Hello Guest, Welcome to Apnea Board !
As a guest, you are limited to certain areas of the board and there are some features you can't use.
To post a message, you must create a free account using a valid email address.

or Create an Account


New Posts   Today's Posts

Is this site secure?
#1
Is this site secure?
Is this site secure?  When logging in moments ago I received the following message from by browser:


Insecure password warning in Firefox

Firefox will display a lock icon with red strike-through [Image: 2015-11-17-12-13-18-2faa61.png] in the address bar when a login page you’re viewing does not have a secure connection. This is to inform you that if you enter your password it could be stolen by eavesdroppers and attackers.
Post Reply Post Reply



Donate to Apnea Board  
#2
RE: Is this site secure?
This is not a https:// site. A password is required for access, but no financial information is exchanged here, so a lower security setting is perfectly acceptable. I'm sure SuperSleeper will offer a more informed response, but I will say I access this site routinely through Firefox and never receive that warning. It would probably be a good idea not to use passwords here that you use for banking or credit cards since the site data is not encrypted. This is a new feature of Firefox 52.

The warning can be disabled, however your password can very easily be stolen if you are logging into websites over HTTP. If a website you use does not offer secure logins, use a unique password for that site and do not use it anywhere else.

Only follow these instructions if you want to turn off these important security settings in Firefox. Do not follow these instructions if someone else is telling you to.

Here’s how to disable Firefox insecure password warnings:

Open a new tab, paste about:config into the address bar and hit enter.
If you see the “This Might Void Your Warranty” page, click the blue “I accept the risk!” button. Understand we are manually modifying Firefox’s default settings.
In the Search box at the top, paste security.insecure_field_warning.contextual.enabled

Double click the setting to change it to “false”, to disable Firefox’s insecure password warning.
Done! Now when you visit pages with HTTP login forms, the warning will no longer appear.

If you also want to restore autofill functionality, so that your saved login/password automatically populates in an HTTP form, keep the configuration page open and follow the next step.
Post Reply Post Reply
#3
RE: Is this site secure?
Sleeprider is correct in his explanation.

Basically this is the browser developers playing "Nanny" for you - they are being overly protective of your web browsing by marking each and every website you visit as "insecure" if that website isn't using SSL.  Many, many websites don't use SSL (including Apnea Board) - that doesn't mean that the site has been "compromised by hackers" or is somehow "doing bad things" to your computer. 

All it means is that we've chosen not to implement SSL because of the complexity of running a public forum on the Internet with SSL.  We have a lot of embedded pictures and images (screen shots of SleepyHead, for instance)... so even if we implemented SSL site-wide, if someone posted an image or video that was not hosted on apneaboard.com, that warning in FireFox, Chrome, etc. would STILL be placed there, warning you that the site contains  "insecure content" (this primarily happens on sites that use a username/password combination).

So, for now, we've chosen not to implement SSL, which means you'll continue to see that warning when you log into the site.  I would simply suggest that you don't use the same username or password that you would use on any of the financial sites (your bank or stock broker, etc), commercial web store sites, or government sites that you would visit.  Use a unique username & password here on Apnea Board to avoid any potential security issues.  If you do that, your risk is really quite small.

At some point, we may implement a comprehensive SSL solution that doesn't totally wreck the forum's usability.  But it's a rather difficult thing to implement with our current software (at least in a way that makes our member's experience tolerable).

Coffee
SuperSleeper
Apnea Board Administrator
www.ApneaBoard.com


INFORMATION ON APNEA BOARD FORUMS OR ON APNEABOARD.COM SHOULD NOT BE CONSIDERED AS MEDICAL ADVICE. ALWAYS SEEK THE ADVICE OF A PHYSICIAN BEFORE SEEKING TREATMENT FOR MEDICAL CONDITIONS, INCLUDING SLEEP APNEA. INFORMATION POSTED ON THE APNEA BOARD WEB SITE AND FORUMS ARE PERSONAL OPINION ONLY AND NOT NECESSARILY A STATEMENT OF FACT.



#apneaboard



Post Reply Post Reply
#4
RE: Is this site secure?
Thank you for the reassurance.

With all the news about hacking I take warnings and advice seriously because I am not too savvy tech-wise. I do have unique username and passwords for any site to which I belong and do not do any on-line banking or finances.

Appreciate the information.
Post Reply Post Reply



Donate to Apnea Board  
#5
RE: Is this site secure?
Yep, definitely safe
Post Reply Post Reply
#6
Is this site secure?
I'm going to disagree with the idea that this site is "safe" or "secure."  However, that's not necessarily a big deal.   Just don't put any data on here that would be particularly damaging if the "bad guys" or "Big Brother" gets hold of it.  It's a bit like talking about something at a public restaurant.   Don't shout out anything you wouldn't want the guy at the next table to hear and copy down.

It's a bit like leaving items in your car.   Some things can be left in the bed of the pickup when you're parked in a bad neighborhood.   Some things are OK left on the seat.   Some things need to be locked in the trunk.  "Private" information on apneaboard is sort of the equivalent of being left in a paper bag on the seat of your car.  It's only safe against honest people or less motivated criminals.

