Jump to content



Photo

HTTPS sessions active for Tier 2 subscribers


  • Please log in to reply
85 replies to this topic

#1 Steven P.

Steven P.

    aka Neobond

  • 30,415 posts
  • Joined: 09-July 01
  • Location: Neowin HQ

Posted 09 August 2013 - 11:58

We're happy to announce that we've added SSL sessions for Tier 2 ad free subscribers. Currently this is only active on the main news site, the forums will follow shortly.

 

Even more reason to subscribe :p

 

Inevitable answers to questions:

 

Q: Why isn't it available for everyone

A: Because most of our ad partners don't support SSL delivery.

 

Q: Why not look for a different advertiser?

A: The certificate wasn't free, nor the work to implement it; therefore a Tier 2 adfree perk.

 

Enjoy!




#2 articuno1au

articuno1au

    Neowinian Senior

  • 4,459 posts
  • Joined: 20-March 11
  • Location: Brisbane, Australia

Posted 09 August 2013 - 12:02

NSA resistance + 1.



#3 +Anarkii

Anarkii

    Member N° 1,455

  • 5,296 posts
  • Joined: 02-October 01
  • Location: Sydney, Australia
  • OS: Windows 8.2 Pro (8.1 Update 1)
  • Phone: iPhone 5, iOS 8

Posted 09 August 2013 - 12:02

Awesome thanks to all involved :) 



#4 bmdixon

bmdixon

    Neowinian

  • 697 posts
  • Joined: 13-November 05
  • Location: Birmingham, UK
  • Phone: Nexus 5

Posted 09 August 2013 - 12:09

Should we be redirected automatically to https or do we need to specify it?



#5 +BudMan

BudMan

    Neowinian Senior

  • 25,981 posts
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 09 August 2013 - 12:31

So when is the login going to post via SSL vs how it currently sends which is just http in clear text for username and password

passwordinclear.png

Its a forum, its a news site - I don't really see any need for anything to be SSL --- OTHER THAN when I send my password ;)

#6 Jason S.

Jason S.

    Neowinian Senior

  • 12,019 posts
  • Joined: 01-September 03
  • Location: Cleveland, Ohio

Posted 09 August 2013 - 12:37

im not seeing any https: on the main news site. when i manually type in https://www.neowin.net it seems to work but i dont see any other SSL cert info. what am i missing?



#7 SuperKid

SuperKid

    Im no superman

  • 2,513 posts
  • Joined: 21-April 08
  • Location: Birmingham, England, UK
  • OS: OS X 10.8, iOS 7
  • Phone: iPhone 4S

Posted 09 August 2013 - 12:45

So when is the login going to post via SSL vs how it currently sends which is just http in clear text for username and password

attachicon.gifpasswordinclear.png

Its a forum, its a news site - I don't really see any need for anything to be SSL --- OTHER THAN when I send my password ;)

 

@Neobond

 

Yeah, can we get SSL for EVERYONE when it sends the username and password on the login? a POST over SSL won't mess with the advertisements.



#8 PhilTheThrill

PhilTheThrill

    Neowinian Senior

  • 3,874 posts
  • Joined: 28-November 03
  • Location: Canada
  • OS: Win 8.1
  • Phone: WP8

Posted 09 August 2013 - 13:00

Implying it isn't stored in plain text in the DB...lol



#9 Torolol

Torolol

  • 2,826 posts
  • Joined: 24-November 12

Posted 09 August 2013 - 13:00

SSL certificates is expensive, what C.A issuer that neowin will use?

 

 

 

Because most of our ad partners don't support SSL delivery.

Theres was ad blocking services that actively listing ad-server certificates so their users can put those certificates into "Untrusted" or "Revoked" categories,

which effectively prevent any known SSL ads.

Knowing this most ads services won't bother to obtaining SSL certificates.



#10 +BudMan

BudMan

    Neowinian Senior

  • 25,981 posts
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 09 August 2013 - 13:06

So only a B, you seem to have some chain issues

https://www.ssllabs....s=74.204.71.246

Seems you did not install the intermediate CA bundle??

https://search.thawt...iewlocale=en_US

Please Note: On June 27th, 2010 Thawte upgraded its root hierachy to 2048bit RSA Keys to enhance the security of all SSL products. As a part of this upgrade, all newly issued certificates now require the installation of the new Primary and Secondary Intermediate CA's along with your SSL certificate. These new Intermediate CA's MUST be installed in order for your SSL certificate to be fully trusted in all browsers.

This causes an issue with firefox on the cert

oddssl.png

#11 spudtrooper

spudtrooper

    Neowinian Senior

  • 3,095 posts
  • Joined: 19-October 10
  • OS: Windows 8
  • Phone: Nokia 920

Posted 09 August 2013 - 13:07

SSL certificates is expensive, what C.A issuer that neowin will use?

 

They're not expensive..  you can get chained certs that work wit most modern browsers for  < 60 bucks a year, otherwise root certs are around 80 bucks + (can be found cheaper on deals..)   SSL is cheaper than a data breach and hell, i would have helped pitch in for a cert if it meant everyone got it, SSL for subs is.. lame..

 

looks like it is a chained cert.

 

hell, godaddy has a chained cert without all the extras for like 5 bucks

 

http://www.godaddy.c...0130809130902:s

 

Premium feature worthy? not sure why anyone would go direct with thawt though, but they do have a large reseller network, so hopefully neowin didn't pay full retail for a chained.



#12 PhilTheThrill

PhilTheThrill

    Neowinian Senior

  • 3,874 posts
  • Joined: 28-November 03
  • Location: Canada
  • OS: Win 8.1
  • Phone: WP8

Posted 09 August 2013 - 13:09

SSL for subs is.. lame..

 

+9001



#13 Haggis

Haggis

    Neowinian Senior

  • 2,412 posts
  • Joined: 13-June 07
  • Location: Near Stirling, Scotland
  • OS: Debian 7
  • Phone: Samsung Galaxy S3 LTE (i9305)

Posted 09 August 2013 - 14:42

So really what your saying is that only the people that pay for Tier 2 Subs are worth protecting for passwords sending ?? and not the people that come on here and helps others for free?

 

Great!



#14 Draconian Guppy

Draconian Guppy

    LippyZillaD Council

  • 13,929 posts
  • Joined: 22-August 04
  • Location: Neowin

Posted 09 August 2013 - 14:44

So really what your saying is that only the people that pay for Tier 2 Subs are worth protecting for passwords sending ?? and not the people that come on here and helps others for free?

 

Great!

I thought passwords already have some kind of protection and that SSL is just adding another layer?



#15 Haggis

Haggis

    Neowinian Senior

  • 2,412 posts
  • Joined: 13-June 07
  • Location: Near Stirling, Scotland
  • OS: Debian 7
  • Phone: Samsung Galaxy S3 LTE (i9305)

Posted 09 August 2013 - 14:48

I thought passwords already have some kind of protection and that SSL is just adding another layer?

 

as budman says they are sent in Cleartext





Click here to login or here to register to remove this ad, it's free!