Not sure if it's new, or just haven't noticed it. But for the game and forum sites I get chrome saying the site isn't secure?
Anyone know what is up with that? Ubisoft get it's secure server ransomwared and this is the backup or something?
Not sure if it's new, or just haven't noticed it. But for the game and forum sites I get chrome saying the site isn't secure?
Anyone know what is up with that? Ubisoft get it's secure server ransomwared and this is the backup or something?
update adobe flash and chrome and then try again
Chrome is updated.Originally Posted by AHughB
The Weather Network apparently has better security, it's secure with Chrome.
Edit: after some digging.
As announced in September, Chrome will soon mark non-secure pages containing password and credit card input fields as Not Secure in the URL bar.
Warnings will be enabled by default for everyone in Chrome 56, slated for release in January 2017.
Resolve warnings
To ensure that the Not Secure warning is not displayed for your pages, you must ensure that all forms containing <input type=password> elements and any inputs detected as credit card fields are present only on secure origins. This means that the top-level page must be HTTPS and, if the input is in an iframe, that iframe must also be served over HTTPS.
etc.
Wow, only been six months. Not my field (coded but not this type), but reads as they haven't secured their password entry. Meh, that's never been important.
Posting again here as seems more moderated than the tech support (?!).
But with Chrome I get a site not secure indicator in Chrome for Settlers and the Forums. Looked it up and found this. So might have been around since Jan.
--
As announced in September, Chrome will soon mark non-secure pages containing password and credit card input fields as Not Secure in the URL bar.
Warnings will be enabled by default for everyone in Chrome 56, slated for release in January 2017.
Resolve warnings
To ensure that the Not Secure warning is not displayed for your pages, you must ensure that all forms containing <input type=password> elements and any inputs detected as credit card fields are present only on secure origins. This means that the top-level page must be HTTPS and, if the input is in an iframe, that iframe must also be served over HTTPS.
https://developers.google.com/web/up...ot-secure-warn
----------------
So been 6 months... and they had warnings?!... And I do remember those 'we had our user list hacked...' news items that pop out every now and then so. And games devs why folks shy away from in game real money transactions...
BB is working on this, actually. The test server has been utilizing the https protocol since early June. (https://www.tsotesting.com/). It would seem that the resolution to this problem with the various browsers will be fixed.
“Many that live deserve death. And some die that deserve life. Can you give it to them? Then be not too eager to deal out death in the name of justice, fearing for your own safety. Even the wise cannot see all ends.”
J. R. R. Tolkien
Well thanks for the info. But still WOW. With the warning before, and now it's six months after, and from what google says a small looking change.... wow.
The Weather Network has got their stuff together. And that doesn't even take real money heh.
Like it is for password stuff and potential real money.
Anyway thanks again for some update.
This game is already secure, no matter what Google says, but from a psychological standpoint, it is smart to make those warnings go away.
Really, and how would you know? Like seriously, I'll take Googles notice over some random forum guy. From my understanding it means the password transmission is not encrypted. Fine if no one in intercepting, and it's not like it's open to the world, but this is security 101.
Also like the cockroach theory, if you see one.... If this obvious and basic thing has been let to slide for six months+, what other stuff is also.
I expect more from a company with 1 billion in yearly earnings and 12% rise in profits (maybe from security cuts lol).
The data passes through Uplay, not whatever domain acts as the game's hub for your region. You can view this in the page source if you don't want to take their word for it. You are not registered for TSO. You are registered for Ubisoft's portal. Chrome sees no https and does not dig deeper than that, a reasonable guess, not a thorough analysis. The game didn't suddenly become insecure because a web browser made a change. Anything that's not secure now probably never was.
Things like password encryption is for the communication between your device and the host. It's not a weakness directly on the host. Why they state the risk is if the information gets intercepted.
So in this case if you're at a cafe and want to fire up some settlers on your laptop, if there's someone spoofing the cafe's pub wifi with a mobile one and you login through that. afaik they have your password as it's not encrypted as you transmit it to ubi. Which is why you should never do anything important on pub wifi regardless.
But you're right, if this setup isn't secure now, it probably never was. But that certainly doesn't mean 'This game is already secure' as you stated before. It just means it's no worse than it was, very different (and sad). So my point still stands, for a AAA company that has real money online accounts from users, basic security. If The Weather Network has password encryption for something free, probably a good idea for something with credit card information.
Edit: and seriously, Mod spends time to combine a thread, but no comment even just to back up Raub's 'they are working on it'?
I feel for BlueByte. Uplay (Ubesoft HQ) is secure (updated), but not BlueByte settlers. Like the EA buyouts and consumption of smaller devs. Buy for the licences and content, strip the resources (staff) down to the bones.
Posting Permissions
Reply With Quote