(engineer attention) HTTPS? Not Secure? What's up with the security here?

Since a month I noticed that when I try to enter my login and password, firefox will tell me that it is not secured and show a lock with a red X over the https bluelight address url that is in my 2 permanently pinned tabs, the one for the forum I moderate and the other for everything else. SQL Injections are still a thing that's possible here, so, I tell ya you guys should change password often...I didn't ask my bosses about this issue, but lately some previously safe sites were proven not to be, and the very last version of Firefox tells you when it's the case, I mean even places like Reddit had their search box removed and not only to search inside subs, the whole site over, because the search bar was the vector of attack on this vulnerability I heard of recently. My Linux Mint Debian Edition OS had a lot of openssl and libssl updates recently...I have to tell you guys that Heartbleed is still not entirely removed and most often it is the host of the site's fault, because there exists fully patched versions of each of these.

I'm eager for things to go back to, well, not normal, https was pretty new here, but I'm waiting.
 
alasdairm said:
https://bluelight.org/vb/content/ this thread what is the issue? alasdair
Click to expand...
I noticed that that IP was blocked by the list I use (which is updated often, it's a pay once a year list that gets updates all the time by a very well known group who since 2000 releases those ipfilter.dat files that are not the crap that comes with PeerBlock in Windows and iptables/IPBlock (gui for iptables). It was blocking ULeaseWorb has it called it, I guess the site's on a LeaseWeb server, for some reason they consider blocking LeaseWeb a good idea... I do get https now, but now I will only see a green lock when browsing BL when I am loading a link, once it is loaded, it's gone a yellow triangle with an exclamation point over it after I whitelisted ULeaseWorb. If I click it, it says Connection Not Secure, Firefox was able to block some content, the data you are viewing or entering is not protected and there's a disable protection for now grey box. Kind of annoying but not as alarming as I thought it was. I'll bring this up elsewhere.
 
When I don't disable the mixed content protection in FireFox I get a few small bugs like having to erase the Username and Password Text before being able to enter my login info. And of course the huge boxes of text that hover over the login boxes but after that I don't notice anything different. I will just have to exercise more caution when activating KGB sleeper cells and posting state secrets for wikileaks.
 
^Yip, I've also had a 'your connection is not secure' type bug in firefox. I'm just posting this here for posterity (I'll forget), and for anybody else who has the problem.

Basically both the formatting buttons at the top of a reply box, and smileys, were not displaying/working when using https.

To resolve this issue you can click 'your connection is not secure' and then check the box to disable protection, but firefox will forget this preference when you switch to a new tab.

To disable permanently you can go to about:config > security.mixed_content.block_active_content > change to false.

Hope that helps anyone in the same situation. :)
 
^ Thank You kindly,

That fixed all of the problems I have with FireFox & BL as far as Https: is concerned.
 
That seems to work when logging in but after that it just switches to regular www. insecure connection
 
I really think this is a really good idea, but I mean you don't have to say it in a negative way. You could've been like more passive and made it look more like a suggestion than a demand (i know that's exagerating it but I couldn't think of another way to word it). Any additional privacy protection is a really good thing for bluelight to have though. Yea, we're not putting our bank account info on it, yea, there's no good reason for a hack, but with all the current government spying privacy is a huge concern here. I know bluelight is legal and the government doesn't seek out users, but I can tell you for sure that at least one government agency, probably more, has profiles and recorded on every single one of us. 99% of posts here are solid evidence of illegal activities. Were not currently in legal danger for posting here, but who knows? 5 years from now bluelight might be illegal. 10 years from now the government might seek out and arrest every single one of us. And if the war on drugs intensifies to that point, we would be getting more severe charges for every single drug we have done here. With all my posts admitting to drug use, I'd face 25-40 separate charges for drug possession. Laws can change, government is constantly fluctuating, we don't know what the future would be like, so we should take precautions.
 
The war on drugs is reducing in intensity in almost all countries as they realize it is futile, this is kind of alarmist.
 
There is https, I'm cruisin on it right now btw. It's not perfect as in bank https, but if you add https to the URL you will get it.

It just doesn't get a full green lock except when I'm loading a page. What's strange is that HTTPS everywhere does not detect it, when it used to do so.
 
Last edited:
Ouch, really. I've been here two days and it's bad on me for not looking but yeah no HTTPS wow, for a site like this. Not good. If you need help getting this set-up i'm sure one of us can help out with making this happen but without it and the sort of meh it really seems way too open. Let me know if I can help some way. Will wait to post anymore at a later date.



"The war on drugs is reducing in intensity in almost all countries as they realize it is futile, this is kind of alarmist."

Not alarmist at all, thinking it is no big deal when dealing with other people's info and vices is tho. NetSec on a site like this should be paramount.
 
I just wonder why HTTPS-Everywhere (the Add-On) doesn't work with BL but works everywhere else. I didn't put it on a blacklist or anything, never used the internals of HTTPS Everywhere at all.
 
Tranced said:
^Yip, I've also had a 'your connection is not secure' type bug in firefox. I'm just posting this here for posterity (I'll forget), and for anybody else who has the problem.

Basically both the formatting buttons at the top of a reply box, and smileys, were not displaying/working when using https.

To resolve this issue you can click 'your connection is not secure' and then check the box to disable protection, but firefox will forget this preference when you switch to a new tab.

To disable permanently you can go to about:config > security.mixed_content.block_active_content > change to false.

Hope that helps anyone in the same situation. :)
Click to expand...

For me, with Firefox 54.0 in Linux, I get a red X over the lock, instead of the lock with a yellow warning sign which when I click on it says that things such as images are not protected when I do that change, so it's actually even worse. Oh well, at least I'm using Sandboxing with a linux sandboxing software, works very well. I'll attempt with another browser sometime. I got Chromium always turned on for a few sites that don't like my Firefox config/add-ons even if I disable NoScript and Disconnect entirely.

As for the security, it's not really government hackers one has to fear...most hacks, like the current one that's yet another ransomware, which was an NSA tool that the Shadow Brokers after selling them for a while just gave them all away before disappearing...the NSA has to own up to its ways and allow MS, Apple...I don't think I'm vulnerable to the current WannaCry fork that's fucking up Ukraine, a few Russian companies, Pennsylvania's hospital system, some Fedex subcontractor...and who knows what else, it's what I'm aware of right now. This is likely 17 year olds fucking shit up more than anything else and it's those you gotta fear can steal your shit and cause actual damage.

Funny how infection maps for that shit always show my country as gray, as zero infections, at least.
 
Last edited:
site encryption?

Hi.

Why does bluelight not have encrypted pages (using https:)?

Login would be visible by others.
 
You must log in or register to reply here.
Top