forums.wsusoffline.net

Hi everyone!

I just want to quickly notify everyone here that this website really needs to be upgraded to https. The old http protocol is really insecure, not only are users at risk
but the website itself is also vulnerable.

Upgrading to https doesn't cost anything nowadays and there's also no performance loss. All major browser developers are encouraging website admins to upgrade to
https with the most notable one being Chrome, they have a red warning on the URL bar to indicate that the website is insecure. I also think (I'm not 100% sure) that
Google even de-ranks pages if they're not on HTTPS.

There's a free HTTPS certificate called "Let's encrypt" which I think this website would find useful. Many open-source (free software) projects have secured their websites
with the free Let's encrypt HTTPS certificate.

There's no reason at all to stick with HTTP, please upgade to https as soon as possible!

Here's a link to get started with HTTPS on this webiste: https://www.eff.org/https-everywhere/deploying-https

Thanks for reading/listening.

JFYI: You can already use this website with HTTPS if you change the URL accordingly.

Regards
Dalai

The WOU admin should really enable HSTS for these sites, at least for the forum, to ensure connections are always encrypted.

Dalai wrote:JFYI: You can already use this website with HTTPS if you change the URL accordingly.

Regards
Dalai

You can? That's good!

But it needs to be default to be secure for everyone. There's lots of private information going about in forums, things like accout logins, private messages and so on.
Everything's readable without encryption.

boco wrote:The WOU admin should really enable HSTS for these sites, at least for the forum, to ensure connections are always encrypted.

I should ask my provider for a solution.
There already is an SSL certificate for SVN access to the sources...