Security warning when login to LL

[FVHrc0E]

Every time log into LL get a Security Warning:

"The information you have entered on this page will be sent over an insecure connection and could be read by a third party.

Are you sure you want to send this information?"

 

This warning started with the most recent LL update.

 

Is there something I can do to make sure my login information is not sent over an insecure connection? That is, how do I log into LL securely (without compromising my login information)?

 

[KoreanPriestess]

What browser are you using?

[Uncle64]

Sounds that you have some issues in your PC.

You should scan your PC for Maleware and stuff.

[Mashi]

If you're using HTTPS everywhere, you'll occasionally see things like that especially with sites that have mixed-content(secure and non-secure).

[myuhinny]

LL doesn't have https in front of the www. which makes it not secure there are many sites like this out there. If you are using chrome in front of the link address there should be a circle with a ! in it. If you click it it'll tell you your connection to this site isn't secure and give some other info. It has been like this for quite awhile now.

[pinky6225]

Been a while since i've seen a HTTPS thread, believe all the answers are in http://www.loverslab.com/topic/44613-full-ssl-https-support-for-the-entire-forum/

[ruddycray]

With all due respect to prideslayer, he's way off the mark in that thread. YouTube encrypts everything not to avoid your ISP seeing what videos you view (though that's a fine goal in itself; more on that in a moment), but to prevent session hijacking. If you only encrypt the login page, then someone can run something like Firesheep and do things with your account.

 

Beyond that, encrypting only the important things leaks information about what's important and what is not.

[bicobus]

With all due respect to prideslayer, he's way off the mark in that thread. YouTube encrypts everything not to avoid your ISP seeing what videos you view (though that's a fine goal in itself; more on that in a moment), but to prevent session hijacking. If you only encrypt the login page, then someone can run something like Firesheep and do things with your account.

 

Beyond that, encrypting only the important things leaks information about what's important and what is not.

 

This, and the fact that any listener (ISP included) can insert code into LL pages the user view. It can and has happened.

[bjornk]

The ISP I'm using has attempted to inject its own ads into random pages twice. I'm not sure if they have stopped doing that as I did a few changes on my side to prevent it. They read the first external JavaScript file name from the source code of the actual page and then they inject their JS code right at the end of that file and then send you this literally "infected" file. The ad then views a YT video of one of their video ads in a separate iframe. They can't do this if the page is encrypted (i.e. over SSL/HTTPS).

 

Back when I wrote about it in that archived thread, it was only a "possibility", now a reality for me.

[loopie]

AdBlock Plus, Ghostery, WebRTC leak prevent, + any VPN, even weak encryption, solve many of these issues. You do need to go to your advanced browser settings and each respective plugin / extension settings and enable / disable what needs to be enabled / disabled.

 

If you don't want to subscribe to a VPN, try Opera browser, it comes with a free one built-in (just enable and set it it up), but its very crappy and you'll have slow connection with many breaks, it is functional enough for web page browsing though.

 

[myuhinny]

I use ABP, ghostery and there is also fair adblocker by stands which can be used to control what you want to block on a site you can block all or block some but allow others so that you can help support the site that you are on. One thing I like about it is their block a item on the page allows you to block multiple things at one time on a page unlike adblocker where it only blocks one thing at a time.