
    Joe T
    Last Online
    04-21-2022
    Preferred Radio
    Futaba, FrSKY

    Posts
    879

    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Thumbs Up
    Received: 77
    Given: 74
    Feedback Score
    0

    0 Not allowed!

    Re: Not secure

    The weird email that threatens to expose what they recorded from your camera.

    Hahahah it's a scam, obviously. Hahah

  4. #14
    Senior Member Machzx's Avatar
    Join Date
    Jan 2015
    I am
    Ed
    Last Online
    04-18-2020
    Location
    Sutton
    Preferred Radio
    Futaba 18mz

    Posts
    4,055

    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Thumbs Up
    Received: 525
    Given: 511
    Feedback Score
    0

    0 Not allowed!

    Re: Not secure

    Quote Originally Posted by JoeT View Post
    The weird email that threatens to expose what they recorded from your camera.

    Hahahah it's a scam, obviously. Hahah
    Yup lol
    I was going to send them money too

  5. #15
    Senior Member Daren71's Avatar
    Join Date
    Apr 2015
    I am
    Daren
    Last Online
    03-16-2022
    Location
    Mississauga, ON
    Preferred Radio
    Spektrum

    Posts
    162

    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Thumbs Up
    Received: 19
    Given: 179
    Feedback Score
    0

    0 Not allowed!

    Re: Not secure

    Quote Originally Posted by JoeT View Post
    The main reason for this is almost all websites / forums have gone to Secure HTTP also shows as https to transmit or broadcast information. This site still uses the old non-certificate http. Any site that does not use https is marked as "Not Secure" to let you know. Not using HTTPS increases the risk of DB injections, host injections, hacking, interceptions, passive listening etc. etc. to capture information from this site. This site can also be used as a relay host to plant malicious applets aka malware. Not saying it's doing it, but the potential increases by not using secure sockets layer or TLS (https).

    You may think that it's ok, since there's nothing on this site that's sensitive. As a relay host, this site can silently place code on your home computer, something as simple as a key logger.

    Instead of HyperText Transfer Protocol Secure (HTTPS), this website uses HyperText Transfer Protocol (HTTP).
    Using HTTPS, the computers agree on a "code" between them, and then they scramble the messages using that "code" so that no one in between can read them. This keeps your information safe from hackers. They use the "code" on a Secure Sockets Layer (SSL), sometimes called Transport Layer Security (TLS) to send the information back and forth.

    Hope this helps clarify.
    Thanks Joe. I was pretty sure it was a certificate issue, that probably hasn’t been renewed. I’m kinda surprised no admin has responded to this yet.

    Daren

  6. #16
    Senior Member RCC_Admin's Avatar
    Join Date
    Jan 2015
    I am
    Kirk
    Last Online
    Location
    Canada
    Preferred Radio
    Futaba/Jeti

    Posts
    921

    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Thumbs Up
    Received: 61
    Given: 180
    Feedback Score
    0

    0 Not allowed!

    Re: Not secure

    RCCanucks has never been a "secure" (or HTTPS) website.

    The risks of some form of an "attack" through the current RCCanucks setup (non-HTTPS) is extremely low (or at least not much more than a typical HTTPS (TLS) setup).

    Most other forum sites install a certificate and an HTTPS setup because most other forum sites are driven by ad placement and sales using services like Google, etc. These services show ads constantly throughout the forum (top, bottom, in between posts, main page, etc). This content is served up via the service (Google or whatever) and usually is catered to the individual user (based on what the service knows about the user: past websites visited, ads clicked, etc - the website will identify you using cookies or data (Deep Google data).) Since the forum doesn't have control over this content, they never know what they will get, so a secure HTTPS site is beneficial to make sure that the links supplied by the ads are who they say they are, and not redirected to some sort of dangerous website.

