Web site Security
  • Register
  • Help
Page 1 of 5 12345 Last
Results 1 to 25 of 104
Like Tree10Likes

Thread: Web site Security

  1. #1
    Fellow Frogger!
    Join Date
    Feb 2011
    Location
    brisbane Au
    Posts
    866

    Default Web site Security

    Well does anybody else using Firefox 52 get an AF insecure site warning [the locked padlock with the red line through it] in the URL bar. This also triggers a security drop down window in both user and password bars. According to Firefox this a warning that the site uses the insecure address HTTP:// instead of HTTPS:// and should be changed to prevent any security breaches.
    Evidently Firefox introduced this feature in their latest browser update. Recommended changes have included delete cookies and change password, did that, but of course it failed because the site address is still the same. Checked several other sites and those using Https:// are fine but those still using Http:// send up the insecure site message. It's just annoying is all. Any Takers?. Tony.

    Advertisement
    Last edited by shanadoo; 14th March 2017 at 10:13 AM.

  2. #2
    1000+ Posts robmac's Avatar
    Join Date
    Nov 2004
    Location
    Melbourne / Caulfield
    Posts
    14,965

    Default

    I'm using Chrome Version 56.0.2924.87, with no such warnings.
    Mutual Respect is Contagious


  3. #3
    Banned
    Join Date
    Nov 2004
    Location
    sydney, australia
    Posts
    11,356

    Default

    Quote Originally Posted by shanadoo View Post
    Any Takers?. Tony.
    perhaps there is a trusted site list somewhere in FF?

    Click the 3 horizontal lines icon on the far right of the Address bar.
    *Options
    *Security
    *click on top Exceptions button
    *enter the AF URL
    *Save

    that might work
    Last edited by alexander; 13th March 2017 at 12:10 PM.

  4. #4
    1000+ Posts robmac's Avatar
    Join Date
    Nov 2004
    Location
    Melbourne / Caulfield
    Posts
    14,965

    Default

    Quote Originally Posted by alexander View Post
    perhaps there is a trusted site list somewhere in FF?

    Click the 3 horizontal lines icon on the far right of the Address bar.
    Click on Settings, scroll to the bottom and click the Show Advanced Settings link.
    Click on Change proxy settings.
    Click the Security tab > Trusted Sites icon, then click Sites.
    Enter the URL of your Trusted Site, then click Add.
    Click Close > OK.
    How to trusted sites added to Mozilla Firefox - Surfthenetsafely.com
    Mutual Respect is Contagious


  5. #5
    1000+ Posts
    Join Date
    Jun 2013
    Location
    Sydney
    Posts
    6,095

    Default

    AF doesn't support an encrypted https port 443 connection. Attempting one will get an SSL certificate error.

  6. #6
    Banned
    Join Date
    Nov 2004
    Location
    sydney, australia
    Posts
    11,356

    Default

    apparently! the question is what to do about it.

  7. #7
    1000+ Posts robmac's Avatar
    Join Date
    Nov 2004
    Location
    Melbourne / Caulfield
    Posts
    14,965

    Default

    And in space of things if it really matters for most of us.

    IE, FF and Opera seem to work OK on AF without unnecessary annoyances.

    Edit: I treat browsers the same as all software: it they make life unnecessarily difficult . I uninstall them and replace with software that is more user friendly.

    Life is too short to have software "tell you" how to browse.
    Steve Turner likes this.
    Mutual Respect is Contagious


  8. #8
    JBN
    JBN is offline
    1000+ Posts JBN's Avatar
    Join Date
    Nov 2010
    Location
    Sydney
    Posts
    7,130

    Default

    I don't know why we need a secure website. After all, AF caters mainly for people who are insecure about the car that they drive.

    John

  9. #9
    1000+ Posts
    Join Date
    Jun 2013
    Location
    Sydney
    Posts
    6,095

    Default

    apparently! the question is what to do about it.
    Edit your bookmark, or use a local proxy to translate the URL.

