OzBargain has changed to https:

Nevergreen on 26/06/2014 - 02:09

Anybody else notice this site is now using https: instead of plain http?

Curious why the change ….?

Site Discussion

Comments

  • Moderatorneil on 26/06/2014 - 02:41

    OzBargain switched to https in December 2013. :)

  • retiredfeline on 26/06/2014 - 07:13

    Curious why the change ….?

    More privacy is a good thing these days.

  • [Deactivated] on 26/06/2014 - 08:06

    Greenpossum meets Nevergreen in a thread.
    Matter meets Anti-matter.

    Holy freaking disintegration, Batman.
    This is a sad day.

    Forget bloody secure hypertext transfer protocols.
    I can only assume that two OzBargain members are now dead.

    Heartbleed.
    Vulnerability.

    Neil, I'm starting a forum post about sourcing a great deal on flowers.
    I DON'T KNOW WHAT ELSE TO DO.

    Gp, Ng - if you can read this, can you communicate with us from the Netherworld?
    Are there any bargains there?

    Yes? No?
    Either way, stay strong.

    • retiredfeline on 26/06/2014 - 08:23

      There is nothing wrong with the protocol, it was the implementation that was flawed by a commit which went straight into production. It was sad that a crucial project such as openssl was not resourced and audited better. Sometimes too much trust is placed on the many eyes hypothesis. And note, openssl is not the only suite. It was sad that so much software depended on it. More diversity would have been better.

      What is the alternative, that all your CC info travels in the clear?

      • [Deactivated] on 26/06/2014 - 08:28

        gp, is that really you?

        • retiredfeline on 26/06/2014 - 08:30
          +1

          No, I'm the NSA.

        • [Deactivated] on 26/06/2014 - 08:34
          +1

          NNNOOOOOOOOOOOOOOO!!!!!

    • scotty on 27/06/2014 - 08:26

      You are giving way too much credibility to heartbleed bug, which only affects OzBargain for a few months (Jan-Apr this year) when we used OpenSSL 1.0.1. You probably got these info from the newspaper websites (Fairfax?) which aren't even on HTTPS. If you think hacking an SSL heartbleed site is easy (which is not), give a try on a http site that provides no protection whatsoever against sniffing or mitm :)

      Personally I think with the ease of hijacking http websites from insecured or untrusted network, ALL websites should be on HTTPS. Next time you open a http site from an open WiFi or even school network, ask yourself "are you sure you are connecting to the right website?" Instead of network operator re-route the packets somewhere else pretending to be the website you are looking at, i.e. MitM?

      • [Deactivated] on 27/06/2014 - 08:53
        +1

        I barely know what to say scotty, other than the fact that my use of the words 'Heartbleed' and 'Vulnerability' had about as much to do with 'Heartbleed Vulnerability' as did the success of my attempt to combine humour and pathos did with being actually perceived as humour and pathos.

        Shouldn't have bothered. Ever since yesterday, I've been trying to forget that I even tried.
        Have a good day.

Login or Join to leave a comment
Login Join