HTTPS Upgrade

This forum is for Administrators to post news concerning the site and forums.
Post Reply
User avatar
Kison
Kison
.GIFted
User avatar
User avatar
Kison
.GIFted
.GIFted
Posts: 6714
Joined: January 22, 2007

HTTPS Upgrade

Post Post #0 (ISO) » Sun Feb 19, 2017 4:58 pm

Post by Kison »

As I mentioned , the & were upgraded to HTTPS about 2 weeks ago. The forum has also been upgraded, but is still running both HTTP & HTTPS.

Spoiler: What the heck is HTTPS?
It's essentially a more secure, encrypted method of communication between your web browser and the Mafiascum server, preventing anyone in between from seeing your passwords, private messages, posts, and anything else transferred to and from the site. There are some other advantages to doing this that may allow us to speed the site. If you feel like nerding out, you can read more about it .

I'm tentatively planning to flip the switch Friday morning to redirect all HTTP traffic to HTTPS. Normally this wouldn't be a big deal, but because this is a forum, it may impact the way you post a little bit. The main thing to be concerned with is the
img
tag. This tag allows you to embed an image hosted on another site into your posts & private messages. Unfortunately, if your browser sees insecure content(transmitted over HTTP) embedded in a secure page, it will refuse to download & display it. Fortunately, if a site supports both HTTP & HTTPS, we can tell your browser to use HTTPS even if the image is embedded with an HTTP URL. If the site hosting the image does not support HTTPS, however, it will not show up!

Example of HTTP(insecure) image URL:
http://i.imgur.com/hkt0d2i.jpg

Example of its HTTPS(secure) equivalent:
https://i.imgur.com/hkt0d2i.jpg

The above will work if linked as either version since the "https" version works.

If you try embedding an image and it doesn't show up, a safe bet would be to download it and throw it up on .

Other affected tags: bgimg, thumbnail, & hoverimg.

What about old posts?

We fixed all old posts & private messages going back to the beginning of time. We did this by moving the insecure images to mafiascum.net and replacing the URLs in the affected post & PMs.

Questions? Ask away!

Thanks to & for helping with this!
User avatar
ConnorJC
ConnorJC
Goon
User avatar
User avatar
ConnorJC
Goon
Goon
Posts: 754
Joined: November 15, 2016
Location: US East Coast

Post Post #1 (ISO) » Sun Feb 19, 2017 5:47 pm

Post by ConnorJC »

I helped? Guess I did some work in my sleep.

Anyways, onwards to HSTS and better CSPs!
"Let's make MS secure again."
Want to help with site development? PM Kison
Want to test new features? https://forum.staging.mafiascum.net (Probably still want to PM Kison)
User avatar
Frozen Angel
Frozen Angel
She
Queen Shifty
User avatar
User avatar
Frozen Angel
She
Queen Shifty
Queen Shifty
Posts: 18753
Joined: October 26, 2015
Pronoun: She

Post Post #2 (ISO) » Sun Feb 19, 2017 6:44 pm

Post by Frozen Angel »

great job :]
False tears bring pain to those around you
False smile brings pain to one's self


"Frozen Like Your Heart." -Ginngie
User avatar
Randomnamechange
Randomnamechange
Jack of All Trades
User avatar
User avatar
Randomnamechange
Jack of All Trades
Jack of All Trades
Posts: 6075
Joined: February 8, 2014

Post Post #3 (ISO) » Mon Feb 20, 2017 3:30 am

Post by Randomnamechange »

gj
vonflare (21:40)
you suck randomidget
User avatar
Annadog40
Annadog40
Owl of the Night Chat
User avatar
User avatar
Annadog40
Owl of the Night Chat
Owl of the Night Chat
Posts: 786
Joined: May 2, 2015
Location: Arendelle
Contact:

Post Post #4 (ISO) » Mon Feb 20, 2017 4:26 am

Post by Annadog40 »

Would uploading images make them more secure than linking them?
This is my life now

Once you have 100 posts, click here to go to the page to join the speakeasy group.
User avatar
ConnorJC
ConnorJC
Goon
User avatar
User avatar
ConnorJC
Goon
Goon
Posts: 754
Joined: November 15, 2016
Location: US East Coast

Post Post #5 (ISO) » Mon Feb 20, 2017 6:53 am

Post by ConnorJC »

In post 4, Annadog40 wrote:Would uploading images make them more secure than linking them?
Uploading to another site, like imgur?

