I just got Firefox 52.0 (32-bit), and it has just started popping up a Dire Warning when I try to log in here that the page is not secure.

I have no idea what's up with that, and (as you can see) it allowed me to log in, but dire warnings are dire.

I logged out to see what I would see.

The message I receive is that this site is not secure, meaning that the login is not a Https but only a Http. IE: secure/unsecure.

So it is possible that your password could be being sent in clear plaintext.

So what does that mean? If you are logging in from a public hotspot someone could have a sniffer active and collect your login information.

If you are logging in at home, or a place you have security over your router then you should be fine.

I use a free Firefox extension called HTTPS Everywhere. It will route across Https if that port is available even if not listed.

I also have Bitdefender TrafficLight which lets me know if any other sites/apps are piggybacking and collecting information on me. IE: Facebook/Google/Ad sites.

Both HTTPS Everywhere and Bitdefender report this site as safe.

I believe the 'error' you are receiving is a notification feature that they recently added. Best to be aware of your surroundings before absently logging in. I'm sure someone with a sniffer at a convention could collect a lot of passwords.


Gene, I assume you have port 443 available as I'm not receiving an alert from HTTPS Everywhere.

Jim,

Your browser is trying to alert you to the fact that anything you send to the site can be easily intercepted by someone on the internet/same network as you. It should be using HTTPS (s = secure) on the login page but it's not, and at some point this is going to cause problems. In the mean time may I suggest the following:

1) Don't re-use your magic Café password anywhere else. This is bad practise anyway, but I can't stress this enough with passwords being intercept-able. If you struggle remembering them use a free password manager (e.g. LastPass).

2) Before you hit submit/send ask yourself if you mind someone else being able to read it. Somebody could easily read what you're saying (even in private messages), so if you're unhappy if someone else got that information don't click that button!



Just to note, add-ons and extensions to browsers like "https everywhere" won't protect you in this case.

Might want to read this topic from not long ago regarding HTTPS and HTTP as described by out tech guy.

http://www.themagiccafe.com/forums/viewt......forum=50

Thanks Dave, however redirecting from https to http is just simply wrong!