Kuribo64
Views: 19,851,719 Home | Forums | Uploader | Wiki | Object databases | IRC
Rules/FAQ | Memberlist | Calendar | Stats | Online users | Last posts | Search
03-28-24 06:07 PM
Guest:

0 users reading HTTP deprecation. it's becoming a thing. | 1 bot

Main - General Chat - HTTP deprecation. it's becoming a thing. Hide post layouts | New reply

Pages: 1 2
Arisotura
Posted on 02-03-17 01:01 AM Link | #81213
so Firefox is already at it.

right now, it seems to only show up if the page contains a password field, but... it does show that "omg HTTP is unsecure" icon.


I'm not opposed to more security if we have a proper, mature infrastructure to support it. Right now, getting a HTTPS certificate is either "pay lots of money and maybe get good service" or "cheap/free but service is crap and we don't give a shit".

In the current state of things, deprecating HTTP looks pretty much like an attempt at restricting the web to the rich. Just like the web browser market is an oligopoly that may eventually become a Webkit monopoly.


Ideally, HTTPS certificates should be provided along with domains when you register those.

____________________
NSMBHD - Kafuka - Jul
melonDS the most fruity DS emulator there is

zafkflzdasd

Yami
Posted on 02-03-17 06:13 AM Link | #81218
Well, I paid like 12 US Dollars for a certificate for DSHack.org myself, and it's considered good enough.
As a bonus, the more certificates I buy for more domains, the higher the discount I get on them.

Arisotura
Posted on 02-03-17 12:14 PM Link | #81219
>COMODO

wasn't there a scandal around them at some point? I vaguely remember something.

____________________
NSMBHD - Kafuka - Jul
melonDS the most fruity DS emulator there is

zafkflzdasd

Anthe
Posted on 02-03-17 01:11 PM Link | #81220
What's wrong with Let's Encrypt? I've used it for more than a year now and had zero issues.

____________________
[image]

Yami
Posted on 02-03-17 02:35 PM Link | #81222
Posted by StapleButter
>COMODO

wasn't there a scandal around them at some point? I vaguely remember something.

I think you're confusing it with DigiNotar.

Baby Luigi
Posted on 02-04-17 03:47 AM Link | #81238
Wondering, but is there any significant advantage HTTP has over HTTPS? I mean, Marioboards has recently converted to HTTPS and people were happy about being more secure. Is price the only thing? Sorry, I'm a doofus when it comes to this stuff, so please enlighten me.

Arisotura
Posted on 02-04-17 03:55 AM (rev. 2 of 02-04-17 03:57 AM) Link | #81242
HTTP over HTTPS, pros and cons:

pros:
* doesn't require dealing with CAs
* is set up easily
* works always
* is easily implemented in amateur projects
* oh and doesn't complain if images or other meaningless assets happen to be loaded over an unsecure connection

cons:
* not suitable when sensitive data are being transferred.
* in the event someone wants your Kuribo64 password and happens to be on your network, they can sniff it. chance of this happening is generally low.
* similarly, they could sniff posts being posted in the staff forums. not like we're using said forums to exchange nuclear codes.
* is eventually going to be deprecated because the CA lobby is pushing HTTPS to make more money and restrict the web to the rich make everyone secure

I would add that HTTP is also vulnerable to shit like reckless ISPs tampering with webpages, but it's been shown that similar attacks are also possible over HTTPS.

____________________
NSMBHD - Kafuka - Jul
melonDS the most fruity DS emulator there is

zafkflzdasd

LeftyGreenMario
Posted on 02-10-17 09:55 PM Link | #81309
Would HTTPS be suitable if you're going online in public wifi hotspot, or is it just paranoia? Because someone told me that if you're using HTTP in a public area, the person who owns the hotspot can take your password. I believe that's the "sniffing" thing, is it? Why are the odds of that happening very low?

Spacey
Posted on 02-10-17 11:06 PM Link | #81319
It is better to use HTTPS in public places, you dont even need to own the hotspot to steal logins and info with those, just a copy of wireshark or even a custom built packet sniffer/network monitoring tool if they dont want to use one of the thousands that exist. They can still get your traffic with https afaik but its encrypted so its sorta pointless.

____________________
Hacking LM and trying to not suck. Weeeeeeee.

Kak
Posted on 02-10-17 11:08 PM Link | #81320
KLayout 4.0
Posted by StapleButter
>COMODO

wasn't there a scandal around them at some point? I vaguely remember something.

Oh boy Comodo.

I remember how they used to issue certificates to shady/fakeav websites some years ago.
You may or may not be able to recognize where I stole this grid background from.
Links
???
Twitter
YouTube
Website

Arisotura
Posted on 02-11-17 01:21 AM Link | #81325
Posted by LeftyGreenMario
Why are the odds of that happening very low?

maybe because noone cares about your Kuribo64 credentials? :P

there's always the chance that you have some nolife/troll sniffing passwords for the sake of it, but generally those people can be found sitting between piles of soda cans in their mom's basement, not so much in public places.

