Echo & Alexa Forums

No HTTPS?

0 Members and 2 Guests are viewing this topic.

SylvainG

No HTTPS?
« on: January 04, 2019, 10:07:42 pm »
Hi, new here. Was surprised to see that this site doesn't do HTTPS. At least, when I entered https://www.echotalk.org, I was greeted to a

Antirebate
"We find the Deals, You get the Savings!"

site instead of a secure communication version of Echotalk...

In these days an ages, I find this weird and unsettling... Anybody else?

Re: No HTTPS?
« Reply #1 on: January 04, 2019, 10:33:51 pm »
I don't find it weird or unsettling after all, this is just a forum.  not like you gave it any credit card info to join. 

SylvainG

Re: No HTTPS?
« Reply #2 on: January 05, 2019, 01:23:35 am »
Some unaware of this might reuse passwords and the password here is either sent in Base64 (which is not encryption) or plain text, which is has been a no-no for several years now... All the forums I'm subscribed to have been using encryption for several years. I'm surprised this one doesn't.

Re: No HTTPS?
« Reply #3 on: January 05, 2019, 02:14:40 am »
Some unaware of this might reuse passwords and the password here is either sent in Base64 (which is not encryption) or plain text, which is has been a no-no for several years now... All the forums I'm subscribed to have been using encryption for several years. I'm surprised this one doesn't.


 https does not mean the website is secure.   it is too easy to get a ssl certificate whether it be real or fake. 

SylvainG

Re: No HTTPS?
« Reply #4 on: January 05, 2019, 01:27:14 pm »
Some unaware of this might reuse passwords and the password here is either sent in Base64 (which is not encryption) or plain text, which is has been a no-no for several years now... All the forums I'm subscribed to have been using encryption for several years. I'm surprised this one doesn't.


 https does not mean the website is secure.   it is too easy to get a ssl certificate whether it be real or fake.

Sites register certificates through third parties like Entrust or Verisign. Sites using self signed certificates or certificate from unknown third parties will be flagged in your browser.

Re: No HTTPS?
« Reply #5 on: January 05, 2019, 02:48:49 pm »
Some unaware of this might reuse passwords and the password here is either sent in Base64 (which is not encryption) or plain text, which is has been a no-no for several years now... All the forums I'm subscribed to have been using encryption for several years. I'm surprised this one doesn't.


 https does not mean the website is secure.   it is too easy to get a ssl certificate whether it be real or fake.

Sites register certificates through third parties like Entrust or Verisign. Sites using self signed certificates or certificate from unknown third parties will be flagged in your browser.

most users will just click through most flags since they have no idea of what it is about or they could care less.   if you care so much, why are you on this forum?  It just proves my point.  truth is, even you don't really care.

SylvainG

Re: No HTTPS?
« Reply #6 on: January 06, 2019, 02:42:51 pm »
I care enough to use a password that is unique to THIS forum, hope you do the same for your sake.  Not everyone do that hence my warning and question. Don't security bothers you?

SylvainG

Re: No HTTPS?
« Reply #7 on: January 16, 2019, 11:42:43 pm »
HTTPS now works here  :)

mike27oct

Re: No HTTPS?
« Reply #8 on: January 17, 2019, 02:44:26 am »
Much ado about nothing.

SylvainG

Re: No HTTPS?
« Reply #9 on: January 18, 2019, 10:01:51 pm »
Whatever floats your boat but information security is important to me  8)