Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unsafe scripts


  • Please log in to reply
11 replies to this topic

#1 Shade999

Shade999

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 21 June 2016 - 07:53 AM

Hi a forum i use always gives me the error,

 

This page is trying to load scripts from unauthenticated sources ( Chrome)

 

Blocked content ( IE)

 

The forum owners have stated this is nothing to worry about because they use a mixture of http and https. Is this normal? When I accept unsafe scripts a red line goes through the padlock in the address bar.

 

Secondly the forum suffers from regular downtime with SQL errors, this has been going on for at least a year.

 

My questions are if the forum safe to use from an independent viewpoint?

 

The forum has had many problems over the years, so was bit concerned abut the current issues and how the owners seem to be sweeping the issues on the carpet.



BC AdBot (Login to Remove)

 


#2 TheJokerz

TheJokerz

  • Members
  • 287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:11:08 AM

Posted 21 June 2016 - 07:57 AM

Personally I would not use this site.  To me that sounds a bit fishy, if they are unstable there is a good chance they have been compromised.  If you really wanted to get information that site, it would be a good idea to use a live linux distro to do so.  That is my two cents


pa9d6f-4.png


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,927 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:08 AM

Posted 21 June 2016 - 07:58 AM

Chrome has a support article...Fix the error "This page is trying to load scripts from unauthenticated sources"
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Shade999

Shade999
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 21 June 2016 - 08:03 AM

Thanks guys the forum is policespecials.com/forum

 

Can anyone of you replicate the issue?

 

Do websites have both http and https? Is it normal to have both?

 

Are the SQL errors to do with the website database, so not to worry?



#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:08 AM

Posted 21 June 2016 - 08:38 AM

I can replicate the issue in Google Chrome. The issue is on their side (the website), because they are loading HTTP content and Google Chrome doesn't like that.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 Shade999

Shade999
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 21 June 2016 - 08:56 AM

I can replicate the issue in Google Chrome. The issue is on their side (the website), because they are loading HTTP content and Google Chrome doesn't like that.

 

Thanks do you think it is a security issue? Is it linked to the SQL errors the forum seems to get regularly?



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:08 AM

Posted 21 June 2016 - 09:10 AM

Any use of HTTP is a security issue, yes, as the traffic can be sniffed. Hence why every major companies tries to push the use of HTTPS. And I don't know enough about web dev to say that, but every forums is bound to run into SQL errors from times to times. It's the case on every forums I visit.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,927 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:08 AM

Posted 21 June 2016 - 03:07 PM

We even get SQL errors here from time to time.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Shade999

Shade999
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 21 June 2016 - 04:34 PM

We even get SQL errors here from time to time.

 

I am not talking time to time, this forum gets SQL errors every day and has been for the last year at least.

 

Its down now  but not SQl error granted.

 

In the past it has been hacked by anonymous, had numerous other failings.



#10 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:11:08 AM

Posted 21 June 2016 - 04:39 PM

There are very few scenarios in which SQL errors would indicate a compromise. It's almost certainly just a bug.

Mixed content is, as stated above, also just a misconfiguration. On forums it can be normal because people can post images that are served over HTTP, which Chrome and IE should block on an HTTPS site. It is not a sign of an attack.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#11 Shade999

Shade999
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 21 June 2016 - 04:46 PM

Shame there is no like button on this forum

 

Anyway i was a bit worried about these things because of stuff like this, granted its from 2012 http://www.techweekeurope.co.uk/workspace/anonymous-sends-emails-to-police-operation-jubilee-97341 but it shows my worry about the forums current issues, thus seeking independent advice.



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:08 AM

Posted 23 June 2016 - 09:52 AM

You wouldn't see traces of a "hack" if the forum was indeed hacked, since it mostly happens in the background (hackers usually dump the DB and leave the website/forum be after).

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users