Login Page For Forums Not Secure Per Android Chrome Dev (Latest Build)

[oroechimaru]

Use the icon in top right corner... Received a warning that the login box was not secure... Possibly since https isnt in url.

 

Please check that https is forced. The link via smartphone android chrome is not secure.

 

http://support.immunet.com/index.php?app=core&module=global&section=login

 

May also need to confirm that sha1 is disabled along with ssl 1-3 and tls 1 and 1.1 if not already and any weak ciphers.

[oroechimaru]

May also want to work with web and security admins and have all admin passwords reset since these were passed unencrypted and could be used to hack.

[ritchie58]

You are absolutely correct. My Firefox browser warns me every time I log-in that this site is not secure. Although I use an app that encrypts my keystrokes while I type I still have been rather concerned about this for a while since not everyone uses a keystroke encryption algorithm. Why the powers that be do not insist on using the HTTPS encryption protocol for this site is more than a little puzzling for me. Maybe it has something to do with the current IP Board forum software 3.4.7 by Invision Power Services Inc. not supporting the HTTPS protocol. I am really glad you brought this much needed subject up though! Nice to know that I'm not the only one concerned about this issue.

 

I contacted Invision Services to see if perhaps a future software build will support HTTPS or if it's something that the Admin./Support technicians need to look into. Perhaps a setting or two just needs changed, don't know. If that is the case then that's something I can't do myself as a moderator since I don't have access to those forum settings unfortunately. They should email me back and I'll let you know what they said oroechimaru and then we'll go from there.

Cheers, Ritchie...

[CardiffDave]

You are absolutely correct. My Firefox browser warns me every time I log-in that this site is not secure. Although I use an app that encrypts my keystrokes while I type I still have been rather concerned about this for a while since not everyone uses a keystroke encryption algorithm. Why the powers that be do not insist on using the HTTPS encryption protocol for this site is more than a little puzzling for me. Maybe it has something to do with the current IP Board forum software 3.4.7 by Invision Power Services Inc. not supporting the HTTPS protocol. I am really glad you brought this much needed subject up though! Nice to know that I'm not the only one concerned about this issue.

 

I contacted Invision Services to see if perhaps a future software build will support HTTPS or if it's something that the Admin./Support technicians need to look into. Perhaps a setting or two just needs changed, don't know. If that is the case then that's something I can't do myself as a moderator since I don't have access to those forum settings unfortunately. They should email me back and I'll let you know what they said oroechimaru and then we'll go from there.

 

Cheers, Ritchie...

I've also noticed while I was creating an account that this site is not secure on my PC using Firefox, which is a bit concerning especially when Immunet is all about security, surely it should be made a priority. By the way what is a keystroke encryption algorithm ?

[ritchie58]

I was a bit dismayed that Invision Power Services Inc. never got back to me regarding this issue. Maybe they didn't want to deal with a lowly moderator on some forum that uses their software. Can't say I didn't try but at least I made them aware of the fact!

 

I use a software program that utilizes a 128bit algorithm that encrypts the signals from my keyboard and then automatically un-ecrypts the keystrokes once they reach their intended target. This way if you're unfortunate enough to be infected with some sort of keystroke recording malware (like a keylogger) all the bad guys will see is a bunch of unintelligible gibberish.