nanog mailing list archives

RE: security questions

From: Brandon Kim <brandon.kim () brandontek com>
Date: Sat, 13 Mar 2010 22:08:56 -0400


Yup, what Larry said.....I wouldn't be too concerned about it. But some managers may make a big deal...

Some sites use images located at a different webserver that isn't HTTPS, and sometimes there are
hidden iframes that bring you info from non-secure sites. But the actual login is posted to an HTTPS server.


Hope that helps.

Brandon

Follow me:
twitter.com/brandontek

Date: Sat, 13 Mar 2010 20:14:26 -0600
From: larry-lists () maxqe com
To: adriankok2000 () yahoo com hk
Subject: Re: security questions
CC: nanog () nanog org

adrian kok wrote:

Hi

I have questions about security

I am using mozila to access gmail as https://mail.google.com/mail

Why mozilla prompts me the alert box?

"You have requested an encrypted page that contains some unencrypted information. Information that you see or enter 
on this page could easily be read by a third party."

1/ Can network software help to check? if yes. which software and how?

2/ How mozilla knows I have data not encrypted? 

3/ ls https secured? If not. why it is PCI?

Thank you

Send instant messages to your online friends http://uk.messenger.yahoo.com



This message is saying that Google is including things using http:// 
in the site. This is common with Images. The login is still secure, 
just they just are not using SSL for some things.



  [ ~ ]  >> lynx --dump mail.google.com/mail|grep http\:\/\/
    http://gmail.com/app. [1]Learn more
    1. http://www.google.com/mobile/landing/mail.html#utm_source=gmailhpp
    2. 
http://mail.google.com/support/bin/answer.py?answer=46346&fpUrl=https%3A%2F%2Fwww.google.com%2Faccounts%2FForgotPasswd%3FfpOnly%3D1%26continue%3Dhttp%253A%252F%252Fmail.google.com%252Fmail%252F%253Fui%253Dhtml%2526zy%253Dl%26service%3Dmail%26ltmpl%3Ddefault&fuUrl=https%3A%2F%2Fwww.google.com%2Faccounts%2FForgotPasswd%3FfuOnly%3D1%26continue%3Dhttp%253A%252F%252Fmail.google.com%252Fmail%252F%253Fui%253Dhtml%2526zy%253Dl%26service%3Dmail%26ltmpl%3Ddefault&hl=en
    3. http://mail.google.com/mail/signup
    4. http://mail.google.com/mail/help/intl/en/about.html
    5. http://mail.google.com/mail/help/intl/en/about_whatsnew.html
    6. 
http://www.google.com/apps/intl/en/business/gmail.html#utm_medium=et&utm_source=gmail-signin-en&utm_campaign=crossnav
    7. 
http://gmailblog.blogspot.com/?utm_source=en-gmftr&utm_medium=et&utm_content=gmftr
    8. http://mail.google.com/mail/help/intl/en/terms.html
    9. http://mail.google.com/support/

Current thread:

security questions adrian kok (Mar 13)
- Re: security questions Larry Brower (Mar 13)
  - RE: security questions Brandon Kim (Mar 13)
    - Re: security questions Valdis . Kletnieks (Mar 14)