Am getting warning for Kitmaker that the self-signed certificate for *.Kitmaker is cannot be validated. Anyone else seeing this?

Clear sailing on Norton

I have noted there are some links and such on Google that point to the secure version of the site (https) and yeah we don't pay hundreds of dollars a year for those type of security certificates as we aren't doing any transactions that really need that.

If you just drop the 's' from the URL it will take you to the non-encrypted version of the site.

Cheers,
Jim

Jim

Not to be a troublemaker, so does that mean that user information, like username and password are transported without encryption? Does that not but peoples passwords in jeopardy? Thus allowing the possibility of accounts being hacked? Some users may have information in their profile they would not want to be made public.

How is the site ensuring that username and passwords are secure in transport at login without encryption?

Just curious?


Kevin

The passwords on the KitMaker Network are encrypted.

A quick check in Fiddler, a web traffic capture tool, for my login, shows the username and password are shown in plain text via HTTP, not HTTPS. Thus the password is not encrypted when submitted from browser and is not encrypted in transport.

Yes and no.

Yes, any logins people use on non HTTPS pages would be transmitted from your client via your ISP to the server un-encrypted. Being that pretty much only banks, commerce sites, Facebook, Google, etc force using encrypted logins that leaves about 80% of the rest of sites that do not. After all you don't store credit card info or the like here on KitMaker.

No, if you want to login using encryption you can do that. But now thanks to all the extra hoops on most browsers you have to click past all the WARNING WARNING WARNING crap. Once you do that you do have an actually encrypted connection to the server, there is just no authentication certificate that costs $200 annually.

Cheers,
Jim