Security Warning


W

Weasel

I have installed all the Windows 7 security updates and now every time I go
to a financial website I get the following message every time I hit the
enter key.

'Security Warning
do you want to view only the webpage content that was delivered securely
yes or no"

Like I enter userid and press enter and get the message, then I enter the
password and press enter and get the message. Getting damn tired of it.

Does anybody have this problem and how to get rid if the message? Maybe I
need to uninstall all the updates for the past couple of months and then
reinstall them one at a time?
 
Ad

Advertisements

S

Seth

Weasel said:
I have installed all the Windows 7 security updates and now every time I
go to a financial website I get the following message every time I hit the
enter key.

'Security Warning
do you want to view only the webpage content that was delivered securely
yes or no"

Like I enter userid and press enter and get the message, then I enter the
password and press enter and get the message. Getting damn tired of it.

Does anybody have this problem and how to get rid if the message? Maybe I
need to uninstall all the updates for the past couple of months and then
reinstall them one at a time?
Is there more to the message than that? Usually in the form of you click
near the bottom of the message and some more text opens up? Maybe an issue
with the security certificate or the like? With that info you can probably
get better assistance on the root cause.
 
D

Dave-UK

Weasel said:
I have installed all the Windows 7 security updates and now every time I go
to a financial website I get the following message every time I hit the
enter key.

'Security Warning
do you want to view only the webpage content that was delivered securely
yes or no"

Like I enter userid and press enter and get the message, then I enter the
password and press enter and get the message. Getting damn tired of it.

Does anybody have this problem and how to get rid if the message? Maybe I
need to uninstall all the updates for the past couple of months and then
reinstall them one at a time?
It's a message from Internet Explorer.
I cribbed this from the Microsoft Answers forum:

1. Go to Tools -> Internet Options -> Security
2. Select the "Security" tab -> Click the "Custom Level" button
3. In the "Miscellaneous" section change "Display mixed content" to Enable.
 
S

Stan Brown

I have installed all the Windows 7 security updates and now every time I go
to a financial website I get the following message every time I hit the
enter key.

'Security Warning
do you want to view only the webpage content that was delivered securely
yes or no"

Stupid Internet Explorer! I get that every time I log into Webex.
You'd think IE would give you a way to disable that warning, at least
when you when you revisit the same page, but if so I've been unable
to find it.
 
S

Stan Brown

Weasel said:
[quoted text muted]
Does anybody have this problem and how to get rid if the message? Maybe I
need to uninstall all the updates for the past couple of months and then
reinstall them one at a time?
It's a message from Internet Explorer.
I cribbed this from the Microsoft Answers forum:

1. Go to Tools -> Internet Options -> Security
2. Select the "Security" tab -> Click the "Custom Level" button
3. In the "Miscellaneous" section change "Display mixed content" to Enable.
Thanks, Dave! I just finished chiming in with a "me too" to the OP,
because I get that when logging into Webex. Now I can get rid of it.

You'd think there would be a "don't show this message again" check
box right on the message, but nooooooo.
 
Ad

Advertisements

D

Dave-UK

Stan Brown said:
Weasel said:
[quoted text muted]
Does anybody have this problem and how to get rid if the message? Maybe I
need to uninstall all the updates for the past couple of months and then
reinstall them one at a time?
It's a message from Internet Explorer.
I cribbed this from the Microsoft Answers forum:

1. Go to Tools -> Internet Options -> Security
2. Select the "Security" tab -> Click the "Custom Level" button
3. In the "Miscellaneous" section change "Display mixed content" to Enable.
Thanks, Dave! I just finished chiming in with a "me too" to the OP,
because I get that when logging into Webex. Now I can get rid of it.

You'd think there would be a "don't show this message again" check
box right on the message, but nooooooo.
Or even a help icon, like '?' , or perhaps a tooltip to explain what all the settings do.
 
V

VanguardLH

Weasel said:
I have installed all the Windows 7 security updates and now every time I go
to a financial website I get the following message every time I hit the
enter key.

'Security Warning
do you want to view only the webpage content that was delivered securely
yes or no"

Like I enter userid and press enter and get the message, then I enter the
password and press enter and get the message. Getting damn tired of it.

Does anybody have this problem and how to get rid if the message? Maybe I
need to uninstall all the updates for the past couple of months and then
reinstall them one at a time?
The site you are visiting is ignorant of secure content. They have both
secure (https) and non-secure (http) content mixed in the same page.
This can, for example, occur if some of the content comes from somewhere
other than that site; i.e., they're piping 3rd party content through
their web pages.

So do you really trust a site that claims to be secure but actually
contains insecure content? They're lying to you about their level of
security. Go to the following configuration for IE (it's a web browser
issue, not an issue with the OS):

Internet Options -> Security tab -> Internet zone -> Custom Level

Miscellaneous section
Option = Display mixed content

Choose what you want. The default is to prompt. This is to warn you
that a site claiming to be secure really is not. If you select Disable,
you won't get prompted anymore. If the page contains insecure content,
it gets blocked. So the page is made to be secure despite the boobs at
the site screwing it up. If you select Enable, you choose to let the
boobs spew any insecure content at you while lying to you that it is
secure.

Complain to the site that their so-called secure web pages are NOT
secure because they mixed in insecure content. They have a mix of
secure and insecure content. It is either secure or it isn't. Any
insecure content means the page is NOT secure. In the meantime, you'll
have to decide if you block the insecure content (and eliminate the
prompt), allow the insecure content (and eliminate the prompt), or stick
with the prompt to warn you the "secure" page is not secure.
 
