My Outlander PHEV.com not secure?

I would have put this question on 'Off Topic' but it looks like not many people look at 'Off topic' very often. Everytime I login via Mozilla Firefox (Apple computer, recently downloaded new version of Mozilla firefox) I now get the warning: 'This connection is not secure. Logins entered here could be compromised'. If I go to the Mozilla support page it states that for the site to be 'secure' it needs to have 'https://' before the address (and presumably a padlock symbol?).

So am I compromised - should I feel compromised - am I in a compromising position. What does it all mean?

All the major web browsers now do this. "Not secure" in this case means that if you're using a shared connection (e.g. at work or in your local coffee shop) anyone can see what you're typing and viewing (with slightly more skill, they could even alter it). If you're entering credit card details, that's v v bad; but for browsing open forums like this one, it's not a huge concern.

Assuming you don't use the same password for everything!

Thanks for replies. No, I'm a bit paranoid and never use the same password - can't believe anyone does that. I even change them occasionally. Mind you, it's a good job I can remember all the 36 different passwords I have, including the case sensitive parts.

Have had two bank accounts and one credit card 'done over' in the past, so now only ever use credit card onlne, never debits. It's very inconvenient indeed having your bank account done over, especialy as there's a bit of a vibe from the bank that it's somehow your fault. Like somebody else knows your pin or a member of your family has done it. As soon as this is proven not to be the case they don't seem very interested in doing anything about the criminals concerned - even when they have an address to where the 'stolen' goods have been posted to!.

Lance said:

Assuming you don't use the same password for everything!

Click to expand...

I use the same (or very similar) password for unimportant (financially) sites like this one. If someone wants to steal my password and post stuff on here pretending to be me, they're welcome to do so. The first rule of security is that you have to understand what's worth protecting.

how can everyone else see it ? i was on Edinburgh tram today and using their wifi - i had no idea anyone else was logged on although i am sure they were

Firefox and Chrome started to warn users when websites are communicating via the unencrypted HTTP protocol.

So they want to convince webmasters to implement HTTPS - which is a good thing in my eyes.

Anyway, it will take some time to reconfigure all sites out there. In the meantime not to worry, nothing has changed and if you have sense of Internet security you will still be reasonably safe - also on this site.

Jimmac said:

how can everyone else see it ? i was on Edinburgh tram today and using their wifi - i had no idea anyone else was logged on although i am sure they were

Click to expand...

All WiFi messages are 'broadcast' unencrypted over the air. Each one is prefixed by a unique identifier, which allows each device to decide whether it's a message for 'it' or not. But there are plenty of free 'sniffers' which turn this normal discrimination off and allow a device to see every message being broadcast. If the web site isn't using HTTPS, the messages will be in clear text, including passwords etc.

Very much the same is true of (many) wired systems, e.g. plugging into the Ethernet cable at your local library/whatever (if anyone still bothers to do that in preference to WiFi).

Yes, I do run a wired network in my practice. Medical data must be secure, and not using WiFi (plus securing the Internet router side adequately) is a basic precaution.

I should add that it's perfectly possible to build a secure* WiFi network - you just need to know what you're doing (or have access to someone else who does). But if you don't need it, why go to all that trouble?

* relatively 'secure', there's no such thing as 100% security