Theoretically, considering imgur is less likely to screw up proper https then some random site.
Want to help with site development? PM Kison
Want to test new features? https://forum.staging.mafiascum.net (Probably still want to PM Kison)
User avatar
Annadog40
Annadog40
Owl of the Night Chat
User avatar
User avatar
Annadog40
Owl of the Night Chat
Owl of the Night Chat
Posts: 786
Joined: May 2, 2015
Location: Arendelle
Contact:

Post Post #6 (ISO) » Mon Feb 20, 2017 7:04 am

Post by Annadog40 »

Or upload to this site.
This is my life now

Once you have 100 posts, click here to go to the page to join the speakeasy group.
User avatar
borkjerfkin
borkjerfkin
He/Him
Xenophile
User avatar
User avatar
borkjerfkin
He/Him
Xenophile
Xenophile
Posts: 10337
Joined: April 3, 2012
Pronoun: He/Him
Location: Madison, WI

Post Post #7 (ISO) » Mon Feb 20, 2017 7:09 am

Post by borkjerfkin »

depends what your definition of 'security' is in this case
beefycheese
User avatar
ConnorJC
ConnorJC
Goon
User avatar
User avatar
ConnorJC
Goon
Goon
Posts: 754
Joined: November 15, 2016
Location: US East Coast

Post Post #8 (ISO) » Mon Feb 20, 2017 7:45 am

Post by ConnorJC »

In post 6, Annadog40 wrote:Or upload to this site.
Can normal users upload to the site?
Want to help with site development? PM Kison
Want to test new features? https://forum.staging.mafiascum.net (Probably still want to PM Kison)
User avatar
Annadog40
Annadog40
Owl of the Night Chat
User avatar
User avatar
Annadog40
Owl of the Night Chat
Owl of the Night Chat
Posts: 786
Joined: May 2, 2015
Location: Arendelle
Contact:

Post Post #9 (ISO) » Mon Feb 20, 2017 7:56 am

Post by Annadog40 »

Probably not, but it would make images more secure.
This is my life now

Once you have 100 posts, click here to go to the page to join the speakeasy group.
User avatar
Frozen Angel
Frozen Angel
She
Queen Shifty
User avatar
User avatar
Frozen Angel
She
Queen Shifty
Queen Shifty
Posts: 18753
Joined: October 26, 2015
Pronoun: She

Post Post #10 (ISO) » Mon Feb 20, 2017 8:05 am

Post by Frozen Angel »

they can using wiki
False tears bring pain to those around you
False smile brings pain to one's self


"Frozen Like Your Heart." -Ginngie
User avatar
ConnorJC
ConnorJC
Goon
User avatar
User avatar
ConnorJC
Goon
Goon
Posts: 754
Joined: November 15, 2016
Location: US East Coast

Post Post #11 (ISO) » Mon Feb 20, 2017 9:51 am

Post by ConnorJC »

In post 9, Annadog40 wrote:Probably not, but it would make images more secure.
Imgur is (for the moment) more secure than MafiaScum.
Want to help with site development? PM Kison
Want to test new features? https://forum.staging.mafiascum.net (Probably still want to PM Kison)
User avatar
xRECKONERx
xRECKONERx
GD is my Best Man
User avatar
User avatar
xRECKONERx
GD is my Best Man
GD is my Best Man
Posts: 26087
Joined: March 15, 2009

Post Post #12 (ISO) » Mon Feb 20, 2017 3:27 pm

Post by xRECKONERx »

Nice, was wondering when this would happen. gj team
green shirt thursdays
User avatar
Majiffy
Majiffy
Go with the Flow
User avatar
User avatar
Majiffy
Go with the Flow
Go with the Flow
Posts: 23825
Joined: November 23, 2011
Location: Memphis, TN
Contact:

Post Post #13 (ISO) » Mon Feb 20, 2017 5:58 pm

Post by Majiffy »

Oh good
Only playing in games at personal moderator and/or 50%+ playerlist request.


How To Win Every Game At Mafiascum (The Flowchart)
||
In case anyone was unsure...
Svenskt Stål (23:38) majiffy, worst mod on ms? we talk to a surviving victim of his game
User avatar
inte
inte
Mafia Scum
User avatar
User avatar
inte
Mafia Scum
Mafia Scum
Posts: 3523
Joined: November 15, 2011
Location: C-bus

Post Post #14 (ISO) » Thu Feb 23, 2017 1:42 pm

Post by inte »

its 2017, how is no HTTPS still a thing
Show
W(eed)/L: 420/2

T:2/2/0
S:1/0/0
N:0/0/0

When dreamen gad-adto-ello-lahwer time-antime ageeee-ayeeeeah-ye-e-ah-nn.
User avatar
Zachrulez
Zachrulez
Jack of All Trades
User avatar
User avatar
Zachrulez
Jack of All Trades
Jack of All Trades
Posts: 8550
Joined: December 5, 2008
Location: Minnesota

Post Post #15 (ISO) » Thu Feb 23, 2017 7:22 pm

Post by Zachrulez »

I just don't think anyone here thought to implement it. It's definitely a worthwhile thing to have been done now in light of the recent site breach.
User avatar
ConnorJC
ConnorJC
Goon
User avatar
User avatar
ConnorJC
Goon
Goon
Posts: 754
Joined: November 15, 2016
Location: US East Coast

Post Post #16 (ISO) » Fri Feb 24, 2017 3:37 am

Post by ConnorJC »

In post 14, inte wrote:its 2017, how is no HTTPS still a thing
Because HTTP/2 is still not a thing.

Fortunately let's encrypt is fighting the good fight for SSL everywhere.
Want to help with site development? PM Kison
Want to test new features? https://forum.staging.mafiascum.net (Probably still want to PM Kison)
User avatar
Kison
Kison
.GIFted
User avatar
User avatar
Kison
.GIFted
.GIFted
Posts: 6714
Joined: January 22, 2007

Post Post #17 (ISO) » Fri Feb 24, 2017 3:48 am

Post by Kison »

All traffic to http should now be redirected to https.

Please let us know if you notice any issues and we'll work to get them resolved. :)
User avatar
Majiffy
Majiffy
Go with the Flow
User avatar
User avatar
Majiffy
Go with the Flow
Go with the Flow
Posts: 23825
Joined: November 23, 2011
Location: Memphis, TN
Contact:

Post Post #18 (ISO) » Fri Feb 24, 2017 4:33 pm

Post by Majiffy »

Just a note, if the HTTPS uses SHA-1, Google will be posting the break in 90 days.

http://www.theverge.com/2017/2/23/14712 ... -shattered
Only playing in games at personal moderator and/or 50%+ playerlist request.


How To Win Every Game At Mafiascum (The Flowchart)
||
In case anyone was unsure...
Svenskt Stål (23:38) majiffy, worst mod on ms? we talk to a surviving victim of his game
User avatar
Zachrulez
Zachrulez
Jack of All Trades
User avatar
User avatar
Zachrulez
Jack of All Trades
Jack of All Trades
Posts: 8550
Joined: December 5, 2008
Location: Minnesota

Post Post #19 (ISO) » Fri Feb 24, 2017 7:34 pm

Post by Zachrulez »

From what I'm reading all the major broswers would pop up and inform users they were on a SHA-1 site if MS was using it.
User avatar
Majiffy
Majiffy
Go with the Flow
User avatar
User avatar
Majiffy
Go with the Flow
Go with the Flow
Posts: 23825
Joined: November 23, 2011
Location: Memphis, TN
Contact:

Post Post #20 (ISO) » Sat Feb 25, 2017 9:15 am

Post by Majiffy »

I must have missed that part.
Only playing in games at personal moderator and/or 50%+ playerlist request.


How To Win Every Game At Mafiascum (The Flowchart)
||
In case anyone was unsure...
Svenskt Stål (23:38) majiffy, worst mod on ms? we talk to a surviving victim of his game
User avatar
McMenno
McMenno
they/them
One For Aren't-We-All
User avatar
User avatar
McMenno
they/them
One For Aren't-We-All
One For Aren't-We-All
Posts: 5159
Joined: February 18, 2015
Pronoun: they/them
Location: In spaaaace

Post Post #21 (ISO) » Sat Feb 25, 2017 1:42 pm

Post by McMenno »

In post 17, Kison wrote:All traffic to http should now be redirected to https.

Please let us know if you notice any issues and we'll work to get them resolved. :)
thanks mafia scum dot net
User avatar
inte
inte
Mafia Scum
User avatar
User avatar
inte
Mafia Scum
Mafia Scum
Posts: 3523
Joined: November 15, 2011
Location: C-bus

Post Post #22 (ISO) » Sat Feb 25, 2017 1:57 pm

Post by inte »

lets encrypt is 5 danks out of 5 real talk
Show
W(eed)/L: 420/2

T:2/2/0
S:1/0/0
N:0/0/0

When dreamen gad-adto-ello-lahwer time-antime ageeee-ayeeeeah-ye-e-ah-nn.
User avatar
ConnorJC
ConnorJC
Goon
User avatar
User avatar
ConnorJC
Goon
Goon
Posts: 754
Joined: November 15, 2016
Location: US East Coast

Post Post #23 (ISO) » Sun Feb 26, 2017 3:14 pm

Post by ConnorJC »

In post 18, Majiffy wrote:Just a note, if the HTTPS uses SHA-1, Google will be posting the break in 90 days.

http://www.theverge.com/2017/2/23/14712 ... -shattered
I don't think you can even get a SHA1 signature nowadays. Don't worry, the encryption is secure.
(Although, note that HTTP links to MS are currently
not
secure, so do be careful around those.)
Last edited by ConnorJC on Mon Feb 27, 2017 2:11 am, edited 1 time in total.
Want to help with site development? PM Kison
Want to test new features? https://forum.staging.mafiascum.net (Probably still want to PM Kison)
User avatar
tn5421
tn5421
he/him
Mafia Scum
User avatar
User avatar
tn5421
he/him
Mafia Scum
Mafia Scum
Posts: 3000
Joined: March 30, 2014
Pronoun: he/him

Post Post #24 (ISO) » Sun Feb 26, 2017 9:10 pm

Post by tn5421 »

In post 19, Zachrulez wrote:From what I'm reading all the major broswers would pop up and inform users they were on a SHA-1 site if MS was using it.
The connection to this site is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM).

Although it seems the certificate is issued to wiki.mafiascum.net, even when viewing the forums.
WIP
Post Reply

Return to “News”