Enforcing HTTPS
03-11-2018, 05:40 AM,
Post: #1
Enforcing HTTPS
I'm updating the board to enforce HTTPS connections. Sandwich
If you had to login again, well, Goth

Salute
03-11-2018, 07:28 AM,
Post: #2
RE: Enforcing HTTPS
Is this where we complain for the poorly provided free service?
Clubbie Clubbie Clubbie Clubbie Clubbie Clubbie Clubbie Clubbie ClubbieClubbieClubbieClubbieClubbie




03-11-2018, 09:19 AM, (This post was last modified: 03-11-2018, 09:20 AM by Gippy.)
Post: #3
RE: Enforcing HTTPS
totes

You can submit inquiries via email to d.null@treefort54.com
A massage doesn't always have to lead to sex, but if it doesn't then you're doing it wrong.
flickr | Stupid Blog | Twitter
03-11-2018, 09:24 AM,
Post: #4
RE: Enforcing HTTPS
BTW: This is what reminded me to finish the HTTPS migration here.

Quote:Targeted users in Turkey and Syria who downloaded Windows applications from official vendor websites including Avast Antivirus, CCleaner, Opera, and 7-Zip were silently redirected to malicious versions by way of injected HTTP redirects. This redirection was possible because official websites for these programs, even though they might have supported HTTPS, directed users to non-HTTPS downloads by default. Additionally, targeted users in Turkey and Syria who downloaded a wide range of applications from CBS Interactive’s Download.com (a platform featured by CNET to download software) were instead redirected to versions containing spyware. Download.com does not appear to support HTTPS despite purporting to offer “secure download” links.

https://citizenlab.ca/2018/03/bad-traffi...key-syria/
A massage doesn't always have to lead to sex, but if it doesn't then you're doing it wrong.
flickr | Stupid Blog | Twitter
03-11-2018, 01:03 PM,
Post: #5
RE: Enforcing HTTPS
(03-11-2018, 09:24 AM)Gippy Wrote: BTW: This is what reminded me to finish the HTTPS migration here.

Quote:Targeted users in Turkey and Syria who downloaded Windows applications from official vendor websites including Avast Antivirus, CCleaner, Opera, and 7-Zip were silently redirected to malicious versions by way of injected HTTP redirects. This redirection was possible because official websites for these programs, even though they might have supported HTTPS, directed users to non-HTTPS downloads by default. Additionally, targeted users in Turkey and Syria who downloaded a wide range of applications from CBS Interactive’s Download.com (a platform featured by CNET to download software) were instead redirected to versions containing spyware. Download.com does not appear to support HTTPS despite purporting to offer “secure download” links.

https://citizenlab.ca/2018/03/bad-traffi...key-syria/

wow. I'm glad I use Ninite for all my program downloads.
03-11-2018, 01:16 PM,
Post: #6
RE: Enforcing HTTPS
Apps like Ninite can still be fooled if the publisher is advertising a non-secure download location. At that point even the fetched verification hash would be suspect.
A massage doesn't always have to lead to sex, but if it doesn't then you're doing it wrong.
flickr | Stupid Blog | Twitter
03-11-2018, 09:18 PM,
Post: #7
RE: Enforcing HTTPS
The page at https://treefort54.com/mies/thread-2761.html was allowed to display insecure content from http://top-frog.com/stuff/wookiee-family...1488429681Whaa
03-12-2018, 03:51 AM,
Post: #8
RE: Enforcing HTTPS
Cry indeed!
03-12-2018, 12:46 PM,
Post: #9
RE: Enforcing HTTPS
heh.
My logic is infallible. Resistance is futile.


Forum Jump: