This login is insecure - trainz forum

[johnwhelan]

It's started to appear the last few times I've logged into the forum.

Could someone wave a magic wand and make the message go away? ie fix the problem.

Thanks John

 

[SailorDan]

Could someone wave a magic wand and make the message go away?

I see no reason to inconvenience everyone else just because Google has suddenly taken a holier-than-thou stance on security.

 

[pware]

It's started to appear the last few times I've logged into the forum.

Could someone wave a magic wand and make the message go away? ie fix the problem.

I have never experienced that. Is the message coming from your browser password manager or perhaps a third party password manager that is keeping tabs on what you type into logon dialogues?

 

[Pug]

I have never experienced this message.

 

[TINE]

http://forums.auran.com/trainz/showthread.php?141449-This-login-is-insecure-trainz-forum

https://forums.auran.com/trainz/showthread.php?141449-This-login-is-insecure-trainz-forum




Even the secure connection has non secure content due to pictures and signatures that contain images that come from servers which have no ssl (secure)service.

So everyone gets this message if they connect to the second url.

It might go away if you don't use the second url.

But if you use "https everywhere" https://www.eff.org/https-everywhere then you are forced to use ssl.
Its possible your browser is forcing you to use ssl, or is using it because it sees its available.

Your browser has a way to turn the message off if you would like to still use the ssl site(which is recommended)
Just do a google serch on how to turn off that exact message with your browser type.

 

[shaneturner12]

There is a possibility to what I can see of non-secure content although that shouldn't be the case on the login page. The only aspects like that I can see are timeline related or signatures.

Shane

 

[TINE]

There is a possibility to what I can see of non-secure content although that shouldn't be the case on the login page. The only aspects like that I can see are timeline related or signatures.

Shane

Specifically, the offending files are:

http://forums.auran.com/trainz/images/trainzproducts2/12.png
http://forums.auran.com/trainz/images/trainzproducts2/15th-anniversary.png
http://forums.auran.com/trainz/images/trainzproducts2/2004.png
http://forums.auran.com/trainz/images/trainzproducts2/2006.png
http://forums.auran.com/trainz/images/trainzproducts2/2009.png
http://forums.auran.com/trainz/images/trainzproducts2/2010.png
http://forums.auran.com/trainz/images/trainzproducts2/droid.png
http://forums.auran.com/trainz/images/trainzproducts2/end_bottom.png
http://forums.auran.com/trainz/images/trainzproducts2/end_top.png
http://forums.auran.com/trainz/images/trainzproducts2/ipad.png
http://forums.auran.com/trainz/images/trainzproducts2/paint.png
http://forums.auran.com/trainz/images/trainzproducts2/spacer.png
http://forums.auran.com/trainz/images/trainzproducts2/start.png
http://forums.auran.com/trainz/images/trainzproducts2/TANE-Col.png
http://forums.auran.com/trainz/images/trainzproducts2/TANE-Dlx.png
http://forums.auran.com/trainz/images/trainzproducts2/TANE-Std.png
http://forums.auran.com/trainz/images/trainzproducts2/tc2.png
http://forums.auran.com/trainz/images/trainzproducts2/tc3.png
http://forums.auran.com/trainz/images/trainzproducts2/tdrv.png
http://forums.auran.com/trainz/images/trainzproducts2/TMR2017.png
http://forums.auran.com/trainz/images/trainzproducts2/trainz.png
http://forums.auran.com/trainz/images/trainzproducts2/utc.png
http://images.n3vgames.com/forum/kickstarter/badge/18.png
http://images.n3vgames.com/forum/kickstarter/badge/3.png

These connected via ssl and are ok.

https://forums.auran.com/trainz/clear.gif
https://forums.auran.com/trainz/clear.gif
https://forums.auran.com/trainz/clear.gif
https://forums.auran.com/trainz/clientscript/ckeditor/skins/kama/images/sprites.png
https://forums.auran.com/trainz/favicon.ico
https://forums.auran.com/trainz/images/avatars/BR92_1L.gif
https://forums.auran.com/trainz/images/avatars/ConnDOTfl9left.gif
https://forums.auran.com/trainz/images/avatars/FC-48classLeft.gif
https://forums.auran.com/trainz/images/avatars/Stirling.gif
https://forums.auran.com/trainz/images/avatars/upchallenger.gif
https://forums.auran.com/trainz/images/buttons/collapse_40b.png
https://forums.auran.com/trainz/images/buttons/edit_40b.png
https://forums.auran.com/trainz/images/buttons/multiquote_40b.png
https://forums.auran.com/trainz/images/buttons/multiquote-back_40b.png
https://forums.auran.com/trainz/images/buttons/newbtn_middle.png
https://forums.auran.com/trainz/images/buttons/quote_40b.png
https://forums.auran.com/trainz/images/buttons/reply_40b.png
https://forums.auran.com/trainz/images/buttons/reply_40b.png
https://forums.auran.com/trainz/images/buttons/report-40b.png
https://forums.auran.com/trainz/images/buttons/search.png
https://forums.auran.com/trainz/images/buttons/viewpost-right.png
https://forums.auran.com/trainz/images/editor/sprite.png
https://forums.auran.com/trainz/images/gradients/generic_button.png
https://forums.auran.com/trainz/images/gradients/gradient-grey-down.png
https://forums.auran.com/trainz/images/gradients/gradient-greytowhite.png
https://forums.auran.com/trainz/images/gradients/selected-tab-gradient-with-top-alpha.png
https://forums.auran.com/trainz/images/icons/icon1.png
https://forums.auran.com/trainz/images/misc/arrow.png
https://forums.auran.com/trainz/images/misc/black_downward_arrow.png
https://forums.auran.com/trainz/images/misc/blog/blogpost_40b.png
https://forums.auran.com/trainz/images/misc/navbit-arrow-right.png
https://forums.auran.com/trainz/images/misc/navbit-home.png
https://forums.auran.com/trainz/images/misc/progress.gif
https://forums.auran.com/trainz/images/misc/progress.gif
https://forums.auran.com/trainz/images/misc/quote_icon.png
https://forums.auran.com/trainz/images/misc/quote-left.png
https://forums.auran.com/trainz/images/newforum/statusicon/post_old.png
https://forums.auran.com/trainz/images/newforum/statusicon/user-offline.png
https://forums.auran.com/trainz/images/newforum/statusicon/user-offline.png
https://forums.auran.com/trainz/images/newforum/statusicon/user-online.png
https://forums.auran.com/trainz/images/newforum/statusicon/user-online.png
https://forums.auran.com/trainz/images/newforum/statusicon/user-online.png
https://forums.auran.com/trainz/images/newforum/statusicon/user-online.png
https://forums.auran.com/trainz/images/rating/rating-15_0.png
https://forums.auran.com/trainz/images/rating/rating-15_1.png
https://forums.auran.com/trainz/images/rating/rating-15_2.png
https://forums.auran.com/trainz/images/rating/rating-15_3.png
https://forums.auran.com/trainz/images/rating/rating-15_4.png
https://forums.auran.com/trainz/images/rating/rating-15_5.png
https://forums.auran.com/trainz/images/site_icons/add.png
https://forums.auran.com/trainz/images/site_icons/article.png
https://forums.auran.com/trainz/images/site_icons/blog.png
https://forums.auran.com/trainz/images/site_icons/forum.png
https://forums.auran.com/trainz/images/site_icons/homepage.png
https://forums.auran.com/trainz/images/site_icons/message.png
https://forums.auran.com/trainz/images/site_icons/profile.png
https://images.n3vgames.com/websites/forum/forum-logo.png
https://images.n3vgames.com/websites/forum/tane_forum.png
https://images.n3vgames.com/websites/forum/td16_forum.png

That just on this thread.

I suppose I would need to go to the login page to find the offending urls.

 

[TINE]

I just stepped through from login to this thread.

The ssl connection is secure all the way in until this thread loads, and its from the non ssl urls in that list.

So a browser should only throw this message once the OP enters any thread with any of the non-ssl images listed above.

N3V needs to change those image urls to use the ssl url, when the client is using ssl.

But that will not solve any linked images and such.

The true answer is to ignore it, or turn off the notification for this site (forums.auran.com), because even if N3V fixes the urls, peoples signatures and postimages will make the message come back.

The entire WEB is switching to SECURE, and this is the result, sites not having secure ability.

The only time this is an issue to be concerned with is if you are purchasing something and the web store you purchase from causes your browser to show that message, this might indicate your transaction is being recorded.
If I ever tried to purchase something at a site that said this, i would stop, and purchase on the phone, in person, or contact the company.

Even when SOME connections your computers browser makes are insecure, that doesn't mean the secure connections are compromised.
Browsers connect to hundreds of sites at once using multi-threaded connections, and some, are bound to be insecure.

When you have insecure connections the risk is that a middle man attack could be possible. So unlikely tho, many conditions must be met for that.


Just don't buy things on a web-store which has that message, on a wireless connection in a coffee shop that has no password for the wireless, and your ok. (you know how many people do that? its crazy)
If I wanted to be a criminal, id data mine local coffee shops. (but even then most browsers and webstores encrypt the socket that is transferring the payment info, so it would be pretty futile, i might enjoy some coffee, but not much else)

 

[boleyd]

With increased need for security this type of error shows in some other sites. I would expect to see more stringent error checking. Pictures do indeed seem to be the greatest offenders. Poorly informed people will engage in the usual "freedom of speech" debate. This does nothing to restrict the pictures except to show that they could have been altered. It shocked me when I first saw it a few weeks ago given the Equifax and Yahoo hacks. I spent some time trying to find out why, and even accused one site of trying to infect my little PC. Google will probably "tighten the screws" even more. Windows10 Fall Update will also be tighter, but does anybody use Edge?
Dick

 

[johnwhelan]

The message is coming from Firefox and relates to the login only. If it remembers the login there isn't a problem.

Cheerio John

 

[clam1952]

Never had that on this forum with Firefox, plenty of other sites though including my router! That seems to have been fixed in the last couple of updates though, I did go and complain about it to the developers along with a lot of others!