What's new
  • Please note members who been with us for more than 10 years have been upgraded to "Veteran" status and will receive exclusive benefits. If you wish to find out more about this or support IcMag and get same benefits, check this thread here.
  • Important notice: ICMag's T.O.U. has been updated. Please review it here. For your convenience, it is also available in the main forum menu, under 'Quick Links"!

automatic pasrsing: http -> htpps

anotherid

Member
Hi admins/moderators/whatevermaybeai could help, there is one "problem".
If I add to post some url, with/without BB code, with [noparse] every time it parse http -> https, it's lookslike some config i vBulletin has changed(new version?).
I'm only user of vBulletin, but google answer something like: Open Admincp -> Settings -> Styles & Templates -> Replacement Variable Manager

Thanks for yours time.
anotherid
 

AgentPothead

Just this guy, ya know?
Pretty sure they are enabling TLS to prevent any man in the middle attacks from grabbing your information. Realistically, all web traffic should be encoded. In fact I highly recommend https://www.eff.org/https-everywhere to anybody browsing the web. It doesn't stop your government from knowing what you are doing, but it should prevent servers handling your information from being able to snoop on it.
 

TychoMonolyth

Boreal Curing
https doesn't only secure the user, it secures the site by stopping someone's ability to hijack your session.

DNSSEC adds security to the DNS, not the website per se (take this with a grain of salt).
 

anotherid

Member
https doesn't only secure the user, it secures the site by stopping someone's ability to hijack your session.
Off course, but it goes outside this server. It's about user - otherserver. If rule is set to this domain(secure connection user - icmag.com) I understant, but "dictate" how(safe, unsafe) I can acces data on internet? This is unperfect world, will be better...

DNSSEC adds security to the DNS, not the website per se (take this with a grain of salt).
Partly yes, but it's about attack to users. If I could after attack mimic some user and acces to restrikted parts of board(vBulletin) or do other soc. engeneering games, it's attack to website per se.
 
Last edited:

JKD

Well-known member
Veteran
ICMAG is still using TLS 1.0 which came out in 2006 and is no longer considered secure. The most recent protocol is TLS 1.3 which came out last year. This means using https here is not secure. When using ICMAG I get a "page uses weak encryption" warning, "other people can view your information or modify the sites behavior".

You can also use DNSCrypt in conjunction with DNSSEC. There is also DNS over https. But as Tycho says, this is not security for the page - just for your Domain Name System.
 
Last edited:

anotherid

Member
But as Tycho says, this is not security for the page - just for your Domain Name Search.
Phishing mimics page layout and steal password/login. De facto attack to page. It could be done cross DNS not using some king of security.

Understand, that this is complex problem.
 
Top