Login is SSL protected. By clicking on "Log in Now" you agree to gixen.com
terms of usage.
Forum is available in English only.
Gixen.com Forum Index
Post a reply
Enter characters from the following image:
Item ID warning
Please provide eBay item id number (unless provided already) in the post message if you have a question about specific item.
I cannot investigate an issue without it
View more Emoticons
[quote="anton"]As a software engineer I can confirm that what Ramona is saying is true. Something like a "man in the middle attack" is not that difficult to accomplish when non-secure communication takes place (even with a secured log-in layer), and since the service is potentially destructive in a monetary / eBay user rating sense, this should be taken seriously. There are enough trolls on the internet that would do this just for fun. I am a new subscriber (paid service) to Gixen and when I noticed the service isn't consistently using HTTPS, I decided to dive into the forum to find out why... In this day and age there is no good reason to [i]not[/i] use HTTPS for this type of use case.[/quote]
Disable BBCode in this post
Disable Smilies in this post
All times are GMT - 8 Hours
Select a forum
Suggestions and Ideas
Posted: Mon Apr 01, 2019 8:35 am
I agree that a small risk remains when not using https everywhere, and the motivation for this has indeed been ad income. I am changing this, however - and now you should see https everywhere. If you don't and still see a page server as plain http, please let me know.
Posted: Sun Mar 31, 2019 1:34 pm
As far as I am aware the reason Gixen doesn't use if for everything is because you can't host adverts over an https connection.
Subscribers get a secure connection for everything once they are logged in, as one you'll already be aware of that so I'm happy to highlight that your implication that this may not be the case is slightly misplaced. There is no loss of income for Gixen from this because one of the advantages of having a Mirror subscription is not to have those adverts.
So, I think making everything Https would also have to result in removal of the free service for anyone as well... which would not be popular and a sad loss to those that use the service very infrequently.
I've acknowledged 'man in the middle' scenarios in the past, and yes they are indeed possible, however just because something is possible doesn't make it likely and certainly not probable in any sense. They are extremely rare and only ever worthwhile for websites that a large majority of people use. We couldn't claim that applies to Gixen, even as a very well renowned sniping service.
It would never be worthwhile to attack a service like Gixen in this manner because, even if you did ever gain access to someone's account you still couldn't gain any financial advantage whatsoever... it's a fair amount of work to accomplish and therefore doing it for fun isn't really as easy an option as you suggest, and there has to be something to gain from doing it, and there really isn't, not in this case anyway.
BTW I'm also a software engineer, and so is Mario.
Posted: Sun Mar 31, 2019 5:12 am
As a software engineer I can confirm that what Ramona is saying is true. Something like a "man in the middle attack" is not that difficult to accomplish when non-secure communication takes place (even with a secured log-in layer), and since the service is potentially destructive in a monetary / eBay user rating sense, this should be taken seriously. There are enough trolls on the internet that would do this just for fun. I am a new subscriber (paid service) to Gixen and when I noticed the service isn't consistently using HTTPS, I decided to dive into the forum to find out why... In this day and age there is no good reason to
use HTTPS for this type of use case.
Posted: Sat Nov 10, 2018 9:24 am
It's not quite that simple - any HTTP connection is at risk (albeit small) of being intercepted and, for example, serving malware to the browser requesting the connection.
This is why all the major browsers are moving to a position where they are flagging up any non-HTTPS connection as "insecure".
The performance overhead of using HTTPS over HTTP is quite small, and there's really no good excuse for any web site not to be using (exclusively) HTTPS these days.
Posted: Fri Nov 09, 2018 1:35 am
The Gixen software hasn't changed Bob.
Your credentials are sent securely, and that is what matters. What I'm saying is, it is secure, when it needs to be.
Posted: Thu Nov 08, 2018 7:28 pm
Hey Mark I use Chrome. Im not great at computer stuff I just do what it says.
Its red and says do not enter passwords and stuff etc.
Im 99% sure it was secure (https) I hardly ever see this but on "girl" sites LOL.
As much as I use Gixen I would of noticed if it was Not secure before.
Posted: Thu Nov 08, 2018 6:37 am
Your credentials are sent securely, which is what matters.
If you have a Mirror subscription Gixen also keeps using the https (secure) protocol after you log in. If not it doesn't because hosting adverts precludes it's use, that doesn't make the site insecure though.
I don't think this has changed for a long time, if you are seeing a difference it's probably due to an update to your browser software, which browser do you use ?
Posted: Wed Nov 07, 2018 6:44 pm
Post subject: Is Gixen site not secure?
My address bar now says (Not secure) It use to say (https) in Gixen.
Whats up with that?
© 2019 Gixen.com. Forum powered by phpBB © 2001, 2005 phpBB Group.