(engineer attention) HTTPS? Not Secure? What's up with the security here?

Site access by "bluelight.org" in Chrome address bar nolonger gives https link

Hi. I noticed over the past couple of weeks if I enter only bluelight.org into my chrome address bar I get "Not Secure" message in the site link. I do get an https link if I fully qualify the url. Example: https://bluelight.org.This is recent behavior. I recieved an https page up until a couple of weeks ago. Just information for the engineering staff.Cheers.
 
HTTPS login issues; possible security breaches

When connecting through HTTPS to BL, there are some...issues, whereby it doesn't recognize the password when username/PWD are inputted, using the login panel at the upper right corner of the screen. Not only that, but it also displays the password in plaintext, so I KNOW that the password has been correctly entered.

The result is a failed login and being taken to a screen where it informs the user they have used 1/5 attempts to login within a period of time, and a username/pwd entry panel. Entering them here, works.

This is concerning, given that if someone were to be sniffing the wire, they could capture capture and compare, plaintext vs encrypted data amounting to the same, the plaintext failing to work, but that the same data, as a hash etc. could be mapped onto the plaintext from the working encrypted version, possibly.

If nothing else then it is at best a real pain in the arse. Only happens when making an HTTPS connection to the site, not via HTTP or bluelight.org without specifying.
 
What do you mean by "displays the password as plaintext"? Do you mean it sends it over the wire as plaintext?

I don't know if this applies here, but I do know that most forum software, even if it's not over https, will encrypt the password client-side with Javascript before transmit. If that's not happening with the top right hand login that might be why it's having problems.

I'm not in charge of anything I'm just curious, could you explain in greater detail what you're referring to exactly?
 
"Not secure" warning whenever I type anything.

Why is this website not secure but no other website is?
 
because we were bought by the russians and are hacking members for votes.


The rel answer is that we tried to modify the site to https awhile back, but it seems the person doing it did an incomplete job of it :\ We're looking into an upgrade of site software (new and improved! coming soon! free set of ginsu knives! we will beat our local competitors!must provide proof of purchase within 30 days) and fully expect https compliance with that upgrade.
 
Secure log in.

I am a Firefox user and Firefox tells me that logging in on this site is not secure.
I wonder if you could change the settings to change that.
Thanks in advance
AugustaB.
 
I've merged a lot of related threads and answers about the 'Not Secure' notice that browsers are giving our members. I'll update the OP with the relevant information, but the gist of it is we attempted to implement https level security and it was only partially done correctly. Bluelight time means our volunteers took nearly 2-3 years to implement, and it isn't set right. We do anticipate having it corrected soon (like weeks, not Bluelight volunteer time that turns into years). Please bear with us.
 
Top