Can a website direct you to a webpage that has a https:// connection and still be unsecure? I've noticed that NS will not force such a website to be secure.
An example is Grandtea.com at http://www.grandtea.com/
Is an https:// connection always secure?
Is an https:// connection always secure?
Phule
FireFox 56.0,NoScript 5.1.2, BetterPrivacy-1.77
Adblock Plus 2.9.1. Mac OS X 10.12.5
Apple iMac 2.7 GHz Intel Core i5
8 GB 1066 MHz DDR3 RAM
FireFox 56.0,NoScript 5.1.2, BetterPrivacy-1.77
Adblock Plus 2.9.1. Mac OS X 10.12.5
Apple iMac 2.7 GHz Intel Core i5
8 GB 1066 MHz DDR3 RAM
Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.2) Gecko/20100115 BetterPrivacy-1.47 Firefox/3.6
-
- Ambassador
- Posts: 1586
- Joined: Fri Mar 20, 2009 4:47 am
- Location: Colorado, USA
Re: Is an https:// connection always secure?
Once you see https://www.grandtea.com in the url bar, your connection is encrypted and secure from eavesdropping.
Grandtea.com looks safe enough to me. It switches itself to https as soon as I select Checkout. That said, I was also able to successfully force https by adding the following to NoScript Options > Advanced > HTTPS > Behavior > Force the following sites to use secure connections:
Edit: https as soon as I select Checkout
Grandtea.com looks safe enough to me. It switches itself to https as soon as I select Checkout. That said, I was also able to successfully force https by adding the following to NoScript Options > Advanced > HTTPS > Behavior > Force the following sites to use secure connections:
Code: Select all
www.grandtea.com
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
-
- Ambassador
- Posts: 1586
- Joined: Fri Mar 20, 2009 4:47 am
- Location: Colorado, USA
Re: Is an https:// connection always secure?
Followup:Alan Baxter wrote:Once you see https://www.grandtea.com in the url bar, your connection is encrypted and secure from eavesdropping.
Apparently that's true only if the favicon turns blue or green too.
The Checkout page had an https connection and the blue favicon in the url bar. I think the blue favicon with grandtea.com in it indicates that all the content on the page was encrypted. But if I enter https://www.grandtea.com/ into the url bar, then the favicon doesn't change to blue. I clicked on the favicon and then clicked More Information to bring up the Page Info > Security information. Its technical details say that parts of the page I'm viewing are not encrypted. I think that's OK; they weren't sending me any information that needed to be encrypted.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Re: Is an https:// connection always secure?
The favicon not changing color plus the padlock icon at the bottom of the window not "locking" is what made me suspicious. Thanks for clearing things up!Alan Baxter wrote:Apparently that's true only if the favicon turns blue or green too.
The Checkout page had an https connection and the blue favicon in the url bar. I think the blue favicon with grandtea.com in it indicates that all the content on the page was encrypted. But if I enter https://www.grandtea.com/ into the url bar, then the favicon doesn't change to blue. I clicked on the favicon and then clicked More Information to bring up the Page Info > Security information. Its technical details say that parts of the page I'm viewing are not encrypted. I think that's OK; they weren't sending me any information that needed to be encrypted.
Phule
FireFox 56.0,NoScript 5.1.2, BetterPrivacy-1.77
Adblock Plus 2.9.1. Mac OS X 10.12.5
Apple iMac 2.7 GHz Intel Core i5
8 GB 1066 MHz DDR3 RAM
FireFox 56.0,NoScript 5.1.2, BetterPrivacy-1.77
Adblock Plus 2.9.1. Mac OS X 10.12.5
Apple iMac 2.7 GHz Intel Core i5
8 GB 1066 MHz DDR3 RAM
Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.2) Gecko/20100115 BetterPrivacy-1.47 Firefox/3.6
-
- Ambassador
- Posts: 1586
- Joined: Fri Mar 20, 2009 4:47 am
- Location: Colorado, USA
Re: Is an https:// connection always secure?
You're welcome. Happy shopping!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Re: Is an https:// connection always secure?
But you should be aware of the fact that these unencrypted information can be manipulated. HTTPS is not only about encryption.Alan Baxter wrote:I think that's OK; they weren't sending me any information that needed to be encrypted.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.1 (KHTML, like Gecko) Chrome/5.0.322.2 Safari/533.1