Is MN website insecure again? Anyone else got this?

[MsJamieFraser]

I'm using MN on my Chromebook, its telling me the site is insecure, as does my iphone when I am using it, I have a logo which is a circle with the letter i inside.

I've goggled the icon, and it states that I am on a insecure site and could be hacked, I've ran my computer protection and I am fine, I have cleared cache.

Its only on MN that I have this logo, everything else I use is secured with the HTTPS green lock.

After the hacking scandal, I'm wondering if MN has applied for their security certificate to make to run the website securely? because I have tried everything else and that's what google is saying that MN is not secure?

Same here, it's showing as insecure and warns against entering credit card details - highly unlikely that any of us are going to post those on a thread i'd have thought.

MNHQ can we get an update please?

(I'll report this so they see it!)

The login page is served using http (i.e. insecure) but when you click on the login button it sends your username and password securely. So they aren't exposing your username and password on the internet.

mines also very slow and not secure. im also getting multiple tabs opening on their own, always the 2 same pages, a go games and screen something (ill repost with the proper names when it does it again)
anyone else getting these pages?
im on pc, running windows 10 and using google chrome

MN are either working behind the scene or are waiting until 9am till IT arrive.

many have reported and I understand I noticed it late last night, however if many people have reported and commenting that the site and profile is not secure, a few lines to say what is happing wouldn't go amiss?

We have been assured we are HTPPS secure and we aren't.

Prh4 no mine isn't showing that at all, my log in details are not secure at all.

Hmm I used to get loads of those site not secure warnings, haven't had one for quite a long time now, but got one the other day.

I'm not getting a padlock symbol on here when logged in either btw.

Crome on my laptop - I hasn't been 'secure' for at least 3 months though it's not a recent thong

After the last episode and the hassle of setting up a new email address to use solely for MN, new passwords, I'm deregistering if something similar happens. Why the hell isnt the whole site secure? Feels like we're being fobbed off with platitudes. This is a high profile busy site, why aren't users being protected

Thing ffs! 😃

On iPad and it is all but unusable..
Other sites work ok.

Takes ages to load a page. freezes all the time,

It's more than likely that one of the adverts is being hosted on a shitty server. Chrome, Firefox, etc will pick up on that.

Hopefully, tech will let us know soon, though.

Feels like we're being fobbed off with platitudes. This is a high profile busy site, why aren't users being protected

I agree and the conversation I had with the technical "expert" during the last debacle didn't inspire a lot of confidence either.

Prh4 no mine isn't showing that at all

The implementation means your browser won't show it. If you look at the HTML source code for the login form it starts ''. The "action" means the details on the form will be submitted using https. However, as the page containing the form is served insecurely using http, your browser doesn't notice that the form itself is secure so warns that the site is insecure.

Regardless of this, I am of the view that this is grossly inadequate. Mumsnet have previously argued that your posts are public once you have logged on but that isn't really the point. Because traffic is insecure, an attacker could:

• see which pages you are visiting on the site
• match your IP address (which can be used to work out where you are) to your username
• use various attack vectors to install malware on your device
• get the cookies Mumsnet is serving to your browser which may allow them to impersonate you on Mumsnet
• and much more

The whole site should be running under https. Anyone coming in on http should be redirected to https. The site should also be using HSTS to inform browsers that they should only use https to talk to the site. It is not difficult to implement this. Wikipedia do it. I do it for the websites I run. Mumsnet should do it too. Yes, it would put a bit of additional load on their servers but, in my view, that is no excuse for taking a cavalier approach to user's security.

Regarding speed, having taken a look I think the site itself is not particularly fast but the problem seems to be the adverts. I can see at least three advert servers taking over 0.75s each to respond.

Worrying - should I delete the app from my phone do you think?

I'm here via Facebook on an iPad Pro, yesterday on an innocuous thread about pillows I got a masturbating woman appear

Worrying - should I delete the app from my phone do you think

I wouldn't necessarily advocate that. Many websites are insecure - the BBC, for example. Unfortunately, if you want to stick to secure sites, you cut yourself off from a sizeable chunk of the internet. However, that is no excuse. All sites should be using https. Quite apart from the privacy/security issues, Google boosts the ranking of sites using https in search results. Mumsnet has users in vulnerable situations. It really should take their privacy more seriously.

Morning all.

Just to let you know that we've spoken to our tech team about your concerns this morning. They've asked us to reassure you all that the Mumsnet login page is secure and when you submit your login details, it's https. That means that none of your details are compromised.

We've also posted on the Site Stuff thread discussing this issue. Here's the link.

www.mumsnet.com/Talk/site_stuff/a2820318-Why-is-MN-so-slow?msgid=66307142#66307142

I'm on a pc, Windows 10, Google Chrome. No ads because I have Adblock Plus, can't stand adverts.

Also not secure.

They've asked us to reassure you all that the Mumsnet login page is secure and when you submit your login details, it's https. That means that none of your details are compromised

It wasn't when I tried on the laptop. Honestly, genuinely, 100% - IT WAS NOT SECURE. Not https, and warnings from the computer.

I came off and went on on the iPhone.

We're not all imagining it!

It's secure now but it wasnt the other day.

They've asked us to reassure you

How lovely. We aren't.

Honestly, genuinely, 100% - IT WAS NOT SECURE

On this point Mumsnet is correct. The form is served up using http so your browser may warn that it is not secure. However, when you click on the login button the data is sent securely. Your login details ARE submitted via https so your details are not compromised. If you want to check this, right click on the page and select "View source" or similar. You will find that the source code contains the string starting

Not intended to blame you at all @LouMumsnet, but we were continuously told there were no problems with security at the beginning of the whole Jeffery malarkey, it's not exactly reassuring...