Active Now

Element 99
Discussion » Questions » answerMug » I have never had trouble with Answer Mug being a secure site, but I keep getting these bogus warnings,. WHY?

I have never had trouble with Answer Mug being a secure site, but I keep getting these bogus warnings,. WHY?

What is up with these popup warnings saying this is not a secure site?  What IS a secure site vs. an unsecure site?   Am I just being insecure?

Posted - June 7, 2017

Responses


  • I get those on some sites but not this one. It's usually an over protective AV that does that. This site is pretty secure as my AV has a green check mark on it and a lock of the bar that means secure. Some sites will pop up like that because your AV isn't sure about it. Nothing much to worry about. Any time you type in a website and there is a lock next to the site name? It means it's a secure site. Generally an insecure site will show a red check mark. Depends on what AV you are using.
      June 7, 2017 7:45 AM MDT
    3

  • 46117
    Hi ya Rooster!

    Thank you for confirming what I kind of knew.  I mean, I have been on here for long enough, even through the compromising times when Answer Mug was being re-tooled and I never had one issue. 

    On Answer Bag?  Oh My lord.  I had to take my computer in several times because of bugs I was not protected from caused by that site.

    SO, I know the site has to be safe, nothing has happened, but I was wondering what those silly warnings meant. 

    Thanks
      June 7, 2017 7:48 AM MDT
    2

  • It's just an over protective AV is all. A good AV and Malwarebytes would have stopped you from getting those bugs.
      June 7, 2017 7:50 AM MDT
    1

  • 7939
    There are generally three things your browser and antivirus look for when determining if it's "safe" or not. First, they try to make sure the site isn't designed to be malicious. If they get wind of oddball codes deploying or see other concerning things on a site, they'll usually pop up a warning and tell you not to go there. Secondly, they check to see if the site is under the control of its owner. There's a validation check that goes on in the background.

    The third aspect of a safe site, which is what people and antiviruses often refer to as "secure" or "not secure," is encryption. For example, when you click "post reply" here, any data in your text box is sent to the site, and your page refreshes with data sent from us. In theory, if you were sitting at your local Starbucks using the Wifi, a sophisticated hacker on the same network might be able to grab the data while it was in transmission. We don't handle sensitive data like credit cards and social security numbers, so the hacker would probably look at what he got and either move to another target on the same network or bide his time and hope that you go to another site and share something juicy that might benefit him. But, let's say you do hop on your bank's website while the hacker is watching you. Your bank is going to have secure socket layer (SSL) encryption. By having this setup, anything you enter gets encrypted so it cannot be read before it leaves you and it doesn't get decrypted until your bank has it. The hacker gets nothing.

    (Side note, although we do accept donations and payments for credits, all that is processed by PayPal, which does have SSL.)

    The web is making a shift toward requiring most sites to start using SSL. This is largely spurred by Google, which made a change earlier this year to start giving warnings on all sites with password fields that don't have SSL. If you happen to be using Chrome and you're on the home page, you'll see "not secure" in your address bar. The other pages without the password field just have the "info" icon, to prompt people to learn about security. Again, their worry is about passwords being nabbed while they're in transmission. Not about the site itself. But, sites that do transmit sensitive data should take the steps necessary to have encryption, and browsers/ antivirus programs want you aware of what's happening with your data.

    Historically, we weren't able to integrate SSL because of limitations of the platform the site was on. Post-migration, it was cost-prohibitive. Now, we can set it up and I probably will, just because almost nobody understands what any of these security warnings mean or what safe vs unsafe means to a browser/ antivirus.
      June 7, 2017 9:22 AM MDT
    2

  • 46117
    I was not really worried, just curious. 

    I have NEVER had an issue on here to worry about. 

    Thanks, JA.

    Maybe this will serve to quell some worries about that point for some of us.   I know you have to rehash all this to many over and over, but it does get read and needs to be posted here and there once in awhile.  I'll bet there is some feature on here that explains what you just did very clearly.   I did the lazy route. 

    Again, thank you.  This post was edited by WM BARR . =ABSOLUTE TRASH at June 7, 2017 9:26 AM MDT
      June 7, 2017 9:23 AM MDT
    0

  • 22891
    ive wondered about that too, when i come on here, its been saying its not a secure site
      June 7, 2017 3:26 PM MDT
    0