Mozilla Firefox sees WP as "insecure"

Post Reply New Topic

https://support.mozilla.org/en-US/kb/in ... =inproduct

I'm not surprised.

There's so many bugs....who knows if one of those "bugs" might be sending stuff from WP to somewhere else.

The only actual security issue here at WrongPlanet is related to username and password during site login. WrongPlanet does not need to be a secure (https://) -- https://en.wikipedia.org/wiki/HTTPS -- site since its user database does not contain any sensitive information such as our physical addresses, financial account numbers and so on. The only "danger" here is that it is at least theoretically possible for our usernames and passwords to be harvested during login, but there is no reason to believe anyone would actually bother with trying to do that since there could be no financial gain. However, anyone who might be using the same login credentials (primarily password) here as at any other site should definitely be certain your WrongPlanet password will *not* work anywhere else (such as at a banking site).

Last edited by leejosepho on 28 Jan 2017, 11:07 am, edited 1 time in total.

With all due respect: Please try to avoid ill-informed speculation. Everything posted at WP is available virtually everywhere, and there is no "stuff" that even could be sent anywhere that would ever cause any harm to anyone who posts here. This issue is *only* about the possibility of someone harvesting your username and password during login* and has absolutely nothing to do with the WrongPlanet database or site ever being compromised.

*note: I would guess our host has a solid firewall possibly blocking that kind of activity.

I guess I was thinking of a worst-case scenario type of situation.

I didn't mean to shout "fire" in a crowded theater.

No problem, and I hope I did not sound scolding!

You may not find your email address and the types of password you use as sensitive but I do , your email address and type of password you use in the hands of a wrong-doer can be a PITA

Understood, but I do not use my e-mail address for login and the chance of someone actually bothering to try to harvest my password (only even possible during login) here is extremely slim since there would be virtually nothing to be gained from having done so.

Is it just me or has Firefox gotten a lot worse in general lately?

It is debuting its higher-security measures today. But, I don't believe it is worse. Still, I wish it would better regulate its add-ons. Too many are concerning.

Longer than today, it's just been really slow and sucking up a lot of resources. Maybe it's the combination of add-ons I'm using? Probably is just my computer but I dunno what the issue is.

I sometimes play around with these a bit: https://www.google.com/search?q=firefox+about%3Aconfig

If I had you WP password I could get your email address , but I agree there's a slim chance of this happening but on a forum of Aspie's I would say the chances are higher. Bored Aspie hackers could bring down governments if they were social and got together

I think technology is getting increasingly worse and slower so that it makes people want to throw tantrums and punch the person next to them.

The more in depair everyone is, the more exhausted everyone will be, and the more they can get away with!!

I wonder if there is some truth to that.

The internet is crammed full of sh!t. So is technology in general. Nothing works properly, it's sh!t.

HTTPS Everywhere lists Wrong Planet as being "broken MCB, partial". I'll be honest, I'm really not sure what this means.

Me neither, but it does look like "HTTPS Everywhere" might be helpful for anyone concerned:
https://www.eff.org/https-everywhere/at ... t.net.html

Somewhere else I have seen mention of the idea of a developer making a secure (https://) page for login while letting the remainder of the site run without encryption, but I think it would be easier to just add an SSL certificate for the entire site. Also, it is at least possible that WrongPlanet actually might have a self-signed certificate making encryption possible. I had that at my own sites for a while until my certificate expired.

Update: I just logged out and then used https://wrongplanet.net/forums/ to log back in again, so it does appear encryption actually is available here.