Lottery Post moves to total encryption

Jun 26, 2015, 9:42 am (39 comments)

Lottery Post Site News

All 2 million+ pages of website now secured by SSL encryption

By Todd Northrop

As of June 26, 2015, Lottery Post is serving all of its pages over SSL encryption.

Previously, security-critical portions of the website, such as the Log In page and the password change page, were protected by SSL encryption, but the remainder of the site was transmitted over normal, non-encrypted HTTP communications.

To make the transition to all-SSL connections, the website is currently redirecting all non-SSL connections to the SSL-protected version of the site.  The result is a lot more privacy for users.

SSL connections are the encrypted communications abilities built into web browsers like Internet Explorer and Google Chrome that allow activities like banking transactions to remain secure.  A web user knows their connection is secured by examining the URL (web address) of the website and seeing it begin with "https://".

SSL works in three steps: First, it validates the identity of a website; then, it creates an encrypted connection; finally, it makes sure that the data was sent without an issue.

Lottery Post goes one step further to demonstrate security to its visitors and members by employing an "Extended Validation" (EV) security certificate, which appears as a green color in the web address display of the web browser.  An illustration of the appearance of the EV certificate in Google Chrome can be found below.

An EV certificate clearly shows to web visitors that they are visiting the actual page they are trying to reach, and it has not been "hijacked" by a hacker or malware.  Lottery Post's EV certificate shows the company name "Speednet Group LLC" — the company that owns and operates the website.

Lottery Post also employs the use of HTTP Strict Transport Security, which is supported in modern web browsers.  This technique sends a signal to the web browser, indicating that the website is completely encrypted, and that all future communications with the website should be always directed through an encrypted (SSL) channel.  It is a method to prevent hackers from employing a so-called "man-in-the-middle" attack to steal sensitive information passed between the web browser and the Lottery Post website.

Moving Lottery Post to complete encryption was far more difficult than most websites, not only because of the sheer volume of web pages (more than 2 million), but also because of the nature of the content posted by users on the forums and blogs.

Lottery Post members are free to post images on the forums and blogs, and most of those images are hosted on non-secure image hosting services, such as imgur, Photobucket, and other such services.  If a secure web page included non-secure images, the web browser would issue warnings to the user and perhaps refuse to display the page at all.

The developer of Lottery Post invented a technique to continue to allow users to publish whatever non-secure images they wish, but when the forum page displays the image, it is automatically re-hosted at a secure Lottery Post service, and transmitted over the same encrypted communications that the rest of the page is transmitted.

In doing so, Lottery Post has dedicated a tremendous allocation of effort and data storage to ensure 100% security to its members and visitors.

When users connect to any website over SSL a network snoop can see that the person is communicating with the website, but the content of their communication with the site is entirely private.  That means that even though network operators can see that users are connecting to Lottery Post, they can't see what username they're logged in under or which posts they're submitting to the site.

Major websites have switched over to default encryption in recent weeks, including Wikipedia, Reddit, and all federal websites, driven largely by security concerns.  SSL also prevents attackers from injecting malware into an otherwise legitimate data stream, an increasing concern in the wake of the Snowden leaks.

Why this matters: Knowing how expansive online government surveillance is, HTTPS is a critical tool for retaining privacy. It can't stop your ISP from knowing which sites you visit, but it can stop anyone from passively reading your traffic.  Privacy isn't the only reason to add HTTPS, however, as HTTPS can help defend against malicious attacks such as session hijacking.

News story photo(Click to display full-size in gallery)

Lottery Post Staff

Comments

MzDuffleBaglady's avatarMzDuffleBaglady

I have AVG secure search, and it has the same security.Party

Great!!!!

 

Thank you!

ThatScaryChick's avatarThatScaryChick

Thank you, Todd for all the hard work you do to provide us with a safe and informative site! Smile

CutlassBob's avatarCutlassBob

Excellent update. Thanks to the LP admin...

lothob's avatarlothob

Thanks for remembering our need for privacy Todd and kudos for continuing to innovate this great site!

uprrman's avataruprrman

Quote: Originally posted by lothob on Jun 26, 2015

Thanks for remembering our need for privacy Todd and kudos for continuing to innovate this great site!

I Agree! thanks todd

Technut's avatarTechnut

Thanx Todd

JADELottery's avatarJADELottery

Excellent.

Now we don't have to keep typing the https on certain network connections.

plumsage's avatarplumsage

Good work Todd to you and your staff!

Bleudog101

Thank you so much Todd for this.

mjwinsmith's avatarmjwinsmith

Thanks Todd.

mysteque's avatarmysteque

Thank you Todd!!

Original Bey's avatarOriginal Bey

Todd it truly speaks to your character and passion for what you do that without suggestion or complaint you continually seek out ways to make the best lottery site globally even better! Hopefully Lady Luck will honor you with a lifetime achievement award (aka Big Win) very soon. Kudos! Cheers

Todd's avatarTodd

Thanks for the nice comments!  It is indeed a big step for LP, but also it was a real challenge (see the news story).

With over 2 million pages converted, there may well be a few straggling "rough spots" where something doesn't work perfectly.  If you notice something like that — where something was working before and now suddenly there is an error or doesn't work properly — please send me a quick note to let me know.  Thanks!

noise-gate

Wow Todd- last week you gave us Lotteryplaces, this week you give us this.l think it was Sir Isaac Newton who said " if l have seen further,  it's because I stood on the Shoulders of Giants"..Thanks for all you do, l salute you.

Be well.

Subscribe to this news story