gohpep Posted July 5, 2014 Share Posted July 5, 2014 We already have a certificate, price isn't really the issue here Sorry, just saw other people mentioning cheap $4/month certificates, and I decided I would mention a free one. But really, the only ways you would be able to have HTTPS logins everywhere, would be to serve an iframe in the popup (kind of bad), or just redirect to the full login page. Link to comment Share on other sites More sharing options...
Argi Posted July 6, 2014 Share Posted July 6, 2014 FWIW, you can access Neowin over HTTPS: https://www.neowin.net/ Link to comment Share on other sites More sharing options...
Alwaysonacoffebreak Posted July 6, 2014 Share Posted July 6, 2014 Do self-signed certificates get along well with browser security? If the browser doesn't trust a certificate's issuer, then it inherintly does not trust the certificate. Self-signed certificates are their own issuer, which causes issues for situations like this. First time the browser will give you a warning but after that you can add the self-signed to your trusted list and you are okay and wont see the nag screen anymore but it will add free security. Depends on the key lenght of course, if the server is really as strained as some are saying it would be easier to buy one with lower key lenght rahter than wasting time for a self-signed. Link to comment Share on other sites More sharing options...
DaveLegg Developer Posted July 6, 2014 Developer Share Posted July 6, 2014 FWIW, you can access Neowin over HTTPS: https://www.neowin.net/ That's a subscriber-only feature, otherwise we lose out on ad revenue Link to comment Share on other sites More sharing options...
vanx Posted July 6, 2014 Share Posted July 6, 2014 FWIW, you can access Neowin over HTTPS: https://www.neowin.net/ That's a subscriber-only feature, otherwise we lose out on ad revenue Not sure if anyone noticed, but https://neowin.net throws up an error, because the certificate being served in return only matches https://www.neowin.net You may want to take a look and fix that. Link to comment Share on other sites More sharing options...
Steven P. Administrators Posted July 6, 2014 Administrators Share Posted July 6, 2014 Just to point out what every other staff member has said already. ONLY Tier 2 (ad free) subscribers get full HTTPS browsing on Neowin, this is because none of our advertisers support ad display through HTTPS. It's one of the things I will be addressing when I go to San Francisco later this year with our main advertiser, because it does work for all the "big" sites out there (Facebook, Twitter, Google sites etc). nabz0r and Eric 2 Share Link to comment Share on other sites More sharing options...
nabz0r Veteran Posted July 7, 2014 Veteran Share Posted July 7, 2014 StartCom gives free SSL certificates through https://www.startssl.com. Never knew there was free ssl certificates, thanks though! gohpep 1 Share Link to comment Share on other sites More sharing options...
soldier1st Posted July 7, 2014 Share Posted July 7, 2014 Some prick sniffed my password at a school computer lab. Is there any way for Neowin to get a secure logon? I know these things cost money, but it's such an easy target for any jackass with a computer. Hell, even a self-generated certificate (not from Thawte, Verisign, etc) would at least give some of us the option of using it. When you use a pc/network that is not under your control, it is far easier for these things to happen. Let this be a lesson for you and learn from it. use a strong random password, even for a forum account, and like tiddlie stated, that neowin isn't a "Finacial institition". Link to comment Share on other sites More sharing options...
vanx Posted July 8, 2014 Share Posted July 8, 2014 When you use a pc/network that is not under your control, it is far easier for these things to happen. Let this be a lesson for you and learn from it. use a strong random password, even for a forum account, and like tiddlie stated, that neowin isn't a "Finacial institition". I do not think that it is very constructive and helpful to stick another person's nose in it and effectively say "see what you've done?". Not being a financial institution does not excuse a web site from taking appropriate and reasonable measures to ensure safety and security of its users' data, both in-flight and at rest. I commend Neowin for securing my login data and for striving even further than that by wanting to secure the login form itself. Let this be an example to other communities. And no, Neobond did not pay an exorbitant amount of money to me to say this. Link to comment Share on other sites More sharing options...
tiagosilva29 Posted July 8, 2014 Share Posted July 8, 2014 TLS + TACK by default would be good. simonlang 1 Share Link to comment Share on other sites More sharing options...
LimeMaster Posted July 8, 2014 Share Posted July 8, 2014 I do not think that it is very constructive and helpful to stick another person's nose in it and effectively say "see what you've done?". Not being a financial institution does not excuse a web site from taking appropriate and reasonable measures to ensure safety and security of its users' data, both in-flight and at rest. I commend Neowin for securing my login data and for striving even further than that by wanting to secure the login form itself. Let this be an example to other communities. And no, Neobond did not pay an exorbitant amount of money to me to say this.Well, I guess it'll be encrypted for all eventually. Bets you are glad this topic was revived? :) Link to comment Share on other sites More sharing options...
vanx Posted July 9, 2014 Share Posted July 9, 2014 Well, I guess it'll be encrypted for all eventually. Bets you are glad this topic was revived? :) If reviving this topic leads to greater security of Neowin users' data while remaining commercially sustainable for Neobond et al to operate, then yes, I am glad. Link to comment Share on other sites More sharing options...
DaveLegg Developer Posted July 18, 2014 Developer Share Posted July 18, 2014 IRC now has SSL support, on port 6697 +Zlip792 1 Share Link to comment Share on other sites More sharing options...
tiagosilva29 Posted July 18, 2014 Share Posted July 18, 2014 IRC now has SSL support, on port 6697Cool, I'd use it if I wasn't, well, banned. Link to comment Share on other sites More sharing options...
Recommended Posts