[georgewashington16]

I recently reinstalled windows and reinstalled Firefox. I often get pop ups on Firefox saying the information you have entered is to be sent over an unencrypted connection and can easily be read by a third party. I have been wondering if this means I need to take some securtity measures or if it is normal for many sites to say this. I know it can be disabled in Tools/Options/Security/Settings. There is a list of Warning Messages you can either choose to have display or not. I was wondering what the default settings were and if I could receive help on this issue. Thanks.

[Advertisements]

In a nutshell, because it can get complicated, what this warning is saying is that the data that is passed to the website that you are viewing is in clear text or unencrypted.

So say I'm logging into a website such as geekstogo.com. If you notice, when you pull up GTG, it starts out with http:// this is telling the browser that everything that is passed to the server is clear all along the wire from my computer to the server on port 80.

A person who wants to see my username and password would have to place themselves in between me and the GTG server and use a program to view my traffic as it would show as "Username: Gravity Gripp Password: somerandompassword".

On the other hand, you have encrypted connections which uses SSL or secure socket layer. If you visit something like your bank's website, you will notice (hopefully) that their site uses https://. This tells the browser that everything that is going from your browser to your banks server is encrypted using certificates (SSL Certificates) that are located within your browser. All of this traffic is on port 443 typically.

So using the same scenario as above, say I was to login to GTG using https://geekstogo.com the traffic with my username and password would look like this to the person who's looking at my traffic. "DLXCOIJcasdcoijClkjadfoiajcsdkl;fja1oi" you get the idea.

The only thing that you can do to protect yourself on clear text connections is to be careful what you submit to websites that aren't using SSL.
I hope this explains it a bit.

[Gravity Gripp]

In a nutshell, because it can get complicated, what this warning is saying is that the data that is passed to the website that you are viewing is in clear text or unencrypted.

So say I'm logging into a website such as geekstogo.com. If you notice, when you pull up GTG, it starts out with http:// this is telling the browser that everything that is passed to the server is clear all along the wire from my computer to the server on port 80.

A person who wants to see my username and password would have to place themselves in between me and the GTG server and use a program to view my traffic as it would show as "Username: Gravity Gripp Password: somerandompassword".

On the other hand, you have encrypted connections which uses SSL or secure socket layer. If you visit something like your bank's website, you will notice (hopefully) that their site uses https://. This tells the browser that everything that is going from your browser to your banks server is encrypted using certificates (SSL Certificates) that are located within your browser. All of this traffic is on port 443 typically.

So using the same scenario as above, say I was to login to GTG using https://geekstogo.com the traffic with my username and password would look like this to the person who's looking at my traffic. "DLXCOIJcasdcoijClkjadfoiajcsdkl;fja1oi" you get the idea.

The only thing that you can do to protect yourself on clear text connections is to be careful what you submit to websites that aren't using SSL.
I hope this explains it a bit.

[georgewashington16]

Thanks, you explained it very well. So basically I have no control over weather I send encrypted or unencrypted information, it just depends on what site I am visiting. For instance, If I were to go to a secure site it wouldn't warn me about sending unencrypted information, correct?

[Gravity Gripp]

You've got it.