Search Mailing List Archives
[liberationtech] [HTTPS-Everywhere] httpS log-on page
brian2 at drakefamily.tk
Sat Jun 25 01:19:29 PDT 2011
This is a Firefox message. It means that although the page containing the
form was loaded over a secure connection, the URL for the form submission is
to be accessed over a non-secure connection. Getting around such
“subversion” is the one of the main points of HTTPS Everywhere.
I had always assumed that HTTPS Everywhere still works in cases like this,
but only intercepts the request after the warning you quoted is displayed to
the user. It does work, right?
(It should also be noted that this is often the result of less
security-conscious (negligent?) developers innocently hardcoding HTTP URLs
into pages, rather than an actual attempt to avoid the use of HTTPS.)
On Sat, Jun 4, 2011 at 0758 (UTC-8), Frank Corrigan <
email at franciscorrigan.com> wrote:
> The blog provider tumblr.com has introduced a very annoying override on
> it's httpS log-on page, when the log-in button is pressed a Security
> Warning pops up with:
> "Although this page is encrypted, the information you have entered is to
> be sent over an unencrypted connection and could easily be read by a
> third party.
> Are you sure you want to continue sending this information?"
> View screen capture:
> I am not seeking technical help, just to alert list members to the
> subversion of https when entering passwords and usernames/email
> addresses. Which follows on from wordpress.com removal of the S in httpS
> for any https based url posted on a blog hosted under wordpress.com,
> when the posted httpS url is also a wordpress.com blog. (like the one
> HTTPS-everywhere mailing list
> [snip] <https://mail1.eff.org/mailman/listinfo/https-everywhere>
Alternate (slightly less secure) e-mail: brian at drakefamily.tk
Alternate (old) e-mail: brianriab at gmail.com
Facebook profile: Profile ID
Twitter username: BrianJDrake <https://twitter.com/BrianJDrake>
Wikimedia project username:
inactive for a while)
All content created by me
2010–2011 Brian Drake. All rights reserved.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech