Author Message
PostPosted: Mon Apr 01, 2019 8:35 am    Post subject:

I agree that a small risk remains when not using https everywhere, and the motivation for this has indeed been ad income. I am changing this, however - and now you should see https everywhere. If you don't and still see a page server as plain http, please let me know.
PostPosted: Sun Mar 31, 2019 1:34 pm    Post subject:

As far as I am aware the reason Gixen doesn't use if for everything is because you can't host adverts over an https connection.

Subscribers get a secure connection for everything once they are logged in, as one you'll already be aware of that so I'm happy to highlight that your implication that this may not be the case is slightly misplaced. There is no loss of income for Gixen from this because one of the advantages of having a Mirror subscription is not to have those adverts.

So, I think making everything Https would also have to result in removal of the free service for anyone as well... which would not be popular and a sad loss to those that use the service very infrequently.

I've acknowledged 'man in the middle' scenarios in the past, and yes they are indeed possible, however just because something is possible doesn't make it likely and certainly not probable in any sense. They are extremely rare and only ever worthwhile for websites that a large majority of people use. We couldn't claim that applies to Gixen, even as a very well renowned sniping service.

It would never be worthwhile to attack a service like Gixen in this manner because, even if you did ever gain access to someone's account you still couldn't gain any financial advantage whatsoever... it's a fair amount of work to accomplish and therefore doing it for fun isn't really as easy an option as you suggest, and there has to be something to gain from doing it, and there really isn't, not in this case anyway.

BTW I'm also a software engineer, and so is Mario.
PostPosted: Sun Mar 31, 2019 5:12 am    Post subject:

As a software engineer I can confirm that what Ramona is saying is true. Something like a "man in the middle attack" is not that difficult to accomplish when non-secure communication takes place (even with a secured log-in layer), and since the service is potentially destructive in a monetary / eBay user rating sense, this should be taken seriously. There are enough trolls on the internet that would do this just for fun. I am a new subscriber (paid service) to Gixen and when I noticed the service isn't consistently using HTTPS, I decided to dive into the forum to find out why... In this day and age there is no good reason to not use HTTPS for this type of use case.
PostPosted: Sat Nov 10, 2018 9:24 am    Post subject:

It's not quite that simple - any HTTP connection is at risk (albeit small) of being intercepted and, for example, serving malware to the browser requesting the connection.

This is why all the major browsers are moving to a position where they are flagging up any non-HTTPS connection as "insecure".

The performance overhead of using HTTPS over HTTP is quite small, and there's really no good excuse for any web site not to be using (exclusively) HTTPS these days.
PostPosted: Fri Nov 09, 2018 1:35 am    Post subject:

The Gixen software hasn't changed Bob.

Your credentials are sent securely, and that is what matters. What I'm saying is, it is secure, when it needs to be.
PostPosted: Thu Nov 08, 2018 7:28 pm    Post subject:

Hey Mark I use Chrome. Im not great at computer stuff I just do what it says.
Its red and says do not enter passwords and stuff etc.
Im 99% sure it was secure (https) I hardly ever see this but on "girl" sites LOL.
As much as I use Gixen I would of noticed if it was Not secure before.

PostPosted: Thu Nov 08, 2018 6:37 am    Post subject:

Your credentials are sent securely, which is what matters.

If you have a Mirror subscription Gixen also keeps using the https (secure) protocol after you log in. If not it doesn't because hosting adverts precludes it's use, that doesn't make the site insecure though.

I don't think this has changed for a long time, if you are seeing a difference it's probably due to an update to your browser software, which browser do you use ?
PostPosted: Wed Nov 07, 2018 6:44 pm    Post subject: Is Gixen site not secure?

My address bar now says (Not secure) It use to say (https) in Gixen.
Whats up with that?


Powered by phpBB © 2001, 2005 phpBB Group