Not secure

[JoeT]

I've been getting a "not secure" message in the address bar for awhile now.

All other sites I visit, this message isn't there. I'm using Chrome, on Win10, if that's any help.

Thanks, Daren

The main reason for this is almost all websites / forums have gone to Secure HTTP also shows as https to transmit or broadcast information. This site still uses the old non-certificate http. Any site that does not use https is marked as "Not Secure" to let you know. Not using HTTPS increases the risk of DB injections, host injections, hacking, interceptions, passive listening etc. etc. to capture information from this site. This site can also be used as a relay host to plant malicious applets aka malware. Not saying it's doing it, but the potential increases by not using secure sockets layer or TLS (https).

You may think that it's ok, since there's nothing on this site that's sensitive. As a relay host, this site can silently place code on your home computer, something as simple as a key logger.

Instead of HyperText Transfer Protocol Secure (HTTPS), this website uses HyperText Transfer Protocol (HTTP).
Using HTTPS, the computers agree on a "code" between them, and then they scramble the messages using that "code" so that no one in between can read them. This keeps your information safe from hackers. They use the "code" on a Secure Sockets Layer (SSL), sometimes called Transport Layer Security (TLS) to send the information back and forth.

Hope this helps clarify.

[Machzx]

That explains the weird email that says it has my password
It’s only for this site

[JoeT]

The weird email that threatens to expose what they recorded from your camera.

Hahahah it's a scam, obviously. Hahah

[Machzx]

The weird email that threatens to expose what they recorded from your camera.

Hahahah it's a scam, obviously. Hahah

Yup lol
I was going to send them money too

[Daren71]

The main reason for this is almost all websites / forums have gone to Secure HTTP also shows as https to transmit or broadcast information. This site still uses the old non-certificate http. Any site that does not use https is marked as "Not Secure" to let you know. Not using HTTPS increases the risk of DB injections, host injections, hacking, interceptions, passive listening etc. etc. to capture information from this site. This site can also be used as a relay host to plant malicious applets aka malware. Not saying it's doing it, but the potential increases by not using secure sockets layer or TLS (https).

You may think that it's ok, since there's nothing on this site that's sensitive. As a relay host, this site can silently place code on your home computer, something as simple as a key logger.

Instead of HyperText Transfer Protocol Secure (HTTPS), this website uses HyperText Transfer Protocol (HTTP).
Using HTTPS, the computers agree on a "code" between them, and then they scramble the messages using that "code" so that no one in between can read them. This keeps your information safe from hackers. They use the "code" on a Secure Sockets Layer (SSL), sometimes called Transport Layer Security (TLS) to send the information back and forth.

Hope this helps clarify.

Thanks Joe. I was pretty sure it was a certificate issue, that probably hasn’t been renewed. I’m kinda surprised no admin has responded to this yet.

Daren

[RCC_Admin]

RCCanucks has never been a "secure" (or HTTPS) website.

The risks of some form of an "attack" through the current RCCanucks setup (non-HTTPS) is extremely low (or at least not much more than a typical HTTPS (TLS) setup).

Most other forum sites install a certificate and an HTTPS setup because most other forum sites are driven by ad placement and sales using services like Google, etc. These services show ads constantly throughout the forum (top, bottom, in between posts, main page, etc). This content is served up via the service (Google or whatever) and usually is catered to the individual user (based on what the service knows about the user: past websites visited, ads clicked, etc - the website will identify you using cookies or data (Deep Google data).) Since the forum doesn't have control over this content, they never know what they will get, so a secure HTTPS site is beneficial to make sure that the links supplied by the ads are who they say they are, and not redirected to some sort of dangerous website.

In RCCanucks case, we do use Google to deliver the ads (only ads on the site are at the top of the page) and track stats on the ads (so our advertisers know what they are getting for their cash: how many views, how many clicks, etc.). But the big difference is that we don't allow Google to place just any ad (or try to match a user to specific ad content. Google doesn't know who they served the ad to, just that it was served.) We just allow Google to randomly show one of the several banners (that we have hand loaded and verified from one of our sponsors) on the top of the main page.

If we were smart, we would probably change the model so that it used the ad model that 99% of all forum sites are using and generate some extra cash. But we don't like ads spilling all over the place, so we will keep it the way it is for as long as we can.

From a "bad link" perspective, yes a user could post a link that leads to a dangerous website on any post. HTTPS would not altogether stop this problem. Most modern day malicious websites will be secured in some way (or at least lead you down a garden path). So clicking on them will have the same result regardless if the website was secure or not. This sort of scenario usually occurs by "guest" posts or "rogue" users.

RCCanucks doesn't allow "guest" users, and we have minimized "rogue" users by having an account verification step (some spam users still get through, but we try to delete them ASAP).

We may install a certificate in the future, but we have no immediate plans to do so.

Best thing to do is to install a solid anti-virus/anti-malware application and keep it updated. This is your best defense against the dangerous internet.

RCCanucks.com

[Daren71]

RCCanucks has never been a "secure" (or HTTPS) website.

The risks of some form of an "attack" through the current RCCanucks setup (non-HTTPS) is extremely low (or at least not much more than a typical HTTPS (TLS) setup).

Most other forum sites install a certificate and an HTTPS setup because most other forum sites are driven by ad placement and sales using services like Google, etc. These services show ads constantly throughout the forum (top, bottom, in between posts, main page, etc). This content is served up via the service (Google or whatever) and usually is catered to the individual user (based on what the service knows about the user: past websites visited, ads clicked, etc - the website will identify you using cookies or data (Deep Google data).) Since the forum doesn't have control over this content, they never know what they will get, so a secure HTTPS site is beneficial to make sure that the links supplied by the ads are who they say they are, and not redirected to some sort of dangerous website.

In RCCanucks case, we do use Google to deliver the ads (only ads on the site are at the top of the page) and track stats on the ads (so our advertisers know what they are getting for their cash: how many views, how many clicks, etc.). But the big difference is that we don't allow Google to place just any ad (or try to match a user to specific ad content. Google doesn't know who they served the ad to, just that it was served.) We just allow Google to randomly show one of the several banners (that we have hand loaded and verified from one of our sponsors) on the top of the main page.

If we were smart, we would probably change the model so that it used the ad model that 99% of all forum sites are using and generate some extra cash. But we don't like ads spilling all over the place, so we will keep it the way it is for as long as we can.

From a "bad link" perspective, yes a user could post a link that leads to a dangerous website on any post. HTTPS would not altogether stop this problem. Most modern day malicious websites will be secured in some way (or at least lead you down a garden path). So clicking on them will have the same result regardless if the website was secure or not. This sort of scenario usually occurs by "guest" posts or "rogue" users.

RCCanucks doesn't allow "guest" users, and we have minimized "rogue" users by having an account verification step (some spam users still get through, but we try to delete them ASAP).

We may install a certificate in the future, but we have no immediate plans to do so.

Best thing to do is to install a solid anti-virus/anti-malware application and keep it updated. This is your best defense against the dangerous internet.

RCCanucks.com

Thanks for the reply.

Daren