Dec. 30th, 2016

morgandawn: (Default)
Source: http://swan-tower.dreamwidth.org/785861.html

Your readers should know about another catch:

LJ no longer allows access to its https site when browsing/posting, which means that any information you send to that site is readable by every other site that cares to eavesdrop. This means that anything you post under friendslock is still being read by any site that chooses to spy on Livejournal communications; you can safely assume that at least one Russian-government entity is.

I just double-checked, and the payment page *is* protected by https,, com so that at least should be secure.

Read more about HTTPS vs HTTP browsing

NO MATTER WHAT YOU DECIDE TO DO: Install The EFF's HTTPS Everywhere extension for Chrome/Firefox (also Android).


From their FAQ:

When does HTTPS Everywhere protect me? When does it not protect me?

HTTPS Everywhere protects you only when you are using encrypted portions of supported web sites. On a supported site, it will automatically activate HTTPS encryption for all known supported parts of the site (for some sites, this might be only a portion of the entire site). For example, if your web mail provider does not support HTTPS at all, HTTPS Everywhere can't make your access to your web mail secure. Similarly, if a site allows HTTPS for text but not images, someone might be able to see which images your browser loads and guess what you're accessing.

HTTPS Everywhere depends entirely on the security features of the individual web sites that you use; it activates those security features, but it can't create them if they don't already exist. If you use a site not supported by HTTPS Everywhere or a site that provides some information in an insecure way, HTTPS Everywhere can't provide additional protection for your use of that site. Please remember to check that a particular site's security is working to the level you expect before sending or receiving confidential information, including passwords.

One way to determine what level of protection you're getting when using a particular site is to use a packet-sniffing tool like Wireshark to record your own communications with the site. The resulting view of your communications is about the same as what an eavesdropper on your wifi network or at your ISP would see. This way, you can determine whether some or all of your communications would be protected; however, it may be quite time-consuming to make sense of the Wireshark output with enough care to get a definitive answer.

You can also turn on the "Block all HTTP requests" feature for added protection. Instead of loading insecure pages or images, HTTPS Everywhere will block them outright.

edited: Also, if you do backup your Livejournal blog or community to Dreamwidth, please consider buying a paid account.
morgandawn: (Default)
 Crosspost of Livejournal Webpages Are No Longer Secure to morgandawn@LiveJournal failed. 

Failed to crosspost entry to morgandawn@LiveJournal: Client error: Sorry, there is a problem with content of your entry: spam patterns were detected. Please contact Abuse Prevention team if you consider this is a mistake.: http:// is banned for spam. Exclude it to post entry -- 
Dreamwidth Team 
Dreamwidth Studios "

will try a manual post

edited: looks like DW-LJ cross-posting is failing.


edited:  cross-posting is back, just not for any post that contains this text.
morgandawn: (Default)
 My attempt at a manual post to LJ failed

Error

Client error: Sorry, there is a problem with content of your entry: spam patterns were detected. Please contact Abuse Prevention team if you consider this is a mistake.: http:// is banned for spam. Exclude it to post entry


edited:  posting is back, just not for any post that contains this text.

Profile

morgandawn: (Default)
morgandawn

September 2017

S M T W T F S
      1 2
3 4 56 7 89
101112131415 16
17 18 19 20212223
24252627282930

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags