Shouldn't safe online be protecting me?

Jav says this is a MITM attack

Post # 21 - https://www.wilderssecurity.com/showthread.php?t=285325

Post # 28 - https://www.wilderssecurity.com/showthread.php?t=285325&page=2

Prevx is "supposed" to prevent MITM attacks, isn't it ? If so why doesn't and/or wouldn't it ?

TIA

 

As PrevxHelp already mentioned, there is not much Prevx can actually do.
It is as if asking them protection from all possible phishing sites...

The thing is, they could actually block all non encrypted (http) connections inside ssl page. (even though I am not sure if Prevx has capabilities of doing this inside single page.)

but, first of all it may cause conflicts with browser.
and secondly as it say in this MSDN article:

As you can see it explains why it is not the best idea for both browser developers and security companies to auto-block such content.

That's why, keeping in mind average users, browsers still rely on prompts.

Therefore, easy solution for prevx may be creating prompt\warn to the user that he is going to put his logins/passwords in not fully-secure page.
This way they will not mess with browser so directly, but still they will have to come with some kind of engine to analyse mixed content pages.

 

GREAT idea! I hope that it is feasible.

 

Doesn't work too well for me, I regret. Although Wilders in is my whitelist, (at least some) scripts won't run. The option to "Allow [ https://www.wilderssecurity.com ]" is greyed out. The option "Allow all this page" seems to make no difference. Clicking on a smiley to insert it does nothing. Do I need to tweak NoScript somewhere?

 

You could use ABE instead:

Code:

Site ^http://
Accept from .example.com
Deny from ^https://

More info: http://forums.informaction.com/viewtopic.php?f=10&t=5269#p22941

 

I'm using Chrome 8 Dev right now, it has pretty good blocking capabilities, cookies, images, scripts, plugins, however I don't see any option to block frames & iframes

 

Have a look at this app i discovered Calomel SSL Validation for FF

https://www.wilderssecurity.com/showthread.php?p=1775536#post1775536

 

Yes, you probably changed NoScript Options|Advanced|HTTPS|Forbid active web content unless it comes from a secure (HTTPS) connection to something different than "Never".
This means that scripts and embeddings are blocked on non-HTTPS web sites like this.
Just restore it to "Never" and you can allow anything you want.

 

Lets keep On-Topic as this is the Prevx support forum! You can continue in the other threads concerning other products! https://www.wilderssecurity.com/showthread.php?t=285325 and https://www.wilderssecurity.com/showthread.php?t=285416

TIA,

TH