____________________
NSMBHD - Kafuka - Jul
melonDS the most fruity DS emulator there is

zafkflzdasd

Arisotura
Posted on 03-22-17 12:48 AM Link | #82091
new Firefox feature: if you activate a username or password field on a HTTP page, it sticks a big paranoid warning under it whining about how the evil h4xx0rs are going to steal your credentials


the CA lobby is pushing, and I refuse to give in

____________________
NSMBHD - Kafuka - Jul
melonDS the most fruity DS emulator there is

zafkflzdasd

Dilene
Posted on 03-22-17 02:36 AM (rev. 2 of 03-22-17 02:36 AM) Link | #82093
Posted by StapleButter
new Firefox feature: if you activate a username or password field on a HTTP page, it sticks a big paranoid warning under it whining about how the evil h4xx0rs are going to steal your credentials


the CA lobby is pushing, and I refuse to give in

Just wait until they plaster the "This page is insecure because of reasons no one but the geeks will read about" page on every http site before you even enter it.

____________________
≤!-- Am I doing this right? --≥

Arisotura
Posted on 03-22-17 08:51 AM Link | #82094
phishing with HTTPS




does HTTPS make you safe against phishing? nope. especially not as everyone and their mom can get a 'good' certificate now.


HTTPS isn't a magical security thing. nothing is. security is 50% ensuring infrastructure quality, 50% educating the users.

just like having the world's safest password storage is pointless if your password is 'qwerty'.


as I have already said, the HTTPS trend only aims at selling more certificates and raising the web entry barrier. it's not like there aren't ways to make things more secure if they're genuinely concerned about it. like, providing certificates along with domain names when you register those -- no hassle, no bad certificates, etc. or SSH-style login on the web.

____________________
NSMBHD - Kafuka - Jul
melonDS the most fruity DS emulator there is

zafkflzdasd

LeftyGreenMario
Posted on 03-25-17 12:01 AM Link | #82115
the extra s is nice, though

Arisotura
Posted on 03-25-17 12:06 AM Link | #82117
oh also, I log in to that (HTTP) board, and don't have my password saved (I tend to not save passwords on my laptop)

before: focus the username field, Firefox lists potential entries, among which is my username for that board, which is handy

after: focus the username field, OMG THIS SITE IS INSECURE EVIL HAXXORS WILL STEAL YOUR PASSWORD!!!!!!!1111 but the nice handy username list is GONE

congratulations, Mozilla

you have removed a useful feature to replace it with fearmongering in favor of the CA lobby

at this rate you might as well drop HTTP support already

____________________
NSMBHD - Kafuka - Jul
melonDS the most fruity DS emulator there is

zafkflzdasd

Dilene
Posted on 03-26-17 06:44 AM Link | #82140
Posted by StapleButter
after: focus the username field, OMG THIS SITE IS INSECURE EVIL HAXXORS WILL STEAL YOUR PASSWORD!!!!!!!1111 but the nice handy username list is GONE

Really? I use Developer Edition and I still get the listing on http pages. Then again that's stuff that you can change with about:config (security.insecure_field_warning.contextual.enabled and signon.autofillForms.http to allow autofill again) but that is still shitty to do.


____________________
≤!-- Am I doing this right? --≥

LeftyGreenMario
Posted on 03-28-17 09:44 PM Link | #82184
It's annoying that in the version of FireFox I use, they nag about how the connection isn't secure when I want to log in. Though it's a FireFox problem, not a HTTP vs HTTPS thing. Right?

poudink
Posted on 05-22-17 12:28 PM Link | #83284
Opera began doing it too:
[image]

____________________
Nothing to say, so jadnjkfmnjamnfjkldnajfnjkanfjdksan jsdnvj m.

Arisotura
Posted on 05-22-17 12:29 PM (rev. 2 of 05-22-17 12:32 PM) Link | #83285
I guess Chrome is doing it, and since Opera uses Webkit too...


anyway I did as suggested by Dilene, and nice, it works. but we can predict that the feature will eventually get 'accidentally' broken, then removed.

____________________
NSMBHD - Kafuka - Jul
melonDS the most fruity DS emulator there is

zafkflzdasd
Pages: 1 2

Main - General Chat - HTTP deprecation. it's becoming a thing. Hide post layouts | New reply

Page rendered in 0.067 seconds. (2048KB of memory used)
MySQL - queries: 27, rows: 237/237, time: 0.009 seconds.
[powered by Acmlm] Acmlmboard 2.064 (2018-07-20)
© 2005-2008 Acmlm, Xkeeper, blackhole89 et al.