Unsecure connections [Solved]

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
Post Reply
confusious
Level 2
Level 2
Posts: 76
Joined: Mon Oct 30, 2017 11:00 pm
Location: Western North Carolina

Unsecure connections [Solved]

Post by confusious »

This problem happens to me no matter what os I use so I hope mint has a cure. When I am on many sites from the linuxmint community site right to my yahoo and reading my mail to changing settings such as password for my router I get a red line through my shield in the browser command line. I get the message that my connection is unsecure and can be seen by anyone. This happens on any browser I use and when I am on a https site. This especially concerns me with my router settings as I can't change my login password securely and my email is unsafe. It is strange because it does not happen to google mail etc. but happens to many things I do and not others. This seems like a severe security concern and I would appreciate any help I could get. Sorry it is the lock in my browser that has a line through it and tells me I am not secure even on https protocol.
Last edited by confusious on Sat Dec 09, 2017 8:54 pm, edited 1 time in total.
Linux Mint Cinnamon 19.1 64-bit version 3.8.6 Processor: Intel Core i5-7200U CPU @ 2.20GHz x 2

ET used Linux to phone home
kreemoweet
Level 2
Level 2
Posts: 50
Joined: Sat Feb 20, 2016 12:08 am

Re: Unsecure connections

Post by kreemoweet »

An https connection is, by definition, a secure connection, and I've never encountered any browser that could, or would, give you an "insecure" https connection to a website, unless the user has specifically instructed
the browser to ignore invalid certificates, etc. You should give a concrete example of browser and website that does this, and the content of the message you get when you click the "shield with a red line thru it".
If you're using Firefox, that warning when entering a password on a http site should be disregarded as just another piece of Mozilla idiocy.

Connections to a router's admin page are generally not https, but http using "http basic authentication", or some such term. There is really little to no possibility of this connection being compromised,
because it is all on a short length of ethernet cable entirely under your control, or else by a short local wireless connection which is inherently encrypted and secure. Remote router configuration should be set up
to use https and a strong password, at the very least.
User avatar
AZgl1500
Level 15
Level 15
Posts: 5585
Joined: Thu Dec 31, 2015 3:20 am
Location: Oklahoma where the wind comes sweeping down the plains
Contact:

Re: Unsecure connections

Post by AZgl1500 »

Yahoo has been screaming that same piece of Diatribe at me for years simply because I refuse to use their APP. Anything else in their opinion is not secure.

Well, I access my Yahoo mail from many devices with special apps on Android, Thunderbird on many PC/Laptops.....

and I have a subscription to PureVPN which ensures that my cellphones and my PCs at home are all hidden to the world.

Yet, Yahoo persists in telling me that I am unprotected.

BALDERDASH !!!



I would abandon Yahoo email in a heartbeat, but they are the only game in town that allows you to use as many Throw Away email account names as you wish.... I have had over 500 email addresses in the past when I was doing a lot of business....

They give you a canned "prefix" of FirstnameLastnameSecured-

and then you enter whatever you want after the hyphen....
that then is your throw away email address


FirstnameLastnameSecured-OverheadDoors@yahoo.com


I started this over a decade ago when spammers were rampant with stealing our email addresses. If I see a piece of spam hit my Inbox, I just delete the Throw Away email address and it is gone.
Linux Mint 19.3 Cinnamon
confusious
Level 2
Level 2
Posts: 76
Joined: Mon Oct 30, 2017 11:00 pm
Location: Western North Carolina

Re: Unsecure connections

Post by confusious »

kreemoweet wrote: You should give a concrete example of browser and website that does this, and the content of the message you get when you click the "shield with a red line thru it".
If you're using Firefox, that warning when entering a password on a http site should be disregarded as just another piece of Mozilla idiocy.

Connections to a router's admin page are generally not https, but http using "http basic authentication", or some such term. There is really little to no possibility of this connection being compromised,
I am using firefox Quantum 57.0.1 (64 bit) browser. I still got this problem before I updated to Quantum though. Right after I goto yahoo.com I get a red line through the lock. When I click on the lock it says "Connection not secure. Parts of this page are not secure (such as images). Tracking protection is inabled and permissions says "you have not granted this site any special permissions.

I tried chromium for linux and yahoo is secure. I logged into the router and it says "not secure". Your right, it does not use https though which seems risky to me and I don't understand how my router would still be secure. remote access is not enabled but that is the only option I have and it seems risky to allow remote connections. Maybe you could explain that to me. It does seem firefox is the problem though regardless of the router since yahoo is fine outside of firefox. I would hate to stop using firefox though as some of my extensions and add-ons are only available on firefox. Personally I like duck duck go and never get unsecure messages through that browser but add-ons etc. are limited.

Getting this security warning is just worrying me regardless. You don't sound too confident in firefox and it does SEEM to be the problem. Do other people have this problem with firefox?

Thanx for the response.
Linux Mint Cinnamon 19.1 64-bit version 3.8.6 Processor: Intel Core i5-7200U CPU @ 2.20GHz x 2

ET used Linux to phone home
confusious
Level 2
Level 2
Posts: 76
Joined: Mon Oct 30, 2017 11:00 pm
Location: Western North Carolina

Re: Unsecure connections

Post by confusious »

AZgl1500 wrote:Yahoo has been screaming that same piece of Diatribe at me for years simply because I refuse to use their APP. Anything else in their opinion is not secure.
AZgl1500 wrote:Well, I access my Yahoo mail from many devices with special apps on Android, Thunderbird on many PC/Laptops.....

and I have a subscription to PureVPN which ensures that my cellphones and my PCs at home are all hidden to the world.