    Some browsers after notifying the certificate error on 443 will revert to the port 80 site where AF lives.

  10. #10
    Banned
    Join Date
    Nov 2004
    Location
    sydney, australia
    Posts
    11,356

    Default

    Quote Originally Posted by seasink View Post
    Edit your bookmark, or use a local proxy to translate the URL.

    Some browsers after notifying the certificate error on 443 will revert to the port 80 site where AF lives.
    sure, but the OP is asking for specific assistance. the above may be generally True, but doesnt actually say what to do.
    so if you know exactly what to do, then say.

  11. #11
    1000+ Posts robmac's Avatar
    Join Date
    Nov 2004
    Location
    Melbourne / Caulfield
    Posts
    14,965

    Default

    Use a different browser

    I diced FF after it refused to work on ATO Superannuation portal.
    Mutual Respect is Contagious


  12. #12
    Banned
    Join Date
    Nov 2004
    Location
    sydney, australia
    Posts
    11,356

    Default

    yes, that is an alternative strategy, but still doesnt answer shanadoo's question.

  13. #13
    Fellow Frogger!
    Join Date
    Feb 2011
    Location
    brisbane Au
    Posts
    866

    Default

    Quote Originally Posted by JBN View Post
    I don't know why we need a secure website. After all, AF caters mainly for people who are insecure about the car that they drive.

    John
    All about web site user name and password security I suppose not AF specific. There's probably a lot of trawlers of the web using the same password for multiple sites which may be affected. But I don't do that and the security padlock in the address bar, nor the login warning is no big issue.
    It doesn't affect any search request, doesn't send up the 404 or whatever, but it's still a supposed security issue which remains on those with an http:// address.
    I Just wondered if any froggers have encountered this issue and whether they did anything about it. Maybe the AF URL will be changed soon anyway.
    For my usage FF works well, and Chrome is pathetic. But then the desktop is like me, old and crappy requiring constant attention.
    Last edited by shanadoo; 14th March 2017 at 10:26 AM.

  14. #14
    1000+ Posts
    Join Date
    Jun 2013
    Location
    Sydney
    Posts
    6,095

    Default

    It isn't a true security issue at all. It's just clunky Firefox. Since AF is connected on port 80 the web pages are sent to you in human-readable markup text. The same holds for your posting back. The principle eavesdroppers are police under current laws, or your neighbours if your wireless is unencrypted. AF doesn't exactly provide information worth much to a criminal.

    HTTPS sites connect on port 443 and encrypt the traffic so that eavesdroppers have a hard time. Firefox wants every site to provide this service. The spooks still record your connection to the site.

    I am currently using the new Vivaldi browser, v1.7, (intended to replace Opera 12.16, the last true Opera, but aging); it's fast and secure. It uses the same rendering engine as Chrome, with a much better interface.

  15. #15
    Fellow Frogger
    Join Date
    Jan 2004
    Location
    Sydney
    Posts
    8,113

    Default

    Quote Originally Posted by robmac View Post
    ... I diced FF after it refused to work on ATO Superannuation portal.
    Probably not the fault of the browser. AUSKey, which you would have needed to access the ATO portal has been problematic on all browsers over the years. It's been notoriously flakey. Sometimes it has apparently been a problem at the ATO end. In any case, like Chrome, Firefox is about to dump support for the old Netscape extension interface NAPI, which Java relies on to be a browser plug-in, which AUSKey in turn relies upon. So Firefox users need to obtain the ATO's AUSKey Firefox extension instead. Then you can use a mygov logon for easier access and ditch AUSKey. Or you change to IE, which continues to support the Java plugin.

  16. #16
    1000+ Posts
    Join Date
    Jun 2013
    Location
    Sydney
    Posts
    6,095

    Default

    Or be like me and use only paper transactions, on the grounds that the ATO hasn't a clue about coding.

  17. #17
    Fellow Frogger
    Join Date
    Jan 2004
    Location
    Sydney
    Posts
    8,113

    Default

    The issue relates to the log-on, not general website browsing. Firefox 52 now warns when a logon is not via a secure connection.

