[123725] in North American Network Operators' Group
RE: security questions
daemon@ATHENA.MIT.EDU (Brandon Kim)
Sat Mar 13 22:09:29 2010
From: Brandon Kim <brandon.kim@brandontek.com>
To: <nanog@nanog.org>
Date: Sat, 13 Mar 2010 22:08:56 -0400
In-Reply-To: <4B9C4682.1050500@maxqe.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Yup=2C what Larry said.....I wouldn't be too concerned about it. But some m=
anagers may make a big deal...
Some sites use images located at a different webserver that isn't HTTPS=2C =
and sometimes there are
hidden iframes that bring you info from non-secure sites. But the actual lo=
gin is posted to an HTTPS server.
Hope that helps.
Brandon
Follow me:
twitter.com/brandontek
> Date: Sat=2C 13 Mar 2010 20:14:26 -0600
> From: larry-lists@maxqe.com
> To: adriankok2000@yahoo.com.hk
> Subject: Re: security questions
> CC: nanog@nanog.org
>=20
> adrian kok wrote:
> > Hi
> >=20
> > I have questions about security
> >=20
> > I am using mozila to access gmail as https://mail.google.com/mail
> >=20
> > Why mozilla prompts me the alert box?
> >=20
> > "You have requested an encrypted page that contains some unencrypted in=
formation. Information that you see or enter on this page could easily be r=
ead by a third party."
> >=20
> > 1/ Can network software help to check? if yes. which software and how?
> >=20
> > 2/ How mozilla knows I have data not encrypted?=20
> >=20
> > 3/ ls https secured? If not. why it is PCI?
> >=20
> > Thank you
> >=20
> > Send instant messages to your online friends http://uk.messenger.yahoo.=
com=20
> >=20
>=20
>=20
> This message is saying that Google is including things using http://=20
> in the site. This is common with Images. The login is still secure=2C=20
> just they just are not using SSL for some things.
>=20
>=20
>=20
> [ ~ ] >> lynx --dump mail.google.com/mail|grep http\:\/\/
> http://gmail.com/app. [1]Learn more
> 1. http://www.google.com/mobile/landing/mail.html#utm_source=3Dgmailh=
pp
> 2.=20
> http://mail.google.com/support/bin/answer.py?answer=3D46346&fpUrl=3Dhttps=
%3A%2F%2Fwww.google.com%2Faccounts%2FForgotPasswd%3FfpOnly%3D1%26continue%3=
Dhttp%253A%252F%252Fmail.google.com%252Fmail%252F%253Fui%253Dhtml%2526zy%25=
3Dl%26service%3Dmail%26ltmpl%3Ddefault&fuUrl=3Dhttps%3A%2F%2Fwww.google.com=
%2Faccounts%2FForgotPasswd%3FfuOnly%3D1%26continue%3Dhttp%253A%252F%252Fmai=
l.google.com%252Fmail%252F%253Fui%253Dhtml%2526zy%253Dl%26service%3Dmail%26=
ltmpl%3Ddefault&hl=3Den
> 3. http://mail.google.com/mail/signup
> 4. http://mail.google.com/mail/help/intl/en/about.html
> 5. http://mail.google.com/mail/help/intl/en/about_whatsnew.html
> 6.=20
> http://www.google.com/apps/intl/en/business/gmail.html#utm_medium=3Det&ut=
m_source=3Dgmail-signin-en&utm_campaign=3Dcrossnav
> 7.=20
> http://gmailblog.blogspot.com/?utm_source=3Den-gmftr&utm_medium=3Det&utm_=
content=3Dgmftr
> 8. http://mail.google.com/mail/help/intl/en/terms.html
> 9. http://mail.google.com/support/
>=20
=