    In RCCanucks case, we do use Google to deliver the ads (only ads on the site are at the top of the page) and track stats on the ads (so our advertisers know what they are getting for their cash: how many views, how many clicks, etc.). But the big difference is that we don't allow Google to place just any ad (or try to match a user to specific ad content. Google doesn't know who they served the ad to, just that it was served.) We just allow Google to randomly show one of the several banners (that we have hand loaded and verified from one of our sponsors) on the top of the main page.

    If we were smart, we would probably change the model so that it used the ad model that 99% of all forum sites are using and generate some extra cash. But we don't like ads spilling all over the place, so we will keep it the way it is for as long as we can.

    From a "bad link" perspective, yes a user could post a link that leads to a dangerous website on any post. HTTPS would not altogether stop this problem. Most modern day malicious websites will be secured in some way (or at least lead you down a garden path). So clicking on them will have the same result regardless if the website was secure or not. This sort of scenario usually occurs by "guest" posts or "rogue" users.

    RCCanucks doesn't allow "guest" users, and we have minimized "rogue" users by having an account verification step (some spam users still get through, but we try to delete them ASAP).

    We may install a certificate in the future, but we have no immediate plans to do so.

    Best thing to do is to install a solid anti-virus/anti-malware application and keep it updated. This is your best defense against the dangerous internet.

    RCCanucks.com
    Welcome to RCCanucks.
    1 - Register here
    2 - Introduce yourself here
    3 - Select or upload an avatar!
    4 - Check out the attachment gallery

  7. #17
    Senior Member Daren71's Avatar
    Join Date
    Apr 2015
    I am
    Daren
    Last Online
    03-16-2022
    Location
    Mississauga, ON
    Preferred Radio
    Spektrum

    Posts
    162

    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Thumbs Up
    Received: 19
    Given: 179
    Feedback Score
    0

    0 Not allowed!

    Re: Not secure

    Quote Originally Posted by RCC_Admin View Post
    RCCanucks has never been a "secure" (or HTTPS) website.

    The risks of some form of an "attack" through the current RCCanucks setup (non-HTTPS) is extremely low (or at least not much more than a typical HTTPS (TLS) setup).

    Most other forum sites install a certificate and an HTTPS setup because most other forum sites are driven by ad placement and sales using services like Google, etc. These services show ads constantly throughout the forum (top, bottom, in between posts, main page, etc). This content is served up via the service (Google or whatever) and usually is catered to the individual user (based on what the service knows about the user: past websites visited, ads clicked, etc - the website will identify you using cookies or data (Deep Google data).) Since the forum doesn't have control over this content, they never know what they will get, so a secure HTTPS site is beneficial to make sure that the links supplied by the ads are who they say they are, and not redirected to some sort of dangerous website.

    In RCCanucks case, we do use Google to deliver the ads (only ads on the site are at the top of the page) and track stats on the ads (so our advertisers know what they are getting for their cash: how many views, how many clicks, etc.). But the big difference is that we don't allow Google to place just any ad (or try to match a user to specific ad content. Google doesn't know who they served the ad to, just that it was served.) We just allow Google to randomly show one of the several banners (that we have hand loaded and verified from one of our sponsors) on the top of the main page.

    If we were smart, we would probably change the model so that it used the ad model that 99% of all forum sites are using and generate some extra cash. But we don't like ads spilling all over the place, so we will keep it the way it is for as long as we can.

    From a "bad link" perspective, yes a user could post a link that leads to a dangerous website on any post. HTTPS would not altogether stop this problem. Most modern day malicious websites will be secured in some way (or at least lead you down a garden path). So clicking on them will have the same result regardless if the website was secure or not. This sort of scenario usually occurs by "guest" posts or "rogue" users.

    RCCanucks doesn't allow "guest" users, and we have minimized "rogue" users by having an account verification step (some spam users still get through, but we try to delete them ASAP).

    We may install a certificate in the future, but we have no immediate plans to do so.

    Best thing to do is to install a solid anti-virus/anti-malware application and keep it updated. This is your best defense against the dangerous internet.

    RCCanucks.com
    Thanks for the reply.

    Daren

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •