All my bookmarked http:// links have stopped working, from http://www.google.co.uk to http://keapr.com and http://wttr.in/London.png?u
I discovered by chance that editing a 's' into them (e.g. 'https://')
solved the problem. Has the use of a non-encrypted connection to
download non-sensitive data been prohibited in the last week?
All my bookmarked http:// links have stopped working, from http://www.google.co.uk to http://keapr.com and http://wttr.in/London.png?u
I discovered by chance that editing a 's' into them (e.g. 'https://')
solved the problem. Has the use of a non-encrypted connection to
download non-sensitive data been prohibited in the last week?
All my bookmarked http:// links have stopped working, from http://www.google.co.uk to http://keapr.com and http://wttr.in/London.png?u
I discovered by chance that editing a 's' into them (e.g. 'https://')
solved the problem. Has the use of a non-encrypted connection to
download non-sensitive data been prohibited in the last week?
In article <2846f10659.harriet@bazleyfamily.co.uk>, Harriet Bazley
<harriet@bazleyfamily.co.uk> wrote:
All my bookmarked http:// links have stopped working, from http://www.google.co.uk to http://keapr.com and
http://wttr.in/London.png?u I discovered by chance that editing a 's'
into them (e.g. 'https://') solved the problem. Has the use of a non-encrypted connection to download non-sensitive data been
prohibited in the last week?
Don't use a RISCOS browser much these days but I think you're right.
Went to a little used URL of a firm I know still exists via my
bookmarks and got the same. Changing to https found it again.
In article <5906f70077dave@davenoise.co.uk>, Dave Plowman (News) <dave@davenoise.co.uk> wrote:
In article <2846f10659.harriet@bazleyfamily.co.uk>, Harriet Bazley
<harriet@bazleyfamily.co.uk> wrote:
All my bookmarked http:// links have stopped working, from
http://www.google.co.uk to http://keapr.com and
http://wttr.in/London.png?u I discovered by chance that editing a 's'
into them (e.g. 'https://') solved the problem. Has the use of a
non-encrypted connection to download non-sensitive data been
prohibited in the last week?
Don't use a RISCOS browser much these days but I think you're right.
Went to a little used URL of a firm I know still exists via my
bookmarks and got the same. Changing to https found it again.
But not every http site has an https equivalent. This is a horrendous bug.
It seems like blasphemy to say it but despite what some seem to think, including Google, some sites don't need a secure connection.
In message <2846f10659.harriet@bazleyfamily.co.uk> Harriet Bazley
<harriet@bazleyfamily.co.uk> wrote:
All my bookmarked http:// links have stopped working, from http://www.google.co.uk to http://keapr.com and
http://wttr.in/London.png?u I discovered by chance that editing a 's'
into them (e.g. 'https://') solved the problem. Has the use of a non-encrypted connection to download non-sensitive data been
prohibited in the last week?
Just tried all your above links with http and they all worked fine in !NetSurf 3.10
But you will find in general, many sites are now becoming https by
default, its the way the Internet is moving, and in Firefox their is
now an option to warn/block, sites as insecure if they use http only.
other main stream browsers are following this trend.
In article <d9cafb0659.chris@mytarbis.plus.com>, Chris Hughes <news13@noonehere.co.uk> wrote:
In message <2846f10659.harriet@bazleyfamily.co.uk> Harriet Bazley
<harriet@bazleyfamily.co.uk> wrote:
All my bookmarked http:// links have stopped working, from
http://www.google.co.uk to http://keapr.com and
http://wttr.in/London.png?u I discovered by chance that editing a 's'
into them (e.g. 'https://') solved the problem. Has the use of a
non-encrypted connection to download non-sensitive data been
prohibited in the last week?
Just tried all your above links with http and they all worked fine in
!NetSurf 3.10
But you will find in general, many sites are now becoming https by
default, its the way the Internet is moving, and in Firefox their is
now an option to warn/block, sites as insecure if they use http only.
other main stream browsers are following this trend.
Contrary to what many - including Google - seem to think, some sites
don't need a secure connection.
Plus most secure websites that involve financial transactions should
now be a minimum of TLS 1.2 and preferably TLS 1.3 - The main web
browsers now block or at minimum warn you are if they are not using
those secure protocols for financial transactions.
In message <2846f10659.harriet@bazleyfamily.co.uk>
Harriet Bazley <harriet@bazleyfamily.co.uk> wrote:
All my bookmarked http:// links have stopped working, from http://www.google.co.uk to http://keapr.com and http://wttr.in/London.png?u I discovered by chance that editing a 's' into them (e.g. 'https://') solved the problem. Has the use of a non-encrypted connection to
download non-sensitive data been prohibited in the last week?
Just tried all your above links with http and they all worked fine in !NetSurf 3.10
On 2 Mar 2021 as I do recall,
Chris Hughes wrote:
In message <2846f10659.harriet@bazleyfamily.co.uk>What's even odder is that *I* just tried them from within my own
Harriet Bazley <harriet@bazleyfamily.co.uk> wrote:
All my bookmarked http:// links have stopped working, from
http://www.google.co.uk to http://keapr.com and http://wttr.in/London.png?u >>> I discovered by chance that editing a 's' into them (e.g. 'https://')
solved the problem. Has the use of a non-encrypted connection to
download non-sensitive data been prohibited in the last week?
Just tried all your above links with http and they all worked fine in
!NetSurf 3.10
Usente post and this time they worked for me, as did some other links
from my bookmarks (although the majority redirected to an https site
without my intervention); only one link failed with the "Server
returned nothing (no headers, no data)" error I was getting universally before.
I also changed any http links on the site to https. This works fine
except for my PlusNet web space. PlusNet support is totally unhelpful
when it comes to web space and there's nothing I can do about it, so
if you request https://www.minijem.plus.com/ you get:
A privacy error occurred while communicating with
www.minijem.plus.com this may be a site configuration error or an
attempt to steal private information (passwords, messages or
credit cards)
The certificate is for a different host than the server.
On the other hand http works fine.
I also changed any http links on the site to https. This works fine
except for my PlusNet web space. PlusNet support is totally
unhelpful when it comes to web space and there's nothing I can do
about it, so if you request https://www.minijem.plus.com/ you get:
A privacy error occurred while communicating with
www.minijem.plus.com this may be a site configuration error or
an attempt to steal private information (passwords, messages
or credit cards)
The certificate is for a different host than the server.
Can I use my webspace with SSL security?
In article <39ebfa0759.news@user.minijem.plus.com>, Richard Porter <ricp@minijem.plus.com> wrote:
I also changed any http links on the site to https. This works fine
except for my PlusNet web space. PlusNet support is totally unhelpful
when it comes to web space and there's nothing I can do about it, so
if you request https://www.minijem.plus.com/ you get:
A privacy error occurred while communicating with
www.minijem.plus.com this may be a site configuration error or an
attempt to steal private information (passwords, messages or
credit cards)
The certificate is for a different host than the server.
On the other hand http works fine.
That's because a secure version of http://www.minijem.plus.com/ doesn't exist. Your cert only applies to https://minimarcos.org.uk/
In article <5908055f83chrisjohnson@spamcop.net>, News
<chrisjohnson@spamcop.net> wrote:
Can I use my webspace with SSL security?
Having delved a bit more I found more guidance. They actually say that
there is no need to use https for pages that do not need encryption,
but only for pages that are encrypted. I haven't really seen that spelt
out before.
In message <590802b884tim@invalid.org.uk> Tim Hill <tim@invalid.org.uk>
wrote:
That's because a secure version of http://www.minijem.plus.com/
doesn't exist. Your cert only applies to https://minimarcos.org.uk/
Err no they are completely different sites you have listed, different organisations in fact it appears!
In article <39ebfa0759.news@user.minijem.plus.com>, Richard Porter <ricp@minijem.plus.com> wrote:
I also changed any http links on the site to https. This works fine
except for my PlusNet web space. PlusNet support is totally unhelpful
when it comes to web space and there's nothing I can do about it, so
if you request https://www.minijem.plus.com/ you get:
A privacy error occurred while communicating with
www.minijem.plus.com this may be a site configuration error or an
attempt to steal private information (passwords, messages or
credit cards)
The certificate is for a different host than the server.
On the other hand http works fine.
That's because a secure version of http://www.minijem.plus.com/ doesn't exist. Your cert only applies to https://minimarcos.org.uk/
Having delved a bit more I found more guidance. They actually say
that there is no need to use https for pages that do not need
encryption, but only for pages that are encrypted. I haven't really
seen that spelt out before.
Yes - I found that. However, I have just delved through their help
pages on their site and found the following.
Can I use my webspace with SSL security?
Yes you can. Just use https://homepages.plus.net/username/<page>
I have just tried that with my site and by golly it works. Thus you
do not appear to be able to use the direct url to your domain (in my
case chrisjohnson.plus.net) but must use the more lengthy version.
I am now away to change all refs to the old http url.
Thanks for that. I'll give it a try. Why couldn't PlusNet support
tell me that?
In message <590802b884tim@invalid.org.uk>
Tim Hill <tim@invalid.org.uk> wrote:
In article <39ebfa0759.news@user.minijem.plus.com>, Richard Porter
<ricp@minijem.plus.com> wrote:
I also changed any http links on the site to https. This works fine
except for my PlusNet web space. PlusNet support is totally unhelpful
when it comes to web space and there's nothing I can do about it, so
if you request https://www.minijem.plus.com/ you get:
A privacy error occurred while communicating with
www.minijem.plus.com this may be a site configuration error or an
attempt to steal private information (passwords, messages or
credit cards)
The certificate is for a different host than the server.
On the other hand http works fine.
That's because a secure version of http://www.minijem.plus.com/ doesn't
exist. Your cert only applies to https://minimarcos.org.uk/
Err no they are completely different sites you have listed, different organisations in fact it appears!
The date being 4 Mar 2021, Chris Hughes <news13@noonehere.co.uk> decided
to write:
In message <590802b884tim@invalid.org.uk>
Tim Hill <tim@invalid.org.uk> wrote:
In article <39ebfa0759.news@user.minijem.plus.com>, Richard Porter
<ricp@minijem.plus.com> wrote:
I also changed any http links on the site to https. This works fine
except for my PlusNet web space. PlusNet support is totally unhelpful
when it comes to web space and there's nothing I can do about it, so
if you request https://www.minijem.plus.com/ you get:
A privacy error occurred while communicating with
www.minijem.plus.com this may be a site configuration error or an >>>> attempt to steal private information (passwords, messages or
credit cards)
The certificate is for a different host than the server.
On the other hand http works fine.
That's because a secure version of http://www.minijem.plus.com/ doesn't
exist. Your cert only applies to https://minimarcos.org.uk/
Err no they are completely different sites you have listed, different
organisations in fact it appears!
There are links both ways between them. I have to be careful to use http
from minimarcos.org to minijem.plus.com. The other direction is no
problem. Just to complicate things I have minijem.org.uk which is an alias for the PlusNet domain.
Of course if I was setting up the sites today I would have steered clear
of using any ISP domain in public. In fact I should have learned that
after Argonet went titsup, but I wasn't familiar with registering domain names at that time.
Pages only need to be encrypted if they contain or seek sensitive
information which could be changed or stolen by a man-in-the-middle
attack. I never received a satisfactory explanation from a https fanboi
at Google why a public photo album or scrapbook would need to be on an encrypted website if there was no login.
It's a huge leap from a hobbyist photographer with a few photos he wants
to show off to a banking website. Of course your money needs to be secure
but websites you don't log into in any way don't need to be https.
On 2 Mar, Tim Hill wrote in message <59070b9e21tim@invalid.org.uk>:
It's a huge leap from a hobbyist photographer with a few photos he
wants to show off to a banking website. Of course your money needs to
be secure but websites you don't log into in any way don't need to be https.
But given that it's easy to do
and doesn't cost the user anything in
most cases (assuming that they have even a half-decent webhost), why
not just do it?
Doesn't cost the user anything in most cases? Have you never used a commercial ISP?
On 6 Mar, Tim Hill wrote in message <5908f9f56atim@invalid.org.uk>:
Doesn't cost the user anything in most cases? Have you never used a commercial ISP?
That's "free", by the way, because it would probably be more accurate
to say that they don't knock anything off the price for /not/ using
HTTPS.
1. I was the odd one out without HTTPS on my site, and when I finally
got around to looking into it, a quick message to my host's support
folk had Let's Encrypt enabled in five minutes. The other sites that I
look after (WROCC, Wakefield Show, theatre) have all had HTTPS enabled
for a while.
[snip]
Thanks, Theo. That's a better explanation than anyone at Google ever put forward, though credentials should only be stored for secure websites, of course and very hard to fake that to steal them.
The important thing is risk. We all take one every time we step outside
the front door. Could my local Costa have a man-in-the-middle lurking on
its WiFi to get at my HTTP sessions? It could. With the emphasis on
'could'.
Is it likely though?
[snip]
Thanks, Theo. That's a better explanation than anyone at Google ever put forward, though credentials should only be stored for secure websites, of course and very hard to fake that to steal them.
The important thing is risk. We all take one every time we step outside the front door. Could my local Costa have a man-in-the-middle lurking on its
WiFi to get at my HTTP sessions? It could. With the emphasis on 'could'.
Is it likely though?
In article <mpro.qpjip501q5tmf027a.news@stevefryatt.org.uk>, Steve Fryatt <news@stevefryatt.org.uk> wrote:
On 2 Mar, Tim Hill wrote in message <59070b9e21tim@invalid.org.uk>:
It's a huge leap from a hobbyist photographer with a few photos he
wants to show off to a banking website. Of course your money needs to
be secure but websites you don't log into in any way don't need to be https.
But given that it's easy to do
The level of difficulty involved is not the point.
and doesn't cost the user anything in most cases (assuming that they have even a half-decent webhost), why not just do it?
Doesn't cost the user anything in most cases? Have you never used a commercial ISP?
You could migrate your websites away from PlusNet to a proper hosting company.
Tim Hill <tim@invalid.org.uk> wrote:
Pages only need to be encrypted if they contain or seek sensitive information which could be changed or stolen by a man-in-the-middle
attack. I never received a satisfactory explanation from a https
fanboi at Google why a public photo album or scrapbook would need
to be on an encrypted website if there was no login.
1. Surveillance
Ask Mr Snowden about that, but also tracking companies gathering data
about you. If your packets transit an unfriendly country, expect
what you look at to be logged and sieved for interesting things.
Your ISP may profile you and sell on the data to advertisers.
2. Hijacking.
If I sit on the same network as you - for example the wifi network in
a cafe - I can hijack your HTTP sessions. That means as well as
changing what you see and where any links might go, I can run
malicious Javascript on your machine. I can make your machine
download malicious files. I can inject exploits for JS or browser vulnerabilities.
3. Cookie stealing
Given I can hijack your sessions, I may also present as some website
you do care about and steal their cookies. Now I can login to the
real website as you. (there are mitigations against this attack, but
there's always somebody who doesn't do it right)
Basically any time you use HTTP you have to trust every network
between you and the endpoint, and we don't any more live in a world
where they are trustworthy. With HTTPS you still have to trust the
endpoint, but you don't have to care about the network in between.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 294 |
Nodes: | 16 (2 / 14) |
Uptime: | 246:05:28 |
Calls: | 6,626 |
Calls today: | 2 |
Files: | 12,175 |
Messages: | 5,320,576 |