Quote:
Originally Posted by vs-Admin
The gap in security your browser is pointing out is common on most sites, but Google has decided to start highlighting it now. It's telling you that the site is vulnerable to a MIM attack (or Man in the Middle), where someone intercepts what you are typing on the site. Since everything you type here is view-able to all, this has never been a thing it made sense to protect against. As long as you aren't typing your password into a thread in plain text, or your bank info, this doesn't affect you.
All that said, we are going to be upgrade all our network over the coming months to HTTPS to make our pages secure.
- JB
|
Well, no. The admins could have explained it better and included the truth in their explanation.
The security issue you are seeing is that this site does not use SSL (HTTPS protocol instead of HTTP, the S stand for Secure), essentially its a way of encrypting the data between the server and your browser. It is commonplace to see these warnings as Google and other browsers highly recommend that ALL sites encrypt all traffic. Firefox will give you a warning as well; MS Edge should do the same. Generally, sites where you are just browsing data it isn't much of a concern as you aren't sharing data. But even so, your request and what pages you are browser are sent in the clear. Any site where data is shared (passwords, personal information, profiles, upload, etc) SSL is a must these days. After the TLS/SSL bug about a year ago, more emphasis has been put on owners of sites to make their sites safer.
What the admin is failing to tell you, this site DOES expose your password upon login, any information you access on this site, including yours and other peoples profiles. Essentially anything you see and type on this site could be seen and read by an attacker executing a MITM attack. Packets of data can be logged and reviewed at a later time, it happens more often than you think.
Logins should ALWAYS be encrypted, so telling someone it doesn't make sense to protect this site against is completely 100% untrue.
Networks don't need upgrades in order to support SSL, Admin please tell the truth; and if this is what your management is feeding you, they are wrong. A 1 year $49.00 SSL certificate to enable HTTPS will take care of the problem.
So yes, this site is 100% vulnerable to MITM attacks.