Thomas (boggyb) wrote,
Thomas
boggyb
  • Mood: disappointed

HTTPS fail

Is HTTPS really so hard to achieve? Or is it just that, because Firefox and Chrome are less strict than Internet Explorer as to what counts as secure and what doesn't (Firefox until recently didn't even warn about non-HTTPS parts of HTTPS pages, let alone block them), no-one actually bothers to do HTTPS properly?

It's not as if it's a hard concept to understand. If your secure website loads any content from an insecure URL, then it's not your website anymore. And yes, this even applies to images - an attacker could replace a "Click here to submit" image with, I don't know, a "For security reasons enter http://evil.example.com/ in your address bar" image or something.

This mini-rant brought to you by being about to place an order online and wondering why there's no padlock symbol despite the site using a https: URL.
Subscribe

  • Computer specs

    The first part of the long-overdue computer rebuild posts! Back in May, I finally brought my desktop kicking and screaming into the current…

  • Skyward Sword HD: for SCIENCE!

    One thing I've noticed from playing through Skyward Sword HD is how... underwhelming the skyward strike appears, at least to begin with. It takes a…

  • Random quote

    pleaseremove, setting a work quiz: "No, I'm going to get my wrong answers right"

  • Post a new comment

    Error

    switch
    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
    Help
  • 0 comments