Andrew99 (Jaggguy) Learns About HTTP

[andrew99]

WARNING:
PLease stay away from Rusian Ministry of Defence website as its hacked and no longer has secure sockets.
It has a http and not https which means its not secure.
The security layer has been removed which is a must avoid website.

http://government.ru/en/department/94/events/

[Manny]

WARNING:
PLease stay away from Rusian Ministry of Defence website as its hacked and no longer has secure sockets.
It has a http and not https which means its not secure.
The security layer has been removed which is a must avoid website.

http://government.ru/en/department/94/events/

This topic this was split from where it was, as that topic was to discuss fake news, not spread it. You're not inputting your credit card details there. Have that concern if you were. You're (well, people) are simply reading there. That presents no risk. Try it, your computer won't blow up.

[Markje]

WARNING:
PLease stay away from Rusian Ministry of Defence website as its hacked and no longer has secure sockets.
It has a http and not https which means its not secure.
The security layer has been removed which is a must avoid website.

http://government.ru/en/department/94/events/

Please turn off your computer and cancel your internet subscription. You are unfit to use either.

http:// in itself is not unsafer than https:// it only means that someone can see your queries and responses in-transit.

As long as you don't send passwords or other private data, nothing can affect you.

So If I were to visit this website, the enttities that can snoop my traffic are:
- Myself (normal)
- My internet provider (I trust them)
- The Amsterdam Internet Exchange (see above)
- The AMX/RUX internet hub (ok, so the FSB can watch now?)
- the Russian government (Federal Guard Service of the Russian Federation)
- 2 site engineers (Andrey V. Sosov , Denis V. Davydov)

So in other words, I have nothing to fear because there are no bad actors in between.

If I use https , the entities that can snoop me :
- Myself (normal)

- the Russian government (Federal Guard Service of the Russian Federation)
- 2 site engineers (Andrey V. Sosov , Denis V. Davydov)

See the difference? And whom do you have to fear most to snoop your data you think

[andrew99]

Military site correct?

Or Granny's cottage, depending what you read.

This is the dailymail which isnt exactly the official news outlet of Russia like Ministry of Defense is it?

You're scared of the non https on some Russian government sites.

Sorry I am not clear .
What right did they have in your opinion to invade this country Manny? 
Give me 1 reason why Russia was justified entering Ukraine out of your many complex ideas.

If you can't understand what was written, I can't help you further.

You dont trust http sites as it lacks security and is open to being hacked, having trackers and thats why we have secure sockets. Having sensitive information on a http site is  an oxy moron!

I asked for just 1 reason to justify this invasion, please explain if its so obvious to you . Excuse my ignorance . Was it to denazify the country? the place is full of nazi's? is that your thinking?

[Markje]

Btw:

Digging through the data of internet, I find that the RU-gov't is much more open to feedback than its western counterparts.

The Russian info on ip-addresses is

Engineer:
Street:
City:
Office:
Function:
Telephone:
Email:

The NL info on the ip-addresses is:
Redacted, please submit a request for this information to https:// ........

[andrew99]

WARNING:
PLease stay away from Rusian Ministry of Defence website as its hacked and no longer has secure sockets.
It has a http and not https which means its not secure.
The security layer has been removed which is a must avoid website.

http://government.ru/en/department/94/events/

This topic is to discuss fake news, not spread it. You’re not inputting your credit card details there. Have that concern if you were. You’re (well, people) are simply reading there. That presents no risk. Try it, your computer won’t blow up.

http is defintely not safe and can be hacked. Dont trust news coming from such sites. Has nothing to do with credit card details

[Markje]

You dont trust http sites as it lacks security and is open to being hacked, having trackers and thats why we have secure sockets.

as long as you only use HTTP/GET you have nothing to fear , only when you use HTTP/POST should you be wary.
(see my other response)

Having sensitive information on a http site is  an oxy moron!

To the owner of the website you dolt  not to the end-user.

[Markje]

WARNING:
PLease stay away from Rusian Ministry of Defence website as its hacked and no longer has secure sockets.
It has a http and not https which means its not secure.
The security layer has been removed which is a must avoid website.

http://government.ru/en/department/94/events/

This topic is to discuss fake news, not spread it. You’re not inputting your credit card details there. Have that concern if you were. You’re (well, people) are simply reading there. That presents no risk. Try it, your computer won’t blow up.

http is defintely not safe and can be hacked. Dont trust news coming from such sites. Has nothing to do with credit card details

False: https://developer.mozilla.org/en-US/docs/Glossary/Safe/HTTP

[andrew99]

You dont trust http sites as it lacks security and is open to being hacked, having trackers and thats why we have secure sockets.

as long as you only use HTTP/GET you have nothing to fear , only when you use HTTP/POST should you be wary.
(see my other response)

Having sensitive information on a http site is  an oxy moron!

To the owner of the website you dolt  not to the end-user.

GET requests can be manipulated, eg never heard of sql injections?

Let me repeat for the last time as I ran a website/database and was hacked and thats why we moved to https years ago. Most websites these days that are updated do so through websites which have admin panel to update. You dont trust any website that leaves the backdoor open so data can be manipulated, admin panels can be breached etc. Its 2022 not 2002!

[andrew99]

who in their right mind would think it suitable in 2022 to have website that is being updated constantly using http with sensitive information. That is instant dismissal in any credible organization

[Markje]

who in their right mind would think it suitable in 2022 to have website that is being updated constantly using http with sensitive information. That is instant dismissal in any credible organization

Man, its like I am a cat toying with its food..... not funny.

A news site can run http:// just fine, in fact all sites that just spread information can do that without any hacking going on.

[Markje]

GET requests can be manipulated, eg never heard of sql injections?

Except sql injections are done with 'post' requests and not 'get'.

https://www.w3schools.com/html/html_forms.asp (explanation how to use web-forms and get/put)
https://www.malwarebytes.com/sql-injection (how sql-injection attacks work)

Let me repeat for the last time as I ran a website/database and was hacked and thats why we moved to https years ago. Most websites these days that are updated do so through websites which have admin panel to update. You dont trust any website that leaves the backdoor open so data can be manipulated, admin panels can be breached etc. Its 2022 not 2002!

I think you didn't ran a website/database, i think you purchased web-hosting with a provider that had no clue what it was doing.

I am the owner of a cloud hoster like amazon/microsoft azure , just smaller and with a very specific market-niche userbase.
I do make tons of money as I have no engineers working for me, i am the only engineer.

[rosco]

I do make tons of money as I have no engineers working for me, i am the only engineer.

I hope that's paper tons and not coins Mark 

[Orchid]

Thanks Mark.
You have clearly demonstrated how trolls make money on war and hate.

[Markje]

Thanks Mark.
You have clearly demonstrated how trolls make money on war and hate.

I dont understand that one