Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    • MSE Andrea
    • By MSE Andrea 1st Feb 17, 12:24 PM
    • 8,707Posts
    • 20,987Thanks
    MSE Andrea
    "Not secure" in Forum url
    • #1
    • 1st Feb 17, 12:24 PM
    "Not secure" in Forum url 1st Feb 17 at 12:24 PM
    Hi everyone

    You may have seen the words “not secure” in your url when visiting the forum in the last few days. This is a change Google has recently put into place for sites that don’t run on HTTPS.

    Our technical team is working on this now and you should see it disappear once the work's been rolled out.

    Thanks for your patience.

    MSE Forum Team
    Could you do with a Money Makeover?


    Follow MSE on other Social Media:
    MSE Facebook, MSE Twitter, MSE Deals Facebook, MSE Deals Twitter, Forum Twitter, Instagram, Pinterest
    Join the MSE Forum
    Get the Free MoneySavingExpert Money Tips E-mail
    Report inappropriate posts: click the report button
    Point out a rate/product change
    Flag a news story: news@moneysavingexpert.com
Page 1
    • kwikbreaks
    • By kwikbreaks 3rd Mar 17, 10:50 PM
    • 8,841 Posts
    • 4,419 Thanks
    kwikbreaks
    • #2
    • 3rd Mar 17, 10:50 PM
    • #2
    • 3rd Mar 17, 10:50 PM
    It's worth noting that the change simply highlights the fact that the MSE login isn't HTTPS and has always been insecure not that any change made by Google has somehow made the login insecure.
    • alanq
    • By alanq 23rd Mar 17, 4:31 PM
    • 3,856 Posts
    • 2,478 Thanks
    alanq
    • #3
    • 23rd Mar 17, 4:31 PM
    • #3
    • 23rd Mar 17, 4:31 PM
    This issue also affects Firefox 52.0.1.

    https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http/
    I'm a Board Guide on the Budgeting and Bank Accounts, Savings & Investments, Food Shopping and Over 50s MoneySaving boards. I volunteer to help get your forum questions answered and keep the forum running smoothly. Any views are mine and not the official line of moneysavingexpert .com. Board guides are not moderators. If you spot an inappropriate or illegal post then please report it to forumteam@moneysavingexpert.com
    • Jabba_flabba
    • By Jabba_flabba 29th Apr 17, 11:30 AM
    • 66 Posts
    • 25 Thanks
    Jabba_flabba
    • #4
    • 29th Apr 17, 11:30 AM
    This really isn't about any particular browser...
    • #4
    • 29th Apr 17, 11:30 AM
    ...it's about the absence of transport layer security for sending/receiving data (and, most importantly, sending passwords).

    I'd love to know what the technical team are so busy with that justifies continuing to run this site without SSL. Sending passwords in the clear is just plain bad and inexcusable in 2017. Wireshark screenshot:



    My advice to users of this site is to make sure your MSE password isn't the same or even close to the same as the passwords you use for more sensitive sites such as your email (password reuse is generally bad anyway - but particularly worth emphasising here).

    The reason for my advice should be plain enough; if your MSE password gets stolen, say, because you've used it while being connected to e.g. open access WiFi, then it's possible the thief could then access your email.
    • DragonQ
    • By DragonQ 26th May 17, 11:50 PM
    • 1,983 Posts
    • 666 Thanks
    DragonQ
    • #5
    • 26th May 17, 11:50 PM
    • #5
    • 26th May 17, 11:50 PM
    Still no HTTPS 4 months later. Even my home website with nothing useful on it has HTTPS, it really isn't difficult to set up!
    • MSE Andrea
    • By MSE Andrea 8th Jun 17, 4:37 PM
    • 8,707 Posts
    • 20,987 Thanks
    MSE Andrea
    • #6
    • 8th Jun 17, 4:37 PM
    • #6
    • 8th Jun 17, 4:37 PM
    Hi, this is in the pipeline, we'll let you know when we have an update.

    Andrea
    Could you do with a Money Makeover?


    Follow MSE on other Social Media:
    MSE Facebook, MSE Twitter, MSE Deals Facebook, MSE Deals Twitter, Forum Twitter, Instagram, Pinterest
    Join the MSE Forum
    Get the Free MoneySavingExpert Money Tips E-mail
    Report inappropriate posts: click the report button
    Point out a rate/product change
    Flag a news story: news@moneysavingexpert.com
    • MothballsWallet
    • By MothballsWallet 30th Jun 17, 9:47 PM
    • 11,442 Posts
    • 15,027 Thanks
    MothballsWallet
    • #7
    • 30th Jun 17, 9:47 PM
    • #7
    • 30th Jun 17, 9:47 PM
    At least one more person (myself included) are getting the same thing, as per this thread.
    Always ask yourself one question: What would Gibbs do?
    Married to an immigrant.
    Even my PC is nicknamed "GIBBS".
    • RobJDean185
    • By RobJDean185 27th Sep 17, 6:14 PM
    • 1 Posts
    • 5 Thanks
    RobJDean185
    • #8
    • 27th Sep 17, 6:14 PM
    • #8
    • 27th Sep 17, 6:14 PM
    The continued lack of HTTPS is a surprising security flaw for a web site that has so many users and so much traffic. Also, failure to add HTTPS, which is specific but not technically unusual, nearly a year after the users started requesting it, implies that not enough effort is invested in security of the site (e.g. when was the last time a penetration test was run on here, is the patching up to date, do the admin staff have remote access through HTTP, etc).

    Every forum member, especially anyone logging in from public WiFi networks, is exposed to theft of their user ID and passwords as highlighted. This opens a range of risks for the individual, such as, how many people, although they shouldn't, will reuse their user name and password from here on other sites?

    I appreciate the forums might be run on a shoestring budget and this is a prioritisation not a work harder problem, but this ought to be getting attended to.
    • moneyistooshorttomention
    • By moneyistooshorttomention 28th Sep 17, 8:07 AM
    • 13,952 Posts
    • 37,913 Thanks
    moneyistooshorttomention
    • #9
    • 28th Sep 17, 8:07 AM
    • #9
    • 28th Sep 17, 8:07 AM
    over 3 months ago that it was "in the pipeline".

    Which certainly shows it is deemed extremely low priority - if indeed on the list/still on the list in the first place.
    #MeToo

    Why should our needs override the needs of all other living species? What makes us so special? (Brigit Strawbridge)
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

361Posts Today

5,022Users online

Martin's Twitter