overwraith Posted November 5, 2015 Share Posted November 5, 2015 Hello everybody, for the past few months I have been noticing that certain elements of this site have been unencrypted, for example, when I visit the Hak 5 main page, there are elements, such as pictures or something which are unencrypted. I have also noticed that the main forums have been encrypted, but whenever I click into a specific topic things are unencrypted. Is someone man in the middleing me, or is this a website specific problem? Everything appears to be encrypted correctly now however. Quote Link to comment Share on other sites More sharing options...
fugu Posted November 5, 2015 Share Posted November 5, 2015 the next time you see a problem, record as much info as you can, even if it's just saving from the browser its html source code in a text editor. Look at dns requests/responses, troute, even a ping might tell you a little bit. All else fails, look at a tcpdump of the interface. Quote Link to comment Share on other sites More sharing options...
Rhiza Posted November 5, 2015 Share Posted November 5, 2015 Last time I checked, I was able to do session hijacking. Was couple of months ago.When paranoid, I always use "https everywhere" by EFF. It's a firefox plugin and I hardly ever notice it's wonderful magic. Quote Link to comment Share on other sites More sharing options...
overwraith Posted November 5, 2015 Author Share Posted November 5, 2015 I actually do use HTTPS everywhere, and though this forum post may suggest otherwise I actually don't care that much where people know I am browsing to. I was mostly just wondering if the site had changed their encryption practices to exclude images. Quote Link to comment Share on other sites More sharing options...
cooper Posted November 6, 2015 Share Posted November 6, 2015 I noticed on this forum that embedding a youtube movie triggers ABP to block something, which kinda makes sense. The http on https stuff I suspect has something to do with people being able to specify a URL to be used for their forum pic rather than forcing them to upload the actual picture and serving it from the forum server itself. It's how some forum users try to figure out your actual IP (for little more reason than knowing that they can). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.