Security Issue

Date: Fri, 10 Mar 2017 11:40:03 -0400 (AST)
From: "Andrew D. Wright" <awright@chebucto.ns.ca>
To: "Alexander E. Mackinnon" <ar688@chebucto.ns.ca>
References: <20170310094418.8484197hco8eq8xw@webmail.chebucto.ns.ca>
Precedence: bulk
Return-Path: <help-answers-mml-owner@chebucto.ns.ca>
Original-Recipient: rfc822;"| (cd /csuite/info/lists/help-answers; /csuite/lib/arch2html)"

next message in archive
no next message in thread
previous message in archive
Index of Subjects 



         Hi Sandy. What this is is a new policy on the part of Mozilla and 
Google that any login on a non-secure http web page is itself insecure 
even if the login goes to a fully encrypted secure https page. You can 
avoid this by going to the secure Chebucto page https://www.chebucto.ns.ca 
or straight to the secure Webmail page https://webmail.chebucto.ns.ca

         If you're using the Chebucto Plus page at 
http://plus.chebucto.ns.ca we don't currently have a secure version of 
that page at this time but the Webmail login on it does send your login 
over a secure encrypted connection.

         In a nutshell the new browser policy is intended to make people 
think before entering login credentials as it isn't immediately obvious if 
a login on an unsecure page goes to a secure or insecure site. In our 
case, the logins are secure but that isn't true for every site every where 
so their point is valid. There is also the possibility an insecure page 
could be misdirected or otherwise compromised, though this is thankfully a 
pretty rare event.







On Fri, 10 Mar 2017, Alexander E. Mackinnon wrote:

> Dear Chebucto:
>
> I have my Chebucto Community Net homepage bookmarked for easier access. Today 
> for the first time I am getting the message (see below) from Mozilla Support 
> that my Chebucto e-mail access is insecure. I am accessing the Chebucto main 
> webpage via my bookmark (as I have done for years) and entering my login, 
> then up pops this message.
>
> https://support.mozilla.org/t5/Protect-your-privacy/Insecure-password-warning-in-Firefox/ta-p/27861
>
> I decided to go back to the Mozilla homepage, manually type in Chebucto 
> Community Net and bring up, by all appearances, the same Chebucto webpage I 
> would see using my bookmark. Now it is allowing me to enter my login without 
> the insecure warning. What is happening? what is the difference?
>
> Why would my longstanding bookmark access now be deemed insecure?  Please 
> advise.
>
> Sandy
>
>

next message in archive
no next message in thread
previous message in archive
Index of Subjects