security questions

Brandon Kim brandon.kim at brandontek.com
Sun Mar 14 02:08:56 UTC 2010


Yup, what Larry said.....I wouldn't be too concerned about it. But some managers may make a big deal...

Some sites use images located at a different webserver that isn't HTTPS, and sometimes there are
hidden iframes that bring you info from non-secure sites. But the actual login is posted to an HTTPS server.


Hope that helps.

Brandon

Follow me:
twitter.com/brandontek



> Date: Sat, 13 Mar 2010 20:14:26 -0600
> From: larry-lists at maxqe.com
> To: adriankok2000 at yahoo.com.hk
> Subject: Re: security questions
> CC: nanog at nanog.org
> 
> adrian kok wrote:
> > Hi
> > 
> > I have questions about security
> > 
> > I am using mozila to access gmail as https://mail.google.com/mail
> > 
> > Why mozilla prompts me the alert box?
> > 
> > "You have requested an encrypted page that contains some unencrypted information. Information that you see or enter on this page could easily be read by a third party."
> > 
> > 1/ Can network software help to check? if yes. which software and how?
> > 
> > 2/ How mozilla knows I have data not encrypted? 
> > 
> > 3/ ls https secured? If not. why it is PCI?
> > 
> > Thank you
> > 
> > Send instant messages to your online friends http://uk.messenger.yahoo.com 
> > 
> 
> 
> This message is saying that Google is including things using http:// 
> in the site. This is common with Images. The login is still secure, 
> just they just are not using SSL for some things.
> 
> 
> 
>   [ ~ ]  >> lynx --dump mail.google.com/mail|grep http\:\/\/
>     http://gmail.com/app. [1]Learn more
>     1. http://www.google.com/mobile/landing/mail.html#utm_source=gmailhpp
>     2. 
> http://mail.google.com/support/bin/answer.py?answer=46346&fpUrl=https%3A%2F%2Fwww.google.com%2Faccounts%2FForgotPasswd%3FfpOnly%3D1%26continue%3Dhttp%253A%252F%252Fmail.google.com%252Fmail%252F%253Fui%253Dhtml%2526zy%253Dl%26service%3Dmail%26ltmpl%3Ddefault&fuUrl=https%3A%2F%2Fwww.google.com%2Faccounts%2FForgotPasswd%3FfuOnly%3D1%26continue%3Dhttp%253A%252F%252Fmail.google.com%252Fmail%252F%253Fui%253Dhtml%2526zy%253Dl%26service%3Dmail%26ltmpl%3Ddefault&hl=en
>     3. http://mail.google.com/mail/signup
>     4. http://mail.google.com/mail/help/intl/en/about.html
>     5. http://mail.google.com/mail/help/intl/en/about_whatsnew.html
>     6. 
> http://www.google.com/apps/intl/en/business/gmail.html#utm_medium=et&utm_source=gmail-signin-en&utm_campaign=crossnav
>     7. 
> http://gmailblog.blogspot.com/?utm_source=en-gmftr&utm_medium=et&utm_content=gmftr
>     8. http://mail.google.com/mail/help/intl/en/terms.html
>     9. http://mail.google.com/support/
> 
 		 	   		  


More information about the NANOG mailing list