HTTPS Upgrade

This forum is for Administrators to post news concerning the site and forums.
ConnorJC
Goon
 
User avatar
Joined: November 15, 2016
Location: US East Coast

Post Post #1  (isolation #0)  » Sun Feb 19, 2017 11:47 pm

I helped? Guess I did some work in my sleep.

Anyways, onwards to HSTS and better CSPs!
"Let's make MS secure again."
Want to help with site development? PM Kison
Want to test new features? https://forum.staging.mafiascum.net (Probably still want to PM Kison)

ConnorJC
Goon
 
User avatar
Joined: November 15, 2016
Location: US East Coast

Post Post #5  (isolation #1)  » Mon Feb 20, 2017 12:53 pm

In post 4, Annadog40 wrote:Would uploading images make them more secure than linking them?

Uploading to another site, like imgur?

Theoretically, considering imgur is less likely to screw up proper https then some random site.
Want to help with site development? PM Kison
Want to test new features? https://forum.staging.mafiascum.net (Probably still want to PM Kison)

ConnorJC
Goon
 
User avatar
Joined: November 15, 2016
Location: US East Coast

Post Post #8  (isolation #2)  » Mon Feb 20, 2017 1:45 pm

In post 6, Annadog40 wrote:Or upload to this site.

Can normal users upload to the site?
Want to help with site development? PM Kison
Want to test new features? https://forum.staging.mafiascum.net (Probably still want to PM Kison)

ConnorJC
Goon
 
User avatar
Joined: November 15, 2016
Location: US East Coast

Post Post #11  (isolation #3)  » Mon Feb 20, 2017 3:51 pm

In post 9, Annadog40 wrote:Probably not, but it would make images more secure.

Imgur is (for the moment) more secure than MafiaScum.
Want to help with site development? PM Kison
Want to test new features? https://forum.staging.mafiascum.net (Probably still want to PM Kison)

ConnorJC
Goon
 
User avatar
Joined: November 15, 2016
Location: US East Coast

Post Post #16  (isolation #4)  » Fri Feb 24, 2017 9:37 am

In post 14, inte wrote:its 2017, how is no HTTPS still a thing

Because HTTP/2 is still not a thing.

Fortunately let's encrypt is fighting the good fight for SSL everywhere.
Want to help with site development? PM Kison
Want to test new features? https://forum.staging.mafiascum.net (Probably still want to PM Kison)

ConnorJC
Goon
 
User avatar
Joined: November 15, 2016
Location: US East Coast

Post Post #23  (isolation #5)  » Sun Feb 26, 2017 9:14 pm

In post 18, Majiffy wrote:Just a note, if the HTTPS uses SHA-1, Google will be posting the break in 90 days.

http://www.theverge.com/2017/2/23/14712 ... -shattered


I don't think you can even get a SHA1 signature nowadays. Don't worry, the encryption is secure.
(Although, note that HTTP links to MS are currently not secure, so do be careful around those.)
Last edited by ConnorJC on Mon Feb 27, 2017 8:11 am, edited 1 time in total.
Want to help with site development? PM Kison
Want to test new features? https://forum.staging.mafiascum.net (Probably still want to PM Kison)

ConnorJC
Goon
 
User avatar
Joined: November 15, 2016
Location: US East Coast

Post Post #25  (isolation #6)  » Mon Feb 27, 2017 8:10 am

In post 24, tn5421 wrote:
In post 19, Zachrulez wrote:From what I'm reading all the major broswers would pop up and inform users they were on a SHA-1 site if MS was using it.


The connection to this site is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM).

Although it seems the certificate is issued to wiki.mafiascum.net, even when viewing the forums.

We have one certificate for all subdomains.

Don't worry, our encryption is secure.
The only thing to worry about is HTTP links.
Want to help with site development? PM Kison
Want to test new features? https://forum.staging.mafiascum.net (Probably still want to PM Kison)


[ + ]

Return to News