S

Seth

Stan Brown said:
Stupid Internet Explorer! I get that every time I log into Webex.
You'd think IE would give you a way to disable that warning, at least
when you when you revisit the same page, but if so I've been unable
to find it.
Depending on what is specifically tripping it at www.webex.com you may be
able to simply add that site to your trusted or intranet site zone. Now
you're not lowering security for general sites but can custom tailor the
security for specific sites that you go to often AND trust.
 
X

XS11E

VanguardLH said:
So do you really trust a site that claims to be secure but
actually contains insecure content?
The problem isn't sites that claim to be secure but rather sites that
do not claim to be secure but still have mixed content.
 
V

VanguardLH

XS11E said:
The problem isn't sites that claim to be secure but rather sites that
do not claim to be secure but still have mixed content.
How does a site that uses https not claim to be secure? What was the
point of scrambling the traffic between the endpoints if it weren't for
security? If it site doesn't want to claim their page is secure then
they shouldn't be using https for the connection.

http://msdn.microsoft.com/en-us/library/ee264315(v=vs.85).aspx

A car dealer tries to sell you a red colored car. They don't claim it's
a red colored car. Does that change the fact that it is a red colored
car? Using https means it is supposed to be a secure target. That the
site owner doesn't claim it is secure just shows how stupid they are as
to the purpose of https.

There's a whole certificate industry that sells site certs for servers
to proffer secured pages. Yes, a site doesn't have to separately
pronounce their site is secure although it would be suicide for any
financial site to not claim they were secure. They really don't have to
announce the communications is secure since https by itself professes
that fact - or, it's supposed to ... except by boobs that mix in
unsecure content in their https connection.
 
Ad

Advertisements

X

XS11E

VanguardLH said:
How does a site that uses https not claim to be secure?
The sites that pop up the annoying box most often are not https sites,
just plain old http sites.
 
S

Seum

Dave-UK said:
It's a message from Internet Explorer.
I cribbed this from the Microsoft Answers forum:

1. Go to Tools -> Internet Options -> Security 2. Select the "Security"
tab -> Click the "Custom Level" button 3. In the "Miscellaneous" section
change "Display mixed content" to Enable.
I ran into the same situation and reached only Internet Options. The
Security tab is there but I could not get a Security 2 level. The
setting was at Medium-high (Default). I am using Explorer 8 - is
everyone else using Explorer 9?
 
D

Dave-UK

Seum said:
I ran into the same situation and reached only Internet Options. The
Security tab is there but I could not get a Security 2 level. The
setting was at Medium-high (Default). I am using Explorer 8 - is
everyone else using Explorer 9?
No, I'm using Internet Explorer 8.
Open IE and select Tools from the menu bar.
(If you can't see the menu bar press the Alt key.)
Select Internet Options.
There should be 7 tabs, General,Security,Privacy,Content etc.
Select the Security tab.
Select the Internet globe icon.
Click on the 'Custom level....' button.
Make your changes there.
 
V

VanguardLH

XS11E said:
The sites that pop up the annoying box most often are not https sites,
just plain old http sites.
There would be no such popup unless https was involved. The "mix" of
content that triggers the popup is when https was used but some content
was delivered via http hence the mixing of secure and unsecure content
in the same web page.
 
D

Dave \Crash\ Dummy

VanguardLH said:
There would be no such popup unless https was involved. The "mix" of
content that triggers the popup is when https was used but some
content was delivered via http hence the mixing of secure and
unsecure content in the same web page.
This only becomes a problem if you respond to the unsecure (http)
material believing it is secure. For example, you might have an online
banking site that is delivered https but also contains an ad that is
delivered http. Information you send to your bank is still secure, but
if the ad has a form to submit, that information will not be secure. Of
course, it may not be so obvious which is which, and therein lies the
danger.

I leave the warning in place and decide based on the situation. Usually,
the secure transaction I want to make does not need the unsecured stuff.
 
Ad

Advertisements

C

Char Jackson

Can and was, that's why I disabled it.
I've never seen that and wouldn't have considered it possible, so if
by chance you still know of a URL I'd love to see for myself.
 
V

VanguardLH

Dave said:
This only becomes a problem if you respond to the unsecure (http)
material believing it is secure. For example, you might have an
online banking site that is delivered https but also contains an ad
that is delivered http. Information you send to your bank is still
secure, but if the ad has a form to submit, that information will not
be secure. Of course, it may not be so obvious which is which, and
therein lies the danger.

I leave the warning in place and decide based on the situation.
Usually, the secure transaction I want to make does not need the
unsecured stuff.
That's true. If the user clicked on the unsecure (http delivered)
content then the user may not be aware that traffic is no longer
secure. Unfortunately, IE doesn't highlight, shroud, colorize, or
otherwise indicate to the user as to WHICH of the content on the web
page is considered unsecure. That means the user may not and probably
does not know what they can do on that web page to maintain a secure
connection.

I figure if you are visiting your "financial" web site (the OP wasn't
specific as to what was the site) then they shouldn't be shoving ads in
your face. Of course, a "financial" web site could be some stock quote
site or your bank site: one would have ads and the other shouldn't
(except for their own services).
 
Ad

Advertisements

V

VanguardLH

Char said:
I've never seen that and wouldn't have considered it possible, so if
by chance you still know of a URL I'd love to see for myself.
Perhaps the OP might grace us with a URL to the specific "financial"
site rather than attempt to discuss it as a vaguity.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top