Yet, Yahoo persists in telling me that I am unprotected.
AZgl1500 wrote:I would abandon Yahoo email in a heartbeat, but they are the only game in town that allows you to use as many Throw Away email account names as you wish.... I have had over 500 email addresses in the past when I was doing a lot of business....

They give you a canned "prefix" of FirstnameLastnameSecured-

and then you enter whatever you want after the hyphen....
that then is your throw away email address
Thank-you. Others have this problem I see. What does APP mean?

I also use a VPN. Private internet access to me and is the best in my opinion. FYI goto ipleak.com and it gives you a lot more options and settings to make your VPN more secure. It's great. VPN is still unsecure without many of these settings the site guides you through. Webgl, storage, headers etc all leak your ip.

I use the add-on "bloody vikings" which gives a lot of different ways to get disposable email address' and they are a great way to be more secure. This is 1 example also of why I stick with firefox but this security problem is still worrysome. I think I will try your way to get disposable address'. Firefox seems to suck but at the same time it has its positive points especially in terms of add-ons. Try ipleak and it recommends many add-ons which help your vpn work better such as canvas blocker, and https everywhere. Ipleak will tell you exactly what others see for your ip and tell you how to fix it. I just can't explain how well it works because your ip will be leaked without their help.
Linux Mint Cinnamon 19.1 64-bit version 3.8.6 Processor: Intel Core i5-7200U CPU @ 2.20GHz x 2

ET used Linux to phone home
Cosmo.
Level 23
Level 23
Posts: 17817
Joined: Sat Dec 06, 2014 7:34 am

Re: Unsecure connections

Post by Cosmo. »

confusious wrote:When I click on the lock it says "Connection not secure. Parts of this page are not secure (such as images). Tracking protection is inabled and permissions says "you have not granted this site any special permissions.
Here is the crucial part. The problem is called mixed content and I wrote in the last year a description about the problem.

Mixed content can for example be pictures (often avatars), which are linked in the forum. That is meant in the words above "parts of this page".
Turtletronic
Level 2
Level 2
Posts: 68
Joined: Sun Sep 11, 2016 8:04 am

Re: Unsecure connections

Post by Turtletronic »

Cosmo is right, that's a mixed content warning. Hold in mind that a

Code: Select all

https://
hosted page containing

Code: Select all

http://
based links - even if they link to the same web presence - are per definition already seen as "not secure".
A single 'insecure' link - be it to a further webpage or even an image - is sufficient to trigger this mixed content warning.
The newest browsers take this far more serious than before, ergo it will take a while until each and every website has been corrected accordingly.
My music library includes 59,860 tracks. My advice? Forget Amarok, Banshee, Clementine or Rhythmbox.
Cosmo.
Level 23
Level 23
Posts: 17817
Joined: Sat Dec 06, 2014 7:34 am

Re: Unsecure connections

Post by Cosmo. »

The problem is not necessarily the web site, in some cases it are the users. For example here in the forum: If the user has stored his avatar at imgur, he can link to it via http or https, imgur supports both. But if the user misses this simple letter s in the protocol name there is as a consequence mixed content. I remember, that xenopeek had changed some time back all imgur links for avatars fo https, if needed; in case of imgur this is relatively easy without risking to break the links. I don't know, if he does this still today.

BTW: I have in my browser disabled all mixed content, inclusive passive mixed content, so I do not see those insecurely linked pictures (and I really are happy about that, because some pictures are just bad). Since I did this I have never seen on this forum anything different than the green lock icon in FF's address bar, since the time the forum is connected via https.
Hoser Rob
Level 16
Level 16
Posts: 6959
Joined: Sat Dec 15, 2012 8:57 am

Re: Unsecure connections

Post by Hoser Rob »

kreemoweet wrote:An https connection is, by definition, a secure connection....
Actually https isn't quite as secure as people often think, but it's certainly preferable. I always use https searching, usually via startpage.
Cosmo.
Level 23
Level 23
Posts: 17817
Joined: Sat Dec 06, 2014 7:34 am

Re: Unsecure connections

Post by Cosmo. »

2 things get often mixed: connection and content.

A secured connection is secure, as long as the certificate is valid and not corrupted. But this does not mean, that the content is secure, in other words, that the web site can be trusted. Just this week security researchers have reported, that the number of phishing websites with https connection have increased dramatically in this year.
User avatar
AZgl1500
Level 15
Level 15
Posts: 5585
Joined: Thu Dec 31, 2015 3:20 am
Location: Oklahoma where the wind comes sweeping down the plains
Contact:

Re: Unsecure connections

Post by AZgl1500 »

confusious wrote:
Thank-you. Others have this problem I see. What does APP mean?
that is a reference to Android OS on cellphones, or anywhere else for that matter.

It is just shorthand for "Application"

in this case, it is a reference back to Yahoo insisting that I install their proprietary application/program/software that will run on the device/OS you are using at the moment when you read it.

https://play.google.com/store/apps/deta ... mail&hl=en

In the cellphone world, under Android, Yahoo has their own dedicated application ( software package ) that will tunnel directly into their servers and is invisible to those who would like to read your email content via WiFi snooping, or internet Packet Snooping.

They have an app for every OS you might use.
Linux Mint 19.3 Cinnamon
confusious
Level 2
Level 2
Posts: 76
Joined: Mon Oct 30, 2017 11:00 pm
Location: Western North Carolina

Re: Unsecure connections

Post by confusious »

Thank-you all for input on this. Nothing on line is totally secure but https is good and I am sure I can still trust the https protocol now. I will believe in https from now on. This forum is one of the best around and it's because of people like you. :D
Linux Mint Cinnamon 19.1 64-bit version 3.8.6 Processor: Intel Core i5-7200U CPU @ 2.20GHz x 2

ET used Linux to phone home
Post Reply

Return to “Newbie Questions”