Welcome to Netrider ... Connecting Riders!

Interested in talking motorbikes with a terrific community of riders?
Signup (it's quick and free) to join the discussions and access the full suite of tools and information that Netrider has to offer.

Announcement Netrider moves to https only for tls encryption and your security

Discussion in 'Site Announcements' started by Mouth, Jan 27, 2015.

  1. For the last 2 years or so, Netrider has been available via https for those concerned about their online security and wanting to ensure their details and logons to Netrider are safe.

    For the last 1 year or so, if you visited Netrider via https then the Netrider server sent a special security instruction to your browser so that your browser would only ever visit Netrider via https, regardless if your browser tried to visit via insecure http. This is known as HTTP Strict Transport Security and protects those that were using https with Netrider from downgrade attacks and cookie hijacking.

    For the last 6 months or so, the published URL for Netrider changed to https so that if you followed Netrider's own links to itself or from Google search results etc., you would arrive at Netrider using https.

    From today, Netrider is now moving to supporting https only. Any access requests via http will be automatically redirected by the Netrider server to https.

    Why? Because it's important, and it keeps both you and Netrider safe. It also stops others from snooping and watching your content (ie. your employer, if using work connectivity) or you are using Netrider from a public wi-fi connection and another user of that wi-fi is 'sniffing' your data to get your username and password (and then use it on other, more sensitive sites, if you're silly enough - like many internet users - to use the same username and password on multiple sites. Or *cough* internet banking!). There is a multitude of reasons why TLS should be standard for all internet traffic, regardless of it's sensitive (or not) nature for protection against hackers and malicious parties.

    You can check/confirm the A+ grade of security with Netrider's https (tls) implementation at https://www.ssllabs.com/ssltest/analyze.html?d=netrider.net.au
    • Like Like x 14
    • Winner Winner x 1
  2. You're using one of my works certs, nice Mouth :)
    • Like Like x 1
  3. Good call. Thanks for taking the step.
    • Like Like x 1
  4. Good to hear, Jason :). Would be nice to hear of more sites making the move.
    • Like Like x 1
    • Agree Agree x 1
  5. I'm really impressed. A site that's doing things to help its members rather than leech the life out of them. Kudos to you.
    • Like Like x 1
  6. You mentioned the internet.

    I've heard about that. But seriously, do you reckon it will ever catch on?
    • Funny Funny x 1
  7. REMINDER: If you don't maintain physical access to your computer (i.e. other people have access), or you're using a work computer, HTTPS is no guarantee that your data is protected from snooping. Many businesses use a man-in-the-middle system to terminate, capture and analyse your traffic on their corporate network and your browser will continue to display the padlock symbol. Some malware will install it's own MITM system on your computer.

    To check, look at the certificate (click on the padlock) issuer. Currently Netrider uses a certificate by RapidSSL. If the certificate issuer shown in your browser is not RapidSSL (subject to change as certs have a lifetime) then your traffic is not secure.

    E&OE, YMMV, this advice may contain traces of nuts.

    Here is an example of a normal connection (Left) and one from a corporate MITM system (Right):
    • Informative Informative x 2
  8. Wasn't expecting HSTS to be mentioned here in the next ten years. Good on you for protecting the masses with this splendid (and essential!) fortification.
    • Like Like x 1