Author

Topic: BTC Guild Security Warning! (Read 1955 times)

newbie
Activity: 14
Merit: 0
June 28, 2011, 12:36:07 PM
#6
I posted to the thread (where did it go btw?) asking if he could deliver ads via ssl and never got a response. Started donating to remove ads and there is still a warning from Chrome that there are still some items not being delivered over ssl. Would be nice to just have everything run over ssl.

AdSense doesn't support SSL (yet, anyway). Source.
hero member
Activity: 504
Merit: 502
June 28, 2011, 12:35:27 PM
#5
wtf who deleted the btcguild thread?
full member
Activity: 216
Merit: 100
June 28, 2011, 12:34:23 PM
#4
Try QuietUrl, add
^http://www\.btcguild\.com/(.*) https://www.btcguild.com/$1
and make sure enabled is checked.
full member
Activity: 196
Merit: 100
June 28, 2011, 12:30:36 PM
#3
I posted to the thread (where did it go btw?) asking if he could deliver ads via ssl and never got a response. Started donating to remove ads and there is still a warning from Chrome that there are still some items not being delivered over ssl. Would be nice to just have everything run over ssl.
full member
Activity: 216
Merit: 100
June 28, 2011, 12:26:32 PM
#2
Good work getting the BTCGuild thread deleted. Tongue
newbie
Activity: 10
Merit: 0
June 28, 2011, 11:28:00 AM
#1
Recently BTC guild replaced all the secure https links on the menu with http links.
Also the site now has google ads which load javascript from insecure http.

This allows man in the middle attacks on your accounts.
An attacker can hijack the insecure request to google and inject javascript into btc guild pages to steal cookies/money, even if your on a https page.
If you click any of the links in the menu, your login cookies are sent over plain text http.
I sent an email to them about this and got no response.

If you use Tor to access btc guild, you are especially vulnerable to this.
Jump to: