security questions
Brandon Kim
brandon.kim at brandontek.com
Sun Mar 14 02:08:56 UTC 2010
Yup, what Larry said.....I wouldn't be too concerned about it. But some managers may make a big deal...
Some sites use images located at a different webserver that isn't HTTPS, and sometimes there are
hidden iframes that bring you info from non-secure sites. But the actual login is posted to an HTTPS server.
Hope that helps.
Brandon
Follow me:
twitter.com/brandontek
> Date: Sat, 13 Mar 2010 20:14:26 -0600
> From: larry-lists at maxqe.com
> To: adriankok2000 at yahoo.com.hk
> Subject: Re: security questions
> CC: nanog at nanog.org
>
> adrian kok wrote:
> > Hi
> >
> > I have questions about security
> >
> > I am using mozila to access gmail as https://mail.google.com/mail
> >
> > Why mozilla prompts me the alert box?
> >
> > "You have requested an encrypted page that contains some unencrypted information. Information that you see or enter on this page could easily be read by a third party."
> >
> > 1/ Can network software help to check? if yes. which software and how?
> >
> > 2/ How mozilla knows I have data not encrypted?
> >
> > 3/ ls https secured? If not. why it is PCI?
> >
> > Thank you
> >
> > Send instant messages to your online friends http://uk.messenger.yahoo.com
> >
>
>
> This message is saying that Google is including things using http://
> in the site. This is common with Images. The login is still secure,
> just they just are not using SSL for some things.
>
>
>
> [ ~ ] >> lynx --dump mail.google.com/mail|grep http\:\/\/
> http://gmail.com/app. [1]Learn more
> 1. http://www.google.com/mobile/landing/mail.html#utm_source=gmailhpp
> 2.
> http://mail.google.com/support/bin/answer.py?answer=46346&fpUrl=https%3A%2F%2Fwww.google.com%2Faccounts%2FForgotPasswd%3FfpOnly%3D1%26continue%3Dhttp%253A%252F%252Fmail.google.com%252Fmail%252F%253Fui%253Dhtml%2526zy%253Dl%26service%3Dmail%26ltmpl%3Ddefault&fuUrl=https%3A%2F%2Fwww.google.com%2Faccounts%2FForgotPasswd%3FfuOnly%3D1%26continue%3Dhttp%253A%252F%252Fmail.google.com%252Fmail%252F%253Fui%253Dhtml%2526zy%253Dl%26service%3Dmail%26ltmpl%3Ddefault&hl=en
> 3. http://mail.google.com/mail/signup
> 4. http://mail.google.com/mail/help/intl/en/about.html
> 5. http://mail.google.com/mail/help/intl/en/about_whatsnew.html
> 6.
> http://www.google.com/apps/intl/en/business/gmail.html#utm_medium=et&utm_source=gmail-signin-en&utm_campaign=crossnav
> 7.
> http://gmailblog.blogspot.com/?utm_source=en-gmftr&utm_medium=et&utm_content=gmftr
> 8. http://mail.google.com/mail/help/intl/en/terms.html
> 9. http://mail.google.com/support/
>
More information about the NANOG
mailing list