Because apeneaboard doesn't use SSL (HTTPS), anyone who can "eavesdrop" on the internet connection between you and apneaboard could steal your userid and password and/or eavesdrop on everything you read or write on this site.

That's why Firefox gives the warning.   If it's an SSL site, there will be a green lock symbol next to the site address in the address bar at the top of the page.   Treat any non-SSL site as being a site where people might be listening in.  

It takes some effort and/or "inside connections" to eavesdrop on non-SSL web sites, but there are many of the more capable or determined bad guys know how to do it.   SSL makes it considerably harder.  

For that matter, even if apneaboard is doing everything right, including SSL, it's hackable to some extent, as are all web sites.   Every so often, someone discovers a security hole in the software that runs the computers that do web sites.   If the bad guys find these security holes before the good guys find them and fix them, they can hack the systems.
Get the free SleepyHead software here.
Useful links.
Click here for information on the main alternative to CPAP.
If it's midnight and a DME tells you it's dark outside, go and check it yourself.
Post Reply Post Reply
#7
Is this site secure?
BTW, SS, I think you can make JUST the login page be SSL and get some extra security there.   There might be a warning when you go to the main forum, though.

I like sites to use SSL, for several reasons.  It makes it harder for the bad guys to know what to try to crack if everything's encrypted.  Also, during the Trumpocalypse era, they've decided your ISP can monitor your communications and sell some of it.   SSL makes it harder for them to target you.
Get the free SleepyHead software here.
Useful links.
Click here for information on the main alternative to CPAP.
If it's midnight and a DME tells you it's dark outside, go and check it yourself.
Post Reply Post Reply



Donate to Apnea Board  
#8
RE: Is this site secure?
No website is completely "safe" or "secure". 

We've made a decision that SSL just isn't worth it for us, and our forum software can't implement SSL on just the login page, since we have no URL-specific login "page"  (it's integrated into the system via PHP). 

With sites like ours, even if we DID implement SSL site-wide, browsers would STILL give that warning, since we constantly have insecure images displayed on our site (SleepyHead and other screenshot images hosted off-site on places such as imgur and the thousands of other places folks paste images into posts from), which are not SSL URLs.  So, even though our entire website and forum would have SSL, the browsers would STILL give the warning that "this site is not secure", (due to those non-SSL images).  And, even though there are complicated workarounds (add a completely separate SSL proxy server for images), it's just too much trouble for us to mess with. 

This isn't a big deal anyway.  This isn't a banking website, it's a simple forum.  People have lived with the VAST majority of websites being served over non-SSL pages since the Internet began.  Now, all of a sudden, these browser "declarations" that that unfortunately ALARM visitors into thinking that they're under some sort of "HACKER ATTACK" simply for visiting a forum that doesn't have SSL.... well, this is sending completely unnecessary panic into the hearts of many non-techie grandmas & grandpas who visit this place.


Want security?  Don't use the same username/password combination here on Apnea Board that you would use on your "important" sites (banking sites, e-commerce sites, or sites where you store personal info like social security numbers, date of birth, etc).

Pretty simple, really.

Cool
SuperSleeper
Apnea Board Administrator
www.ApneaBoard.com


INFORMATION ON APNEA BOARD FORUMS OR ON APNEABOARD.COM SHOULD NOT BE CONSIDERED AS MEDICAL ADVICE. ALWAYS SEEK THE ADVICE OF A PHYSICIAN BEFORE SEEKING TREATMENT FOR MEDICAL CONDITIONS, INCLUDING SLEEP APNEA. INFORMATION POSTED ON THE APNEA BOARD WEB SITE AND FORUMS ARE PERSONAL OPINION ONLY AND NOT NECESSARILY A STATEMENT OF FACT.



#apneaboard



Post Reply Post Reply
#9
RE: Is this site secure?
To give a bit more information, I've created a stickie thread to address these types of questions, here:


http://www.apneaboard.com/forums/Thread-...RE-website



Coffee
SuperSleeper
Apnea Board Administrator
www.ApneaBoard.com


INFORMATION ON APNEA BOARD FORUMS OR ON APNEABOARD.COM SHOULD NOT BE CONSIDERED AS MEDICAL ADVICE. ALWAYS SEEK THE ADVICE OF A PHYSICIAN BEFORE SEEKING TREATMENT FOR MEDICAL CONDITIONS, INCLUDING SLEEP APNEA. INFORMATION POSTED ON THE APNEA BOARD WEB SITE AND FORUMS ARE PERSONAL OPINION ONLY AND NOT NECESSARILY A STATEMENT OF FACT.



#apneaboard



Post Reply Post Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
Question [Admin Note] Is ApneaBoard.com a SECURE website? SuperSleeper 0 3,847 10-14-2017, 01:53 PM
Last Post: SuperSleeper
Rainbow New Apnea Board main web site - check it out SuperSleeper 38 14,119 08-03-2012, 10:41 AM
Last Post: SuperSleeper
Thumbsup Signup for the site pyro 3 2,031 04-10-2012, 02:40 AM
Last Post: pyro


New Posts   Today's Posts






About Apnea Board

Apnea Board is an educational web site designed to empower Sleep Apnea patients.