Firefox - new version

[spanj]

Auto update installed a new version of firefox and now when logging on I get a message saying that PW has an insecure connection. https doesnt appear to be enabled. Can anybody throw any light on this ?

[ChAoS]

Auto update installed a new version of firefox and now when logging on I get a message saying that PW has an insecure connection. https doesnt appear to be enabled. Can anybody throw any light on this ?

Pushing the "Advanced" button displays this:

 

forums.pigeonwatch.co.uk uses an invalid security certificate.

The certificate is only valid for the following names: www.gunwatch.co.uk, gunwatch.co.uk

Error code: SSL_ERROR_BAD_CERT_DOMAIN 

Perhaps this is one for the administrators of this site?

 

Regards,

 

Mark.

[Stonepark]

Insecure password warning in Firefox

This is a new feature that is available starting in Firefox version 51.

 

Firefox will display a grey lock icon with a red strike-through in the address bar, when a login page you’re viewing does not have a secure connection. This is to inform you that if you enter your password it could be stolen by eavesdroppers and attackers.

 

Starting in Firefox version 52, you will also see a warning message when you click inside the login box to enter a username or password.

What can I do if a login page is insecure?

If a login page for your favorite site is insecure, you can try and see if a secure version of the page exists by typing https:// before the url in the location bar. You can also try to contact the web administrator for the site and ask them to secure their connection.

Not recommended: You can also continue to log in to the website even if the connection is insecure, but do so at your own risk. If you do go this route, try to use a unique password or a password that you don’t also use for other important sites.

About insecure pages

Pages that need to transmit private information, such as credit cards, personal information and passwords, need to have a secure connection to help prevent attackers from stealing your information. (Tip: A secure connection will have "HTTPS" in the address bar, along with a green lock icon.)

Pages that don’t transmit any private information can have an unencrypted connection (HTTP). It is not advised to enter private information, such as passwords, on a web page that shows HTTP in the address bar. The information you enter can be stolen over this insecure connection.

 

https://support.mozilla.org/t5/Protect-your-privacy/Insecure-password-warning-in-Firefox/ta-p/27861

Note for developers

For developers looking to learn more about this warning, please see this page. The page explains when and why Firefox shows this warning, and will also provide some details on how to fix the issue. For more information, see this blog post and this Site Compatibility document.

Edited March 19, 2017 by Stonepark

[shaun4860]

Passed upstairs for an answer

 

[four-wheel-drive]

I have been having this come up on lots of sites bloody computers always something to worry about.

[dbob]

All sites that handle any personal information, passwords etc should really be HTTPS. PW really should upgrade, it's not expensive, in fact it can be done for free with some web hosts. In the future ALL sites will need to be secure, Google are pushing for it. I'm a web developer/designer so know all this boring stuff!

Edited March 19, 2017 by dbob

[ChAoS]

I'm a web developer/designer so know all this boring stuff!

Excellent! So, perhaps, you can tell me whether my guess is right. I reckon it's the last step that's the problem:

 

The handshake begins when a client connects to a TLS-enabled server requesting a secure connection and presents a list of supported cipher suites (ciphers and hash functions).

 

From this list, the server picks a cipher and hash function that it also supports and notifies the client of the decision.

 

The server usually then sends back its identification in the form of a digital certificate. The certificate contains the server name, the trusted certificate authority (CA) and the server's public encryption key.

 

The client confirms the validity of the certificate before proceeding.

I reckon that they've merely got to add "pigeonwatch" to the list that "gunwatch" is on. (In other words, it's nothing to do with the HTTP versus HTTPS but, rather, that the certificate isn't valid for *both* web sites.)

 

Regards,

 

Mark.

[Teal]

The answers on here are all on the money because payment details are taken on GunWatch we set this up on https:// (the green padlock you see). However, as dbob says the whole internet is moving to https:// and it's not yet set-up for PW.

 

I think the Firefox update means that by default they request the https:// for all websites - and where there is an issue with it they flag it up. It's nothing to worry about at this moment in time though, (other browsers don't flag it yet to my knowledge) and will get it updated to https:// in the coming days. Thanks for raising it, and to those who responded before I did thanks for explaining to others

[spanj]

The answers on here are all on the money because payment details are taken on GunWatch we set this up on https:// (the green padlock you see). However, as dbob says the whole internet is moving to https:// and it's not yet set-up for PW.

 

I think the Firefox update means that by default they request the https:// for all websites - and where there is an issue with it they flag it up. It's nothing to worry about at this moment in time though, (other browsers don't flag it yet to my knowledge) and will get it updated to https:// in the coming days. Thanks for raising it, and to those who responded before I did thanks for explaining to others

Cheers Teal, alls well that ends well then