Western Railroad Discussion > TO.com secure connection

Has anyone else noted once you navigate off the home page to a discussion a green padlock icon shows up on the left side of the URL indicating an https secure connection? It just gets better here all the time. Thanks, Todd.

actually I get an error message to the effect not a secure location, although I'm wondering now if it from Kaspersky anti virus program. Doug

Let's try this again. I have McAfee and I've been getting it to. Look for a recent thread called "Is it me?". It explains some things.

ALCO630 Wrote:
-------------------------------------------------------
> hoggerdoug Wrote:
> --------------------------------------------------
> -----
> > actually I get an error message to the effect
> not
> > a secure location, although I'm wondering now
> if
> > it from Kaspersky anti virus program. Doug
>
> Posted from Android

Doug Wetherhold
Macungie, PA

I have been getting the same message for about two weeks. Timed to the latest upgrade of Windows 10 and Norton with security "upgrades". I did notice that it not only limited to TO but to at least 3 other web sites that I visit.

I receive it and I neither have Windows 10 or a functioning Anti-virus program.
The best I can tell it is a Firefox warning, the only browser I use, but it may also come through Windows even though still on 8.1.
I get it for very few sites, not even Sputnik news, my favorite site to find out what is really happening world wide.

Bob

I also have Windows 10 and Norton and the green padlock is on my computer.

Shows up on my Firefox browser.

Me too. a real PITA. How to make it go away?

DLM Wrote:
-------------------------------------------------------
> Shows up on my Firefox browser.

Ditto. Yesterday was the first I'd noticed.

TJY

Why is it a PITA and why do you want to get rid of it? It is just an indication the connection is safer from hacking than a nonsecure http connection. You want that padlock icon if you are sending a credit card number when ordering merchandise online or banking.

And yet the sign in page is not https.

I think the PITA they are talking about is the flag when you log onto T.O. telling me that it is an insecure site. Once logged on the green padlock shows. My work computer is XP (believe it or not) with Avast. So it probably isn't Windows, more likely FireFox, Chrome don't show the warning.
Gonut

ALCO630 Wrote:
-------------------------------------------------------
> Let's try this again. I have McAfee and I've been
> getting it to. Look for a recent thread called "Is
> it me?". It explains some things.
>

Friends dont let friends use McCrappy.

Only Secure Content is Displayed..
I have windows 7 and that's the message Every time I switch locations within TO.

up833 Wrote:
-------------------------------------------------------
> Only Secure Content is Displayed..
> I have windows 7 and that's the message Every time
> I switch locations within TO.

Possibly this is the issue for some people - this page has both insecure and secure content. There is a script downloaded by HTTP (not HTTPS), and there's some embedded script which I CBA to debug to see if it is a factor. My FF is set to only download secure content so I get a green padlock and no errors, but https://support.mozilla.org/en-US/kb/mixed-content-blocking-firefox suggests unblocked might get warnings.

We are in the process of moving the entire web site to ssl (https). Every day we move something over and test it. This is not by my choice. Google and the browser distributors are forcing web sites to do this. If we don't, visitors are greeted by browser warnings. Eventually, our site will probably be flagged as hazardous if we don't comply. For most sites this is a trivial conversion, but for our system it is quite complex as we have different systems that interact.

The green padlock is an extended validation SSL certificate that we hold for the web site. Banks and other big organizations use these sorts of certificates as they prove to visitor that site is legitimate. In order to get one your business goes through a background check vetting process. Regular SSL certificates are pretty easy to get and only verify that your connection with the server is encrypted. The green bar indicates not only secure connection, but that the business is who they say they are. We have had the certificate for several years, but we added a second on January for converting the site to ssl.

Todd Clark
Canyon Country, CA
Trainorders.com

fyi here is the prior discussion about the trainorders site upgrades with the modern SSL and browser based security upgrades.
This is just from the other day --less than a week ago :

https://www.trainorders.com/discussion/read.php?1,4274370

----Daniel

Thanks, Todd, for all you're doing!

webmaster Wrote:
-------------------------------------------------------
> We are in the process of moving the entire web
> site to ssl (https). Every day we move something
> over and test it. This is not by my choice.
> Google and the browser distributors are forcing
> web sites to do this. If we don't, visitors are
> greeted by browser warnings. Eventually, our site
> will probably be flagged as hazardous if we don't
> comply. For most sites this is a trivial
> conversion, but for our system it is quite complex
> as we have different systems that interact.
>
> The green padlock is an extended validation SSL
> certificate that we hold for the web site. Banks
> and other big organizations use these sorts of
> certificates as they prove to visitor that site is
> legitimate. In order to get one your business
> goes through a background check vetting process.
> Regular SSL certificates are pretty easy to get
> and only verify that your connection with the
> server is encrypted. The green bar indicates not
> only secure connection, but that the business is
> who they say they are. We have had the certificate
> for several years, but we added a second on
> January for converting the site to ssl.

Todd,

Going to all ssl is a good thing you're doing, and very
necessary in today's world. Keep up the great work!

- Bruce

CZ10 Wrote:
-------------------------------------------------------
> Going to all ssl is a good thing you're doing, and
> very
> necessary in today's world. Keep up the great
> work!
>
> - Bruce

Those of us in the IT industry know that the push for everything using SSL will not in the long run make things any safer. Why, any Tom, Dick or Harry can pay for a hosted virtual server, register a domain name, get a free SSL cert and have a fake website up in 30 minutes or less and distribute a phishing campain getting some poeple to go to a wrong link and enter their username and password. Tell me, how would most people tell the difference between a green bar for https://www.trainorders.com and https://www.tralnorders.com ?

We have to do it because Google says so, and if Google says so then FireFox says so, then the NIX community says so, so Micorosoft has to say Says so.

It is just another game of manipulation.