There is a little padlock with a red line through it. next to the little purple shield.

I think that there was never a red line through it before, or am I wrong ?

who or what decides weather the connection is secure , or not .

is your connection secure ?

Mine has said "not secure" for quite awhile.

I'm not sure what the heck it means. I've very secure..

Many browsers warn if the site you are going to is not https: but rather http: Not a big deal unless you are going to be entering confidential information.

Might be best asked in the SIGforum Office section. It's the same on mine. I think Para has addressed this before when asked.

Just don't order sushi from the classifieds.

You got to have the secret code.

Obviously, someone hasn't signed his waiver.

There's no reason for Sigforum to use a secure connection. You're not transmitting any information that needs to be secured, like personal identity info, bank account or credit card info, or the like.

So there's nothing of value to a hacker being transmitted, as long as you're not using the same password for every website you visit. (You aren't, are you? That's considered to be a Very Bad Thing...)

That has been true for quite some time now and those who were concerned the last time it was discussed here have evidently gotten over their angst or found a secure site with all the information this provides.

A short primer on https versus http:

Communications between a client and a server always assumes the client is trusted. It's the server's responsibility to confirm its identity. In typical webspeak, http makes the assumption that both client and server are who they say they are. However, with all of the identity breaches these days, more and more sites are installing certificates from trusted Certificate Authorities (CA). When you use https, you are asking for a certificate exchange to confirm the server is indeed, who it claims to be (side note: browsers also have certificates from trusted CAs).

There are three levels of authentication available: Required, requested and none. There is also mutual authentication, which is also a setting. All of this is managed through your browser "cookies."

So, in essence, SigForum is available through http, which does not require a secure handshake. No need to worry, unless you started including personally identifiable information (PII) in your posts.

quote:

Originally posted by fpuhan:
No need to worry, unless you started including personally identifiable information (PII) in your posts.

And if you did, a secure connection wouldn't help with that. This is a public forum, and you don't have to be logged in, or even have an account at all, in order to read every post.

So if you're posting PII in the open here, it's going to be read by anyone and everyone, secure connection or not.

quote:

Originally posted by RogueJSK:
There's no reason for Sigforum to use a secure connection. You're not transmitting any information that needs to be secured, like personal identity info, bank account or credit card info, or the like.

So there's nothing of value to a hacker being transmitted, as long as you're not using the same password for every website you visit. (You aren't, are you? That's considered to be a Very Bad Thing...)

Which is enough reason on its own, since most folks aren't aware of the problem.

Wait, most people aren't aware that they shouldn't reuse the same password between all websites?! That's like Rule #2 of passwords, right behind Don't use "password" as your password.

Even besides non-secured online transmissions being potentially intercepted, forums and other less secure websites are constantly being hacked, and the usernames, account email addresses, and passwords stolen. (This is not a new or obscure issue.)

So if Joe Hacker is able to easily snag your email address and password by lackadaisically breaking into the minimally secure "Tony's Tractor Talk" forum, or the customer database at "Best Begonias and Bagels" where you placed an online order that one time 7 years ago, he shouldn't be able to turn around and log into your ultra secure bank account simply by using that same email and password. Or log into your email account by using that same password. Or really any other online account by using that same email and password.

quote:

Originally posted by RogueJSK:
There's no reason for Sigforum to use a secure connection. You're not transmitting any information that needs to be secured, like personal identity info, bank account or credit card info, or the like.

So there's nothing of value to a hacker being transmitted, as long as you're not using the same password for every website you visit. (You aren't, are you? That's considered to be a Very Bad Thing...)

That described me some years back but the forum turned me onto such a thing known as a password manager.
The things I've learned here.

I use four different passwords on the innernet,

for four separate places

quote:

Originally posted by RogueJSK:
There's no reason for Sigforum to use a secure connection.

That is simply not true. There are many good reasons every web site should use HTTPS, and only HTTPS. But SF's management has consciously chosen not to, so I'll not belabor the point.

quote:

Originally posted by wrightd:
Which is enough reason on its own, since most folks aren't aware of the problem.

"Since..." what?!?! In the realm of network security "What they don't know won't hurt them" most certainly does not apply.

quote:

Originally posted by ensigmatic:
But SF's management has consciously chosen not to, so I'll not belabor the point.

You want to talk out of your ass, do it somewhere else, professor.

Yeah, you're in real danger here, and it's our fault. So Goddamned ridiculous and pointless. Feel better, professor? You don't have the slightest fucking idea of what choices I have with this setup. Damn, how silly.

Locked