Log in

No account? Create an account

Remember me

Forgot password

Facebook Twitter Google RAMBLER&Co ID

By logging in to LiveJournal using a third-party service you accept LiveJournal's User agreement

: Thomas (boggyb) wrote,
2014-06-10 21:17:00

Thomas
boggyb
2014-06-10 21:17:00

Mood: disappointed

HTTPS fail

Is HTTPS really so hard to achieve? Or is it just that, because Firefox and Chrome are less strict than Internet Explorer as to what counts as secure and what doesn't (Firefox until recently didn't even warn about non-HTTPS parts of HTTPS pages, let alone block them), no-one actually bothers to do HTTPS properly?

It's not as if it's a hard concept to understand. If your secure website loads any content from an insecure URL, then it's not your website anymore. And yes, this even applies to images - an attacker could replace a "Click here to submit" image with, I don't know, a "For security reasons enter http://evil.example.com/ in your address bar" image or something.

This mini-rant brought to you by being about to place an order online and wondering why there's no padlock symbol despite the site using a https: URL.

Advent 2020, Christmas day!

Merry Christmas! http://www.youtube.com/watch?v=B_pWTlN15bc Right, now I've got that out of my system, let's see what was in pocket number…
Advent 2020, day 24

Finally caught up just in time! So here I am at long last at Christmas Eve. All the presents are wrapped, all the cards have been delivered - or at…
Advent 2020, day 23

Almost up-to-date! The mystery calendar was a little light today: just a toffee penny, and the buttons from the snowman. But that's not all!…

Post a new comment
0 comments

Log in

HTTPS fail

Advent 2020, Christmas day!

Advent 2020, day 24

Advent 2020, day 23

Error