FireFox Says ATS Connection not Encrypted and not Secured.

Noticed something today, after being absent for about a week, when I went to the ATS login screen a warning appeared that the login was very insecure and anyone could access the login info. None-the-less after login in i checked the information for ATS and this is what Firefox says.



It says ATS is not encrypted anymore.

Have recent changes been made to ATS o purpose? Or is this some glitch from Firefox?

here is a close up so what it says can be read.

a reply to: ElectricUniverse

It's FireFox...

a reply to: ElectricUniverse

The FBI and CIA says that nothing is totally secure any longer. Just don't share your inner most secrets on the internet, or in front of your television, phone, or microwave...and you should be safe. Good luck!

a reply to: Springer

It says it in chrome too.

a reply to: ElectricUniverse


Firefox was compromised a long time ago, the CIA loves Firefox.

a reply to: Springer

Humm, it seems Chrome users are reporting the same thing.

arstechnica.com...

Weird, as i didn't see this warning until today.

originally posted by: Springer
a reply to: ElectricUniverse

It's FireFox...

According to websites like arstechnica.com this is being done to try to encourage developers to use HTTPS instead of HTTP.

...
One somewhat common older development practice was to place the password field on a page delivered by HTTP, with the form submitted to a location protected by HTTPS. This offers little security in practice, however. Pages delivered by HTTP can be readily modified by eavesdroppers, meaning that an attacker could simply choose to submit the password data to a destination of their choosing, instead of the intended HTTPS location.
...

arstechnica.com...

I did something weird...more than once.
Now the whole world knows.

a reply to: Springer

Wasn't ATS using HTTPS in the past?

Theres a good chance everything u do on google is logged. Cointelpro yada yada we kmow it. No biggie. Thats life nowadays. But the real insecure stuff is on tor. Its all comprimised. Just get on type whatever and eff it.

ATS doesn't use HTTPS or SSL.

They use basic form encryption for passwords.

EDGE is my default browser, and works great for AboveTopSecret.com.

originally posted by: Springer
a reply to: ElectricUniverse

It's FireFox...

and that means what exactly?

just state the obvious, because some people seem to fail to realize it.

ATS doesn't use any sort of connection encryption and as far as i know, never did. so it's not something new, it never was secure to begin with.

bottom line is, yes, someone can sniff on your connection to ATS and hijack it, at least in theory. random person with no knowledge won't do it, but it's technically possible.

seriously, with let's encrypt certificates being free and comments like that, it feels like you're avoiding ssl on purpose.

a reply to: Springer

LOL thats good one boss! Firefox auto updated last night, and I got the same message. Buuuuuttt.... I dont really care because I just stuck with the original random password that was provided for me when I signed up. It was easy enough to remember.

Anyways, for those who this scares or surprises, so long as your not using the same password for your financial accounts you will be fine.

I mean, its a password for a message board. ATS would be required to comply with any government order to turn over information about its users anyways and not disclose it to said user, so its irrelevant to me.

Been Trying to get ATS to use basic crypto for 2 years now. below is one of the explanations to why there is no HTTPS here on ATS; though this information is no longer relevant because cost of computing has came down and there are many cost effective solutions to implement SSL.
ATS claims there advertisers networks don't work with SSL (in the year 2017)

quote]originally posted by: SkepticOverlord

originally posted by: 3ncrypt0Rdie
Im not sure why the site dose not use (https) but it would sure be nice to know that there is some form of encryption between me and your servers. Also almost every site on the web now uses it.

There's a couple reasons we've not adopted SSL/HTTPS.

We have a rather complicated CDN caching arrangement for our site images and member upload space. Upgrading the CDN to be SSL/HTTPS compliant (since everything on the page must be SSL/HTTPS) is a bit cost-prohitbitive right now.

Not all of our advertising providers are fully capable of SSL/HTTPS alternatives for some ads. Meaning that the number of ads available to us would be less. Even Google's AdSense, AdExchange, and Double Click for Publishers warns that HTTPS pages may have fewer ads available to it.

That being said, I have been looking into SSL/HTTPS for logged-in members, which is only about 15-20% of our average daily traffic. This might be something we roll out in 2016, but since this is all just me, I can't be definitive.



link to my original post on this issue
www.abovetopsecret.com...

a reply to: jedi_hamster

I feel the same

originally posted by: projectvxn
ATS doesn't use HTTPS or SSL.

They use basic form encryption for passwords.

And that's why we are warned about it.
No one really uses the 'http' without the 's' anymore, most sites care about the security of their members and switch voluntarily.
Lack of support will.. 'encourage' laggers.

a reply to: 3ncrypt0Rdie

This site is not https and I cannot recall a time when it was. I'd be less concerned with https and "ad revenue" than I would be seeing the earmarks of someone trying to install a backdoor on the server in 2010 by the looks of :

files.abovetopsecret.com/files/shbd
atsmedia.abovetopsecret.com/files/shbd

You know what they say tho... not my circus, not my monkey.

originally posted by: jedi_hamster

seriously, with let's encrypt certificates being free and comments like that, it feels like you're avoiding ssl on purpose.

A free SSL certificate? Does that sound legit? The last time I priced a SSL certs, I was quoted $200/mo. It was three years ago, so perhaps by now they're being given out for... free.