Jump to content

Some sections in this forum are not fully encrypted


yongsua

Recommended Posts

Hi, I have realized some pages of this forum are not fully encrypted, as the picture shown below.

 

post-6379-0-72420900-1425308230_thumb.jpg

 

Sorry if I annoy anyone here, but I just do not want ESET later to have similar issue  like Avast! forum and Malwarebytes forum that were exploited. How ironic was that  :rolleyes:

Edited by yongsua
Link to comment
Share on other sites

  • Administrators

This is just a forum where posts may contain links to other unsecured websites, hence the warning. In the future, we'll probably remove https support and keep it for login only.

Link to comment
Share on other sites

This is just a forum where posts may contain links to other unsecured websites, hence the warning. In the future, we'll probably remove https support and keep it for login only.

 

Oh I see. Thanks...

Link to comment
Share on other sites

Not directly links but things included.

I think I already reported this issue with mixed content. And I think the reason was mostly because of Twitter profile pictures from users who linked there account to Twitter.

Why do you want to remove HTTPS support? That's strange. If you already have it and already have to pay for the certificate just leave it there.

Link to comment
Share on other sites

Now I found the thread: Forum specific: Mixed content

You can also see that the source of this issues are the Twitter pictures, because not on every forum site appears this issue.

 

So this issue is already known some months. @Marcos said they "have been considering possible solutions".

But I never would have thought that this "solution" would be to remove the SSL/TLS encryption...

The best, simplest (and maybe the only) solution is to adjust the Twitter integration in a way that it doesn't call hxxp://twimg.com/..., but https://twimg.com/...!

 

And BTW if we're already talking about the TLS/SSL security of this forum, then please use SHA-2 for your next certificate and deactivate SSL v3. It would also be a nice idea to activate the support for TLS v 1.2.

Edited by rugk
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...