Chrome and HTTP warnings?

Do you have anything you'd like to bring to the Site Admins attention? Suggestions? Problems etc? Please note: Beginners should go to the 'help for beginners' forum below!

Moderator: Moderators

Chrome and HTTP warnings?

Postby rufuskins on Thu Feb 16, 2017 10:26 pm

Following Google Chrome's latest update - version 56 - it is now showing UKTS as Not Secure. I presume that this is because it uses HTTP internet connections rather than the supposed safer HTTPS? As I understand it Google (Chrome) and Mozilla (Firefox) are concerned that this may allow hackers to access passwords, etc.! Is the administration team in a position to assure us that this is not a problem?
Concentrating on both LNWR Carriages and LYR Wagons for MSTS - see TSSH
User avatar
rufuskins
Very Active Forum Member
 
Posts: 4077
Joined: Fri Feb 22, 2008 8:20 pm
Location: Milnrow, Lancashire

Re: Chrome and HTTP warnings?

Postby Easilyconfused on Thu Feb 16, 2017 10:42 pm

I have Chrome Version 56.0.2924.87 (64-bit) and I am not seeing any messages. Can you post a screenshot of what you are seeing ?

I do see a message when I hit the main site prior to hitting the logon button. That is normal behaviour for Chrome now. Once you hit the logon button you are using HTTPS and the same applies in the forums.

This is scaremongering from Google who are pandering to the ill-educated security "experts". The initial contact with a website is always going to be HTTP until some sort of authentication takes place - we get this question 20 times a week in work. Once you logon and use HTTPS then the "insecure" tag goes away.

Same issues occurs on TSSH so maybe you need to ask the site owner there also ?

safe.jpg
Kindest regards

John Lewis

Member of the forum moderation team
User avatar
Easilyconfused
Worried about Silent Chickens
 
Posts: 12879
Joined: Tue Dec 31, 2002 9:06 am
Location: Portsmouth & Bristol

Re: Chrome and HTTP warnings?

Postby lenfish on Thu Feb 16, 2017 11:54 pm

So basically all Google are doing is advising you when a site is not using HTTPS, which seems reasonable enough.

Regards,

Len
lenfish
Well Established Forum Member
 
Posts: 831
Joined: Tue Dec 04, 2001 12:00 am
Location: Leeds

Re: Chrome and HTTP warnings?

Postby rufuskins on Fri Feb 17, 2017 12:20 pm

Easilyconfused wrote:I have Chrome Version 56.0.2924.87 (64-bit) and I am not seeing any messages. Can you post a screenshot of what you are seeing ?

I do see a message when I hit the main site prior to hitting the logon button. That is normal behaviour for Chrome now. Once you hit the logon button you are using HTTPS and the same applies in the forums.

This is scaremongering from Google who are pandering to the ill-educated security "experts". The initial contact with a website is always going to be HTTP until some sort of authentication takes place - we get this question 20 times a week in work. Once you logon and use HTTPS then the "insecure" tag goes away.

Same issues occurs on TSSH so maybe you need to ask the site owner there also ?

The attachment safe.jpg is no longer available


My limited understanding is that if the site is considered secure then a green padlock symbol shows rather than an "i" in a circle. When you click that circled "i" you get the message "Your connection to this site is not secure"! Now I am prepared to accept your apparent conclusion that there is no problem but I do wonder whether visitors may be put off using the site. I have raised this issue with several other sites.

My version of Chrome is the same as yours, however perhaps being an "educated" security expert you can confirm that the continuing use of HTTP is not vulnerable?

Your screenshot displays the same message that I get, and after signing in I get the following:-
Attachments
UKTS_Screen.jpg
User avatar
rufuskins
Very Active Forum Member
 
Posts: 4077
Joined: Fri Feb 22, 2008 8:20 pm
Location: Milnrow, Lancashire

Re: Chrome and HTTP warnings?

Postby dforrest on Fri Feb 17, 2017 5:59 pm

With Firefox:

At initial opening of the page there is an information icon and a padlock icon with a red cross and both give the message "Connection is Not Secure".

After logging on the padlock icon goes but the information icon remains with the message "Connection is Not Secure".

Incidentally, Trainsim.com, Elvas Tower and TSSH all have the information icon with the message "Connection is Not Secure", but do not have the padlock icon.
David
User avatar
dforrest
Very Active Forum Member
 
Posts: 5823
Joined: Wed Jun 05, 2002 12:00 am
Location: St. Vincent and the Grenadines (and in an earlier life, Hull)

Re: Chrome and HTTP warnings?

Postby lenfish on Fri Feb 17, 2017 11:39 pm

Easilyconfused wrote: Once you hit the logon button you are using HTTPS and the same applies in the forums.

On my set up IE, Chrome and Firefox all show both sites as HTTP (not HTTPS) when logged on, whilst other sites such as Just Trains are shown as HTTPS. Seems very odd given the above staterment.

Regards,

Len
lenfish
Well Established Forum Member
 
Posts: 831
Joined: Tue Dec 04, 2001 12:00 am
Location: Leeds

Re: Chrome and HTTP warnings?

Postby rufuskins on Sat Feb 18, 2017 10:06 am

As mentioned earlier I have raised this subject elsewhere and one response is as stated below:-

Yes it does use HTTP rather than HTTPS so is less secure and if someone is monitoring your connection then they would see passwords. However we are due to upgrade the forum soon and it may move to https.
To be honest though, if anyone gets access to your password (and line monitoring is not a trivial task) they would have the ability to read the extra forums and to submit a moderated post.
Its a risk, a calculated risk, that I'm prepared to take.


This response is not related to TSSH, but at least acknowledges the potential for hacking. For those forums that are for discussion only the reference to a calculated risk seems not unreasonable, but for sites where content is purchased then one needs to have some degree of confidence that security is relevant.
User avatar
rufuskins
Very Active Forum Member
 
Posts: 4077
Joined: Fri Feb 22, 2008 8:20 pm
Location: Milnrow, Lancashire


Return to Site Admin Queries

Who is online

Users browsing this forum: No registered users and 2 guests