PDA

View Full Version : Firefox security warning



Yorkie
9-Mar-2017, 01:54
The latest version of Firefox on my iMac is reporting that the login page is not a secure connection and says that the URL should begin with https:// and not the plain unsecured http://

Could the Mods comment on this please?

Thank you.

Ralph Barker
9-Mar-2017, 08:03
I'm not sure yet what prompted the Firefox folks to implement this change in the latest version. However annoying it might be, I don't see this as an issue for us, since we aren't transmitting sensitive data in posts here.

IanG
9-Mar-2017, 09:14
It's a service provider issue rather than this site someone had a similar issue with APUG yesterday. I had similar with na new Forum but that was insecure as the Admin set-up files hadn't been deleted.

Ian

Darren Kruger
9-Mar-2017, 09:24
I'm not sure yet what prompted the Firefox folks to implement this change in the latest version. However annoying it might be, I don't see this as an issue for us, since we aren't transmitting sensitive data in posts here.

I believe Firefox considers user passwords as sensitive data.

-Darren

neil poulsen
9-Mar-2017, 09:25
What version of OSX are you using?

While I don't know whether or not something similar is occurring with older OSX versions, I just got a notice that Firefox will no longer support XP. And, Firefox has been acting strangely on my system. Some pages, even on the Forum, don't display correctly.

I know, I know, I'm still using XP. :o

I may have to upgrade to something more recent. But I guarantee, it won't be current.

Michael Clark
9-Mar-2017, 16:36
I have the same warning going on with Firefox on Apug and LFF.

Two23
9-Mar-2017, 16:38
I quit using Firefox a couple of years ago. I really dislike the company.


Kent in SD

scm
9-Mar-2017, 18:00
A New Firefox Feature Will Help You Keep Your Passwords Safe (https://www.forbes.com/sites/leemathews/2017/03/09/a-new-firefox-feature-will-help-you-keep-your-passwords-safe/#2d19886f4a0b)

Sal Santamaura
9-Mar-2017, 18:11
I quit using Firefox a couple of years ago. I really dislike the company...Why?

domaz
9-Mar-2017, 19:45
This site doesn't have an SSL security certificate or an HTTPS URL that I'm aware of so the login warning makes sense. Do not login to this site over an unsecure wireless connection as their is potential for your authentication cookie to be stolen and someone to basically "assume" your session, using quite trivial hacking tools. Having said that the security of my LFF account is kind of the last on my list of online account priorities.

Graham Patterson
10-Mar-2017, 12:59
The Firefox ESR release has not received this automation yet. But the web is moving towards encryption for whole sites, not just credential pages.

[I had one of my users flag a site for me at work yesterday because of this - the login page was unsecured, and used an iframe for the https link to the login page. It was flagged correctly, but confused the user, as they have used this site previously. I reached out to the site owner and it will probably be adjusted.]

Chance2
10-Mar-2017, 17:32
Why?

I suspect it's related to a topic(s) this site doesn't permit discussion of, but don't want to go there...

Sal Santamaura
10-Mar-2017, 22:01
I suspect it's related to a topic(s) this site doesn't permit discussion of, but don't want to go there...OK, thanks for prompting me to do some research. I had no idea there was any controversy about Mozilla on that topic.

Firefox has been my primary browser for years. Although Edge, which came with my Windows 10 machine, is a great improvement over Explorer, Firefox is still much quicker and renders pages in a way more to my liking. Knowing what you motivated me to find out about Mozilla only reinforces what a good choice Firefox is. I suggest anyone who hasn't tried it download the latest version and find out for themselves.

Tom Westbrook
12-Mar-2017, 05:49
The SSL thing has been creeping up on us for a while, but we'll probably go the SSL route at some point in the next 6 months, give or take. It's just that a trusted certificate costs money & since we're non-commercial & don't sell anything thru the site itself, we'll have to find a certificate authority at the best price to satisfy our needs & commit to a new recurring maintenance expense to renew SSL certificate (they all expire at some point) when needed.

Until then, if you're concerned about security here (and you should be concerned about security everywhere on the 'net), we strongly recommend using a different, strong password here than on any other site. A password manager (https://en.wikipedia.org/wiki/Password_manager) like LastPass, 1Password, etc. makes this a easier.

MIke Sherck
12-Mar-2017, 07:22
The only serious potential I can see would be if someone got the password for a little-used account, changed it to an email accessible to them and then bought items. There's a potential for fraud, I'm not sure how serious. I don't mind Firefox trying to let folks know about this sort of thing; a lot of people don't give security a second thought.

Mike