Jump to content
Hash, Inc. Forums

Archived

This topic is now archived and is closed to further replies.

ToreB

Malicious warning

Recommended Posts

Using Firefox and I get a yellow triangular caution warning in the browser bar - telling me "This website does not supply identity information"

 

I guess hash pissed off amazon, facebook, google because the forum doesn't allow bots? tracking? :D

Share this post


Link to post
Share on other sites

It looks more like you are using Yandex than Opera.

Share this post


Link to post
Share on other sites

Yandex is a big company like google providing a search engine and much more... it is opera what he is using there.

The yellow rectangle by firefox indicates, that the SSL-certificate is neighter not trused by default (!= malicious but only not recognizeable) or in this case, that certain parts of the forum are not properly SSL-certificated or accessed by http instead of https.

 

This does not mean, that the forum is automatically infected or stuff like that but only that there is mixed content on the page. That can be because for instance some forum member is referencing his avatare from somewhere else, etc.

There are many different possibilities...

 

See you

*Fuchur*

Share this post


Link to post
Share on other sites

Okay... sorry Nancy but you seem to be the winner here ;).

This is the link of your avatare: http://www.intercad-inc.com/nancy/images/wasabiwomanwelcomes.jpg

It needs to be "https://" like that... or you just upload the image to the forum.

 

But you are not the only one... this is the image which will kill the main overview:

http://www.hash.com/forums/uploads/monthly_12_2011/post-1010-1324123475.png

It should be https://...

 

If you want to test it yourself, show the source-code of the page you are on and search for 'src="http://'.

Like that you can find which images may be the problem. If you are on a page, which does not have any external images or images which are included by http:// you should see the green lock icon for firefox. (or something equal for other browsers)

 

See you

*Fuchur*

Share this post


Link to post
Share on other sites

Okay... sorry Nancy but you seem to be the winner here ;).

This is the link of your avatare: http://www.intercad-inc.com/nancy/images/wasabiwomanwelcomes.jpg

It needs to be "https://" like that... or you just upload the image to the forum.

 

But you are not the only one... this is the image which will kill the main overview:

http://www.hash.com/forums/uploads/monthly_12_2011/post-1010-1324123475.png

It should be https://...

 

If you want to test it yourself, show the source-code of the page you are on and search for 'src="http://'.

Like that you can find which images may be the problem. If you are on a page, which does not have any external images or images which are included by http:// you should see the green lock icon for firefox. (or something equal for other browsers)

 

See you

*Fuchur*

ok - it wasn't my avatar - it was in my signature - so I deleted it. The image linked to my website, that I haven't maintained in a bazillion years. But like you say, I'm not the only one. So others can potentially link to harmful sites of course.

Share this post


Link to post
Share on other sites
No warnings appear when using Chrome or Microsoft Edge.

 

That'd be my recommendation; to use one of those browsers that is. ;)

 

Meaning what...?

 

That every html link can potentially connect to a malicious site and there are ways to reduce risk.

 

As Fuchur suggests, some protocols minimize the risk. Secure Sockets Layer (SSL) is one of those and apparently the Hash Inc server doesn't have a publically signed SSL certificate (? not entirely sure about that but that would seem to be the case). What the certificate does is ensure (to the maximum extent possible) that data (credit card, personal information, etc.) transferred via the site only transfers via secure protocols (i.e. encrypted). This element of security is the S in the httpS prefix that Fuchur mentions. While not foolproof (what is?) using a secure connection does minimize risk. I do hope no one is sharing credit card, ID numbers, and other overly sensitive information here in the forum. That'd not only be dangerous but weird.

 

Note that the Hash Inc store uses Paypal to transfer sensitive purchasing data and Paypal's site has a signed certificate so risk of data loss/theft is therefore minimized. Paypal would soon find themselves out of business if they didn't. So it is reasonably safe to share sensitive data via Paypal.

Share this post


Link to post
Share on other sites

no nothing like that. Hash has a valid ssl certificate. but whenever a user uses a resource using http instead of https or some other protocol is used on the forum there are parts of the page which are not transfered by the secure protocol (https) but by the none secure one (http).

 

the notice is only given because the user is seeing https in the address bar but not everything is transfered that way. this would be a problem on a webshop when entering credit card informations and for instance a advertising of some other website is used on that page. this could mean that the credit card information are send to the advertisement partner too.

 

BUT:

you are not unsecurer on the forum than on any other website on the internet which does not use https. and that are close to all of them. only if you are doing online shopping this should be considered.

 

see you

*fuchur*

Share this post


Link to post
Share on other sites

Is it a problem to have a link that has no http or https?

 

For example in my signature is iplaymyhorn.blogspot.com

Share this post


Link to post
Share on other sites

No only if you actually load data like an image, flash, videos, iframes, etc.

 

see you

*Fuchur*

Share this post


Link to post
Share on other sites

Not to knock 3rd party browsers since I had been a long time Firefox user and more recently Opera. I have since removed them from my system and went back to Internet Explorer. I had some annoying compatibility issues with Opera and started to get flooded with spam.

After removing Opera and Opera Mail client I have virtually no spam. Curious about the bots, perhaps that's why many 3rd party browsers are free?

Share this post


Link to post
Share on other sites

Would be very bad but I can't say that I have heard about that till now. (Which does not mean it is impossible). Maybe you have a plugin or add on installed which caused that? Or there was a security hole in opera causing that... I never used opera (never was my browser of choice for one reason or the other). I am using Firefox as it is a browser with great compatibility, high security and is created by a "charity" foundation(no big company trying to sell my data as it would be with chrome).

 

Internet explorer is useable again (ie11 or edge) but compared to the other two big players (ff and chrome) it is said to have longer fixing times of security holes and less html5 features. However it is quite fast and much better than ie10 and i see no bigger problem with using it...

Share this post


Link to post
Share on other sites

×