Website not secure! Warning

[AndyG]

As the title says I keep getting the warning Website not Secure! When I sign in. Never got this warning before and it is slightly concerning. Anyone know what’s going on?

 

[Sicks]

Haven't had any warnings like that myself, have you had any internet problems lately? Sometimes my internet starts playing up and I get warnings like that for every site I try to open

 

[AndyG]

Nope just CMON

 

[Sicks]

Hmm turns out I have to push a button to see that on my tablet, don't know what it means though


View attachment 65657

 

[Avelorn]

It's because it's not using https:// ie the communication is not encrypted

 

[AndyG]

Forgive my IT ineptitude but does that mean the site is insecure? I have bought stuff from CMON shop using my credit cards and PayPal. Can my data be got by an unscrupulous third party? Sorry to sound melodramatic.

 

[Sicks]

When you click on the shop section it changes to the Https secure site but I can't claim I know anything about hacking, I assume it's safe, the only thing that might be reason for concern is that the shop uses the same account as the forum, it may be possible to get access to your account on the forum and then go to the shop, I've never ordered from cmon but usually even on secure sites stuff like credit card details are still blanked out so it's probably safe. It's weird that you suddenly got the warning though after years of being here

 

[AndyG]

It’s just changed there used to be a little padlock symbol next to the cmon address now it’s not there. Weird.

 

[gohkm]

Forgive my IT ineptitude but does that mean the site is insecure? I have bought stuff from CMON shop using my credit cards and PayPal. Can my data be got by an unscrupulous third party? Sorry to sound melodramatic.

It just means that any data sent between yourself and CMON shop is not encrypted. This makes it vulnerable to a sniffing, a sort of electronic eavesdropping. There's easier ways to grab your credentials, most crims won't bother with something so low level any more.

The main vulnerability remains the payment gateway I got no idea who CMON uses as their payment processor, and whether that processor is PCI-DSS certified or ISO certified or what-not certified (and even if they are, it depends greatly on the scope of applicability).

These are what we call internal controls. So as long as CMON and all their third parties have adequate internal controls (it goes beyond the technical layer), backed up by enforceable compensation policy and legislation, you're largely okay.