Security Warning??

[Flash]

Just recently I have been getting a pop-up when ever I choose to play a
game on facebook.
It is shown below and I have tried to change some settings, but to no
avail.I have run some AV programs and they all come up clean. I am using
IE8 and XP home SP3 with all updates.
Once I click the yes or no block I am fine, it is just a PITA.
Any suggestions or thoughts are appreciated.

TIA


*********************************************************
Security Warning

Do you want to view only the webpage content that was delivered securely?

This webpage contains content that will not be delivered using a secure
HTTPS connection, which could compromise the security of the entire webpage

YES NO
********************************************************

 

[JJ]

Just recently I have been getting a pop-up when ever I choose to play a
game on facebook.
It is shown below and I have tried to change some settings, but to no
avail.I have run some AV programs and they all come up clean. I am using
IE8 and XP home SP3 with all updates.
Once I click the yes or no block I am fine, it is just a PITA.
Any suggestions or thoughts are appreciated.

TIA

*********************************************************
Security Warning

Do you want to view only the webpage content that was delivered securely?

This webpage contains content that will not be delivered using a secure
HTTPS connection, which could compromise the security of the entire webpage

YES NO
********************************************************

The setting is in the Internet zone security setting:

Miscellaneous > Display mixed content

Set it to "Enable".

But this is not recommended since it applies for all sites that are not
listed in other zones.

Instead, add the FB site into the "Trusted sites" zone and change the
setting on this zone.

 

[Flash]

http://www.labnol.org/software/ie-security-warning-for-https-websites/13388/


"Disable “Mixed Content” Warnings in *IE*

If you would like to disable this security warning forever, go to
Tools -> Internet Options and select the Security tab. Make sure the
“Internet” zone is selected and then click the “Custom Level” button.
Scroll-down the list of options and set the “Display mixed content”
setting from “Prompt” to “Enable.”

The mixed content issue can only be fixed by the web developer,
you are only suppressing the warning in the IE browser.
"

HTH,
Paul

Thanks Paul, this did the trick.

 

[VanguardLH]

http://www.labnol.org/software/ie-security-warning-for-https-websites/13388/

"Disable ´Mixed Content¡ Warnings in *IE*

If you would like to disable this security warning forever, go to
Tools -> Internet Options and select the Security tab. Make sure the
´Internet¡ zone is selected and then click the ´Custom Level¡ button.
Scroll-down the list of options and set the ´Display mixed content¡
setting from ´Prompt¡ to ´Enable.¡

The mixed content issue can only be fixed by the web developer,
you are only suppressing the warning in the IE browser.
"

Bad advice (to allow mixed content). Either a page is secure or it is
not. There is no in between. If a site decides to mix insecure content
(often 3rd party content) with secure content then they chose to make
insecure a secure page -- so you get an insecure page.

Rather than allow insecure content when you are told you are visiting a
secure page (but are being lied to), and to eliminate the numerous
prompts about the mixed content due to idiot web designers or those
forced to make secure pages insecure by marketing choices, configure IE
to NOT allow the insecure content (and not bother alerting you about
it). Just decide if when told a page is secure if to really make it
secure.

IE has had this setting since around 2002 in older versions. It took
until about half a year ago for Mozilla to finally catch up and add a
user-configurable option regarding this mixed content issue. They have
bugzilla reports going back to 2005 (but you can trace their sources
back to other 2002 reports) of users asking Mozilla to give them the
same secure setting regarding mixed content that was available back then
for IE.

Don't bother with the alerts telling you a site chose to make insecure
their secure pages. There are just way too many boobs and too many
cooks stirring the code pot in designing a site. If you allow insecure
content then you choose that HTTPS pages will *not* be secure (i.e., you
won't know they are secure or not). If you visit HTTPS pages and really
want them to remain secure then configure your web browser to NOT allow
insecure content (just block it without alerts).

Internet Options -> Security tab -> Internet security zone
Miscellaneous section
Display Mixed Content = DISABLE

Then those HTTPS (SSL secured) pages really will have secured content.
Anything less is not secure. Eliminate the prompts telling you the site
is lying to you about security.

If you want to allow specific sites you trust to lie to you about their
supposedly secure pages, add them to the Trusted Sites whitelist (and
configure your Trusted Sites security zone to Enable the mixed content
to eliminate prompts from sites you trust). Personally I don't trust
sites that lie to me whether deliberately or due to their stupidity.