  18. #18
    1000+ Posts robmac's Avatar
    Join Date
    Nov 2004
    Location
    Melbourne / Caulfield
    Posts
    14,965

    Default

    Quote Originally Posted by seasink View Post
    Or be like me and use only paper transactions, on the grounds that the ATO hasn't a clue about coding.
    Certain transactions and reports can only be done through the ATO portal. Security is via an Auskey. FF doesn't support the Auskey software.

    If you administer a SMSF. ATO portal access is essential for both speed and convenience. ATO use the portal to communicate with the fund manager.

    For me the less paper the better.

    And if you comply with the ATO rules, and keep adequate records you have nothing to worry about.

    EDIT:
    If you were aware of how data matching the ATO carry you may revise your opinion that "the ATO hasn't a clue about coding'.

    We have just experienced an instance first hand, which was as a result of an title registration stuff up.
    Last edited by robmac; 14th March 2017 at 11:55 AM.
    Mutual Respect is Contagious


  19. #19
    1000+ Posts
    Join Date
    Jun 2013
    Location
    Sydney
    Posts
    6,095

    Default

    Rob I am quite aware of the data matching. I suggest you instead examine closely some ATO code.

  20. #20
    1000+ Posts robmac's Avatar
    Join Date
    Nov 2004
    Location
    Melbourne / Caulfield
    Posts
    14,965

    Default

    Quote Originally Posted by seasink View Post
    I suggest you instead examine closely some ATO code.
    What a futile exercise. I can't change anything and their "code" works perfectly for me.

    I've got better things to do. As long as "their code" is not virus raddled, the way ATO choose to code their website is immaterial.

    The same as many websites on the internet - not all are perfectly coded however still somehow seem to work and display.

    Life ain't perfect nor is coding.
    Mutual Respect is Contagious


  21. #21
    Banned
    Join Date
    Nov 2004
    Location
    sydney, australia
    Posts
    11,356

    Default

    it is certainly true that federal government portals are badly constructed, from the POV of the user!
    they are nothing like using commercial websites. despite that, however, it is alot easier than sitting on hold for an hour.
    robmac likes this.

  22. #22
    Banned
    Join Date
    Nov 2004
    Location
    sydney, australia
    Posts
    11,356

    Default

    Quote Originally Posted by seasink View Post
    I suggest you instead examine closely some ATO code.
    what are you concerned about that may impact you negatively?

  23. #23
    Fellow Frogger
    Join Date
    Jan 2004
    Location
    Sydney
    Posts
    8,113

    Default

    Quote Originally Posted by alexander View Post
    it is certainly true that federal government portals are badly constructed, from the POV of the user!
    they are nothing like using commercial websites. despite that, however, it is a lot easier than sitting on hold for an hour.
    Agreed, most govt websites are fairly clunky, like the horse designed by a committee result, but I think seasink is referring to security concerns when he refers to their code. The cosmetic layout and function give you little indication of whether or not the underlying backend is full of security holes.

  24. #24
    1000+ Posts robmac's Avatar
    Join Date
    Nov 2004
    Location
    Melbourne / Caulfield
    Posts
    14,965

    Default

    whether or not the underlying backend is full of security holes.
    I would respectfully suggest, based on checking my own router log, that if there are "holes" they would have been exploited by now.

    The ATO would be "prized site" to successfully hack, and there is more than one group keen to try.
    Mutual Respect is Contagious


  25. #25
    Veni Vidi Posti 68 404's Avatar
    Join Date
    Oct 2005
    Location
    Rome
    Posts
    2,472

    Default

    I grew tired of FireFox and decided to try Yandex.

    Excellent.

    Dave
    2009 Renault Laguna 2.0 dCi wagon
    ​1997 BMW K1200RS

    IR655
    (George Bush Snr): "I'll never apologize for the United States of America. Ever, I don't care what the facts are."


Page 1 of 5 12345 Last

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •