05-15-2017 11:43 AM - edited 01-05-2022 02:05 AM
I am getting the following prompt today after a recent browser upgrade. It looks like PM forum logon is not secured via https by default. Any plans to change this?
10-08-2017 08:49 AM
Everyone I know on PM gets the same message from time to time. We just ignore it. Is this something we should be worried about?
10-07-2017 08:50 PM
06-16-2017 08:03 PM
According to the admins, the issue has been fixed:
So far I have not been able to trigger the error as I previously have done.
05-16-2017 01:35 PM
@computergeek541 wrote:I see this type of security warning about the login page not being secured on a regular basis. At least when using Firefox, the Community tab will sometimes load without the "s" in the https part of the addresss. It's entirely random. The solution is just to manually type in the "s" for the https in the address bar and then click on the sign in link again.
Unfortunately, to this day, Internet Explorer just isn't an option any more for this website. Ever since the introduction of the Simon bot, the window for it pops up every time you load any message or click on any link. When you close it, it just repeatedly opens back up again and blocks much of the community pages so that you can't read anything properly.
Or you can install the extension "https Everywhere" like the one on Tor. It should force https connection on very much every site you visit when available.
05-16-2017 03:02 AM - edited 05-16-2017 03:03 AM
I see this type of security warning about the login page not being secured on a regular basis. At least when using Firefox, the Community tab will sometimes load without the "s" in the https part of the addresss. It's entirely random. The solution is just to manually type in the "s" for the https in the address bar and then click on the sign in link again.
Unfortunately, to this day, Internet Explorer just isn't an option any more for this website. Ever since the introduction of the Simon bot, the window for it pops up every time you load any message or click on any link. When you close it, it just repeatedly opens back up again and blocks much of the community pages so that you can't read anything properly.
05-15-2017 10:52 PM - edited 05-15-2017 10:58 PM
@texwood wrote:Try the following:
1) Go to www.publicmobile.ca
2) Click grey "Community" button
3) Click "Sign in" below the "Help" in the green area
Throughout 1-3 that connection is under https.
In contrast to the following:
A) Go to www.publicmobile.ca
B) Click grey "Community" button
C) Click on the first item on Feature Topic (at this moment it is "NEW: Talk and Text Promo Plan")
D) Click "Sign in" at the green area.
You will notice after C), the browser connection drops from https to http, which causes the login prompt in D) to communicate via unsecured http. That shows that some of the links in the forum point to http instead of https by default throughout.
The screenshot is from Opera which displays warnings more visibily. In Chrome it shows up at the address bar as "not secure".
I tried this and I got the following link with sign in popup. The name of the link says it all. To be honest, the public forum should be 100% https. These days, nothing should be http. Anyway, I reported this anomaly in the labs section. Hopefully this security flaw is fixed asap. Note to everyone, don't use the same credentials for the community forum as the My Account sign in.
http://productioncommunity.publicmobile.ca/t5/Discussions/Forum-login-not-secured/m-p/153777
05-15-2017 01:53 PM
Additional information:
I got a security warning few days ago when I try to access My Account.
The certificate issued by Avast it's not valid. Seems the there is some problem with the domain redirection that the certificate does not recognize.
When I tried to access Koodo self self (also issued by Avast for Telus), no warning.
05-15-2017 12:37 PM
05-15-2017 12:35 PM
This is the warning in Firefox.
05-15-2017 12:31 PM
@Samianauman wrote:
Did you tried on a different browser
And of doesn't work and resetting password option doesn't help either I would say get mod involved to see if they are able to provide some help to you
This has nothing to do with individual account or password reset but rather a website configuration issue.
Different browsers behaves differently. Edge does not have warnings. Chrome currently does not have such explicit warning but rather just on the status bar; however I expect that to change in upcoming revisions of Chrome. Opera and Firefox display such warnings "in your face".
05-15-2017 12:21 PM - edited 05-15-2017 12:22 PM
05-15-2017 12:17 PM
@CaNuCk07 wrote:im curious if the my account login has the same issue?
The account side seems fine. It's the forum side that for some links are not https by default .
05-15-2017 12:15 PM - edited 05-15-2017 12:19 PM
Try the following:
1) Go to www.publicmobile.ca
2) Click grey "Community" button
3) Click "Sign in" below the "Help" in the green area
Throughout 1-3 that connection is under https.
In contrast to the following:
A) Go to www.publicmobile.ca
B) Click grey "Community" button
C) Click on the first item on Feature Topic (at this moment it is "NEW: Talk and Text Promo Plan")
D) Click "Sign in" at the green area.
You will notice after C), the browser connection drops from https to http, which causes the login prompt in D) to communicate via unsecured http. That shows that some of the links in the forum point to http instead of https by default throughout.
The screenshot is from Opera which displays warnings more visibily. In Chrome it shows up at the address bar as "not secure".
05-15-2017 12:07 PM - edited 05-15-2017 12:10 PM
@CaNuCk07 wrote:im curious if the my account login has the same issue?
The self-serve account login does include the "https" so it should be secure.
05-15-2017 11:59 AM
i just logged out and then back in. Did not see the "login not secure" message
05-15-2017 11:57 AM
im curious if the my account login has the same issue?