First off, let me explain shortly that unless you have been the victim of identity theft, you probably will not understand the reluctance those folks have to voluntarily putting any information that may assist in enabling said thiefs on line.

I have different log-ins and passwords for train forums. Yes, you can google me and find out all sorts of stuff I never put on-line, but you won’t find any of my posts anywhere by googling my name.

I know this guy who has encouraged me to become active again on this forum, as it is now a secure forum.

I did some data in the profile, and locked it for my eyes only.

But I had a real problem.

In FireFox, there was no secure lock in the address bar, and it did not show “https”, rather just the www.largescalecentral.com.

This same guy tells me I need to modify my bookmark to show “s” on the end of “http”, which I did.

Still not convinced, but willing to watch it.

I would be interested to know how you feel about the millions of identities that have been spilled by Equifax? (And how much money was made by the insider trading prior to the spill being reported?) After that event, are any of our identities secure? I think not. If you truly want internet security, NEVER log in to the internet. If your computer connects to the internet, you are vulnerable. The amount of vulnerability depends on where you go on the net and what protections you install, and how good and up to date they are.

I use several browsers and every one of them show the lock of a secure site. If you have any questions, type the URL in manually, don’t rely on bookmarks. All of my bookmarks did as you indicate until I manually corrected the bookmark to show the ‘s’ in the ‘https’. Once you can see the lock, right click on the lock and you will be able to see information on the SSL certificate for this site.

FWIW, Bob C.

Yeah, I just added a bookmark with the new log in, and deleted the old one.

Bob Cope said:

I would be interested to know how you feel about the millions of identities that have been spilled by Equifax? (And how much money was made by the insider trading prior to the spill being reported?) After that event, are any of our identities secure? I think not. If you truly want internet security, NEVER log in to the internet. If your computer connects to the internet, you are vulnerable. The amount of vulnerability depends on where you go on the net and what protections you install, and how good and up to date they are.

I use several browsers and every one of them show the lock of a secure site. If you have any questions, type the URL in manually, don’t rely on bookmarks. All of my bookmarks did as you indicate until I manually corrected the bookmark to show the ‘s’ in the ‘https’. Once you can see the lock, right click on the lock and you will be able to see information on the SSL certificate for this site.

FWIW, Bob C.

How do I feel? Not good. That’s why I do what I can. Still not convinced an https website with access via http is fully secure, but we only have what we get.

My OS is actually, according to someone I know at F5 Networks (business security) probably more secure than others. So I keep using it…all 5 machines.

Well if you feel that insecure logging into LSC then might I might say don’t.

Well, I am glad you are (cautiously) back.

It sounds like there might be some confusion as to what HTTPS provides in the way of security. All HTTPS does is provide encryption from the browser to the website, so that a man-in-the-middle attack cant grab your password or anything else. It doesnt provide ANYTHING in the way of securing the site itself from attack. That is strictly up to the ‘hardness’ of the software running on the site.

As Bob C said, edit or replace your bookmarks for LSC to point to HTTPS, and everyone should be good to go.

I literally don’t understand any of this stuff you guys are talking about, and frankly I’m not sure I want to understand how these things work, but I did what Bob said to do and now I don’t have a funny message in the sign-in box deal. Everything looks a little different somehow too, but maybe it’s my imagination. Anyway, thanks there Bob!

Curmudgeon mcneely said:

How do I feel? Not good. That’s why I do what I can. Still not convinced an https website with access via http is fully secure, but we only have what we get.

…

Let’s just hope you’re not on one of those ice-floes-the-size-of-Manhattan that broke off from Antarctica recently, because if you are your wi-fi connections may get a little iffy from time to time.

It’s simple John. Now, using the HTTPS page, when you log in to LSC your user name and password are encrypted, or transmitted as undecipherable codes, not plain text that anyone can intercept and read. Not a huge deal on a hobby site, but it sure is anyplace you need to enter personal information.

Jon Radder said:

It’s simple John. Now, using the HTTPS page, when you log in to LSC your user name and password are encrypted, or transmitted as undecipherable codes, not plain text that anyone can intercept and read. Not a huge deal on a hobby site, but it sure is anyplace you need to enter personal information.

Okay, well that makes sense. Thanks!

I too have no idea what you guys are talking about. But I typed in the “s” and got the little pad lock. (I Mac running Safari.)

I don’t care about secure or not secure so much as any website holding any data on me that I have to voluntarily insert.

Before you respond, read that carefully.

Now, I purposefully selected data for a test. And the test proved that the website failed me. As far as I am concerned, it does exactly what I was afraid it would do.

There are choices on who can see the information. I made screen shots.

Everyone
All Members
Friends
Only Me

The "only me"option shows a padlock. When I entered the data, I selected that. On all options, including city and state.

Guess what shows up?

Folks want to play that game, fine.

Somebody e-mail me when it gets fixed.

State/Location
Contact Information
Website

So, not trying to get brownie points, but few site owners would react as quickly and helpfully as Bob did to add the https stuff. It can be a pain to add to a site, plus there is the cost of the certificate.

This helps keep your password safe, and especially those who use a common password.

With all the hackers out there, the more secure your logins are, the better.

Greg

TOC,

I think you are over reacting. Here is what Mozilla has to say about it…

: A grey lock with an orange triangle indicates that Firefox is not blocking insecure passive content. Attackers may be able to manipulate parts of the page, for example, by displaying misleading or inappropriate content, but they shouldn’t be able to steal your personal data from the site.

Randy McDonald said:

Well if you feel that insecure logging into LSC then might I might say don’t.

This post has been edited by ROOSTER: because I forgot the …doesn’t matter anyway

Yeah, not sure I like the definition from mozilla, technically accurate, but does “insecure passive content” mean anything to you?

What I found is that if there are any “references” on the page, i.e. links to pictures or other web pages, and those are not https: then you get the gray padlock, yellow triangle with white exclamation. So you are fine on the page as long as you don’t click anything… because something is not “trusted”…

Anyway, it’s working here, and your passwords, and actually what you type are encrypted.

Greg