Why is the wings site no longer showing as secure? - Wings900 Discussion Forums Wings900 - Model News

Go Back   Wings900 Discussion Forums > Wings900 Ground Control > Wings900.com Sites Issues and Help section.

Reply
 
LinkBack Thread Tools Rate Thread
Old 03-15-2018, 06:53 AM   #1
Easyjet
 
Easyjet's Avatar
 
Join Date: Jun 2009
Posts: 1,991
Easyjet is an excellent contributorEasyjet is an excellent contributorEasyjet is an excellent contributorEasyjet is an excellent contributorEasyjet is an excellent contributorEasyjet is an excellent contributorEasyjet is an excellent contributorEasyjet is an excellent contributorEasyjet is an excellent contributorEasyjet is an excellent contributorEasyjet is an excellent contributor
Why is the wings site no longer showing as secure?

Just wondering why it's not a secure web page anymore? I keep getting warnings because it's unsecured.
Easyjet is online now   Reply With Quote
Sponsored Links
Advertisement
 
Old 03-15-2018, 03:09 PM   #2
Admin
 
Join Date: Mar 2015
Posts: 346
vs-Admin is getting startedvs-Admin is getting startedvs-Admin is getting startedvs-Admin is getting startedvs-Admin is getting startedvs-Admin is getting started
Re: Why is the wings site no longer showing as secure?

The gap in security your browser is pointing out is common on most sites, but Google has decided to start highlighting it now. It's telling you that the site is vulnerable to a MIM attack (or Man in the Middle), where someone intercepts what you are typing on the site. Since everything you type here is view-able to all, this has never been a thing it made sense to protect against. As long as you aren't typing your password into a thread in plain text, or your bank info, this doesn't affect you.

All that said, we are going to be upgrade all our network over the coming months to HTTPS to make our pages secure.

- JB
vs-Admin is offline   Reply With Quote
Old 03-20-2018, 11:13 PM   #3
Puddle Jumper
 
Join Date: Jun 2005
Age: 16
Posts: 98
AeroPro is flying under the radar
Re: Why is the wings site no longer showing as secure?

Quote:
Originally Posted by vs-Admin View Post
The gap in security your browser is pointing out is common on most sites, but Google has decided to start highlighting it now. It's telling you that the site is vulnerable to a MIM attack (or Man in the Middle), where someone intercepts what you are typing on the site. Since everything you type here is view-able to all, this has never been a thing it made sense to protect against. As long as you aren't typing your password into a thread in plain text, or your bank info, this doesn't affect you.

All that said, we are going to be upgrade all our network over the coming months to HTTPS to make our pages secure.

- JB
Well, no. The admins could have explained it better and included the truth in their explanation.

The security issue you are seeing is that this site does not use SSL (HTTPS protocol instead of HTTP, the S stand for Secure), essentially its a way of encrypting the data between the server and your browser. It is commonplace to see these warnings as Google and other browsers highly recommend that ALL sites encrypt all traffic. Firefox will give you a warning as well; MS Edge should do the same. Generally, sites where you are just browsing data it isn't much of a concern as you aren't sharing data. But even so, your request and what pages you are browser are sent in the clear. Any site where data is shared (passwords, personal information, profiles, upload, etc) SSL is a must these days. After the TLS/SSL bug about a year ago, more emphasis has been put on owners of sites to make their sites safer.

What the admin is failing to tell you, this site DOES expose your password upon login, any information you access on this site, including yours and other peoples profiles. Essentially anything you see and type on this site could be seen and read by an attacker executing a MITM attack. Packets of data can be logged and reviewed at a later time, it happens more often than you think. Logins should ALWAYS be encrypted, so telling someone it doesn't make sense to protect this site against is completely 100% untrue.

Networks don't need upgrades in order to support SSL, Admin please tell the truth; and if this is what your management is feeding you, they are wrong. A 1 year $49.00 SSL certificate to enable HTTPS will take care of the problem.

So yes, this site is 100% vulnerable to MITM attacks.

Last edited by AeroPro; 03-20-2018 at 11:17 PM.
AeroPro is offline   Reply With Quote
 
Old 03-21-2018, 11:43 AM   #4
Admin
 
Join Date: Mar 2015
Posts: 346
vs-Admin is getting startedvs-Admin is getting startedvs-Admin is getting startedvs-Admin is getting startedvs-Admin is getting startedvs-Admin is getting started
Re: Why is the wings site no longer showing as secure?

We are still working on implementing this across the network. Despite what you believe this is not simply a plug and play exercise. The process of executing this is not complete so its not done network wide yet.
-Philip
vs-Admin is offline   Reply With Quote
Old 03-21-2018, 10:39 PM   #5
Puddle Jumper
 
Join Date: Jun 2005
Age: 16
Posts: 98
AeroPro is flying under the radar
Re: Why is the wings site no longer showing as secure?

Quote:
Originally Posted by vs-Admin View Post
We are still working on implementing this across the network. Despite what you believe this is not simply a plug and play exercise. The process of executing this is not complete so its not done network wide yet.
-Philip
Yes it is plug and play. You can secure the connection to the users browser with an SSL certificate. Don't pull the wool over our eyes.
AeroPro is offline   Reply With Quote
Old 03-22-2018, 12:22 PM   #6
Admin
 
Join Date: Mar 2015
Posts: 346
vs-Admin is getting startedvs-Admin is getting startedvs-Admin is getting startedvs-Admin is getting startedvs-Admin is getting startedvs-Admin is getting started
Re: Why is the wings site no longer showing as secure?

Every time we have turned on HTTPS in testing, a new feature of the site has broken down. From images, to the PM system, to ads, to youtube videos. Comes from a site that ran for years without encrypted communications trying to switch gears. So far, nothing that has broken has been an insurmountable problem, and testing has continued. We're also waiting on a server upgrade before doing the final moves, as no point setting everything up and then changing things again

Kevin
vs-Admin is offline   Reply With Quote
Old 04-22-2018, 10:44 PM   #7
Puddle Jumper
 
Join Date: Jun 2005
Age: 16
Posts: 98
AeroPro is flying under the radar
Re: Why is the wings site no longer showing as secure?

Quote:
Originally Posted by vs-Admin View Post
Every time we have turned on HTTPS in testing, a new feature of the site has broken down. From images, to the PM system, to ads, to youtube videos. Comes from a site that ran for years without encrypted communications trying to switch gears. So far, nothing that has broken has been an insurmountable problem, and testing has continued. We're also waiting on a server upgrade before doing the final moves, as no point setting everything up and then changing things again

Kevin

Wow, not to be rude but that can all be solved via .htaccess settings, assuming you are running apache or similar. There are solutions, shouldn't take this long.
AeroPro is offline   Reply With Quote
Old 04-23-2018, 02:01 PM   #8
Admin
 
Join Date: Mar 2015
Posts: 346
vs-Admin is getting startedvs-Admin is getting startedvs-Admin is getting startedvs-Admin is getting startedvs-Admin is getting startedvs-Admin is getting started
Re: Why is the wings site no longer showing as secure?

Hey there,

We're trying to minimize as many bugs and do a global implementation instead doing this for every individual forum.

Once we get more news on this, we'll make an announcement.
Please standby for updates.

Ed
vs-Admin is offline   Reply With Quote
Reply

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -4. The time now is 05:37 PM.

Latest Threads
- by kev747
- by Charter
- by Charter
- by Charter
 

Models of the Week
 


Powered by vBulletin®
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.

 

SEO by vBSEO 3.3.2