Thomas (boggyb) wrote,
Thomas
boggyb

  • Mood:

HTTPS fail

Is HTTPS really so hard to achieve? Or is it just that, because Firefox and Chrome are less strict than Internet Explorer as to what counts as secure and what doesn't (Firefox until recently didn't even warn about non-HTTPS parts of HTTPS pages, let alone block them), no-one actually bothers to do HTTPS properly?

It's not as if it's a hard concept to understand. If your secure website loads any content from an insecure URL, then it's not your website anymore. And yes, this even applies to images - an attacker could replace a "Click here to submit" image with, I don't know, a "For security reasons enter http://evil.example.com/ in your address bar" image or something.

This mini-rant brought to you by being about to place an order online and wondering why there's no padlock symbol despite the site using a https: URL.
Subscribe

  • Math Rescue

    Today's random discovery: Math Rescue is still a thing! elemnar and I used to spend ages playing this when we were small. As with so…

  • Pasta night

    Yesterday was pasta night with an old game and a new game! First up is the confusingly-named 6 nimmt! card game, which is one of those games where…

  • Pasta night!

    It's been far too long since pasta night was a thing - for one reason or another, after the 8th April it wasn't until last week that I could make it…

  • Post a new comment

    Error

    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 0 comments