It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
General discussion (archive)Gog.com Https issues?(36 posts)(36 posts)
(36 posts)
Pages:
1
2
3
This is my favourite topic
Posted September 13, 2012
avatar
hedwards: I used to like Fx, but at this point, there's really no point in denying that it isn't what it used to be. I mainly stuck with it because it was the least sucky of the browsers, but at the rate they're going, I gave up and switched to Palemoon.
Gave palemoon a look. It should be able to handle most save for the accessibility option of finding links. But I use that quite often. I'm not denying it's ageing and has tons of issues. When someone ask me what browser they ought to use I tell them to go with Chrome or Opera or stick with IE. I haven't recommended firefox to anyone for years.

As for the searching in address, yes it does actually seem to work in IE. Last time I tried to get that working, it did not work, neither did Opera, hence my confusion no one else did this.
Posted September 13, 2012
avatar
wpegg: Anyway even if step one is achieved (listening to traffic), there's still the issue that they'd have to identify GOG traffic, extract the key from the request, and then form their own requests in order to achieve their own nefarious purposes, which I assume is to download a game already available on the pirate sites, or to post something nasty on the forums.

All in all, there are bigger targets for the nasty people right now. If GOG went into some kind of prepaid system, or GOGWallet, storing payment info etc. It would be something I'd then raise with them. As it stands the impact is low, and the threat probability is very minimal.
A bigger issue, regarding GOG, would be if the listener managed to identify your credit card info among all the other noise. Then again, a piece of malware could listen for that even if you're on HTTPS, due to it being local to the machine and independent from the protocol.
Posted September 13, 2012
avatar
hedwards: I used to like Fx, but at this point, there's really no point in denying that it isn't what it used to be. I mainly stuck with it because it was the least sucky of the browsers, but at the rate they're going, I gave up and switched to Palemoon.
avatar
DrakeFox: Gave palemoon a look. It should be able to handle most save for the accessibility option of finding links. But I use that quite often. I'm not denying it's ageing and has tons of issues. When someone ask me what browser they ought to use I tell them to go with Chrome or Opera or stick with IE. I haven't recommended firefox to anyone for years.

As for the searching in address, yes it does actually seem to work in IE. Last time I tried to get that working, it did not work, neither did Opera, hence my confusion no one else did this.
The frustration is that the Fx developers are Chrome fanbois that seem to have no clue why anybody was sticking with Fx. If I wanted Chrome, I would just install Chrome, I had Fx installed, because it was the better browser.

I don't have any of the trouble I had with Fx with Palemoon because the developer cares about stability. What we've got with Fx is a product which should be stable where the developers are going out of their way to include things which don't work well. And then failing to properly QA them.

Considering that Palemoon is just basically one guy addressing performance issues that can't be addressed in Fx, I don't know why getting these things fixed is so hard. I'm guessing that it's that damned we need to close the version number gap game that Fx seems to be obsessed with lately.
Posted September 13, 2012
avatar
Miaghstir: A bigger issue, regarding GOG, would be if the listener managed to identify your credit card info among all the other noise. Then again, a piece of malware could listen for that even if you're on HTTPS, due to it being local to the machine and independent from the protocol.
Yes, but as you say, this has nothing to do with sidejacking, or any failing on GOG's part. It is purely that their machine is compromised.
Posted September 13, 2012
avatar
Miaghstir: A bigger issue, regarding GOG, would be if the listener managed to identify your credit card info among all the other noise. Then again, a piece of malware could listen for that even if you're on HTTPS, due to it being local to the machine and independent from the protocol.
avatar
wpegg: Yes, but as you say, this has nothing to do with sidejacking, or any failing on GOG's part. It is purely that their machine is compromised.
True, and the checkout page is served via HTTPS anyway, even if the rest of the site doesn't honor my choice to browse securely without extra coaxing (HTTPS Everywhere with the mentioned ruleset), so that hole is fairly well plugged.
Posted September 13, 2012
avatar
wpegg: Yes, but as you say, this has nothing to do with sidejacking, or any failing on GOG's part. It is purely that their machine is compromised.
avatar
Miaghstir: True, and the checkout page is served via HTTPS anyway, even if the rest of the site doesn't honor my choice to browse securely without extra coaxing (HTTPS Everywhere with the mentioned ruleset), so that hole is fairly well plugged.
Sort of, sites shouldn't be mixing secure and insecure pages, it just makes it too hard for the person browsing to know if they've managed to stumble into an insecure page before entering private information.

It also leaves things open to a MITM attack via clickjacking and intercepting the clicks via the browser before submitting them to the SSL secured page.

I know there's an update to HTTPS that's being worked on to deal with the performance penalty from using encryption, but users should be able to independently verify when they're using SSL without having to resort to 3rd party tools.
Pages:
1
2
3
This is my favourite topic
Community
General discussion (archive)Gog.com Https issues?(36 posts)(36 posts)
(36 posts)