Recently, many of you have been getting a message on our site saying “This connection not secure” when you’re attempting to login.
It looks like this:
For the time being (as of early October 2017), this only occurs with the Firefox browser, but that could change. Here’s an explanation of what this means.
Simple, Short Explanation of the “Connection Not Secure” Message
Firefox recently updated their browser to display a warning when a user logs into a regular website, http://.
Since our domain is http://virginiatech.sportswar.com, this warning is showing up for some users. We are currently scheduling a move to https:// (note the “s” on the end) in January of 2018.
Sportswar sites collect payment through a secure platform, https://secure.sportswar.com/ so your credit card information is safe.
More Detailed Writeup for Those Interested
Since the “Heartbleed” SSL attacks in 2014, there has been a big push online by Google for “SSL” everywhere.
SSL /HTTPS encrypts your username/password/credit card information so that it cannot be stolen online.
Technically, usernames/passwords entered on the homepage are sent to our server in plain text. Those usernames/passwords could be intercepted by someone with the right skillset (a hacker).
They would be able to access your site subscription ONLY. They would not have any access to your credit card information (we do not store that).
Nobody has been hacked in the history of our site *knock on wood*.
We secure your credit card information behind https://secure.sportswar.com, which is why you are sent to a different part of the site when you are managing your subscription information. That section of the site is secured behind https.
We have a lot of legacy code that needs to be tested to be compliant and work with https, so we cantt just flip a switch to change it over. We need to test the message boards, the articles etc.
Many of the sites you are used to visiting will be making the switch within the next two years. The way we have been doing everything is secure, this new method is MORE secure.
Again, we are scheduling a move to https:// in January of 2018.
