Welcome Guest
Log In | Register )
You last visited January 24, 2017, 8:15 pm
All times shown are
Eastern Time (GMT-5:00)

Upgraded security at Lottery Post

Topic closed. 6 replies. Last post 2 years ago by helpmewin.

Page 1 of 1
Todd's avatar - Cylon 2.gif
Chief Bottle Washer
New Jersey
United States
Member #1
May 31, 2000
23357 Posts
Posted: November 3, 2014, 6:28 pm - IP Logged

I have just completed some upgrades to security at Lottery Post.  Most people will not notice any difference, but some users of very old operating systems or browsers may be impacted.

I apologize in advance if you're allergic to "techno-babble".  In any discussion of Internet security there's really no way to get around it.  I'll try to be descriptive, while still including the technical details.

There are two main upgrades that have been completed.

First, older SSL security protocols have been disabled.  Security protocols are the way that your browser communicates with Lottery Post when you are using a secure connection — when the address (URL) starts with "https://".  This is used for pages like the Log In page, so that your password is securely passed over the Internet.

Recently researchers working for Google determined that there is a major design flaw in an older protocol called SSL 3.0.  (You may have heard about it, called the POODLE attack.)  Because it is a design flaw in the protocol itself, there is no way to issue a patch to the operating system to fix it.  The only fix is to disable the protocol itself.  So that's what I have done at Lottery Post.

For most people, you would never know that I disabled it.  All modern Web browsers can use a different, more recent protocol called TLS (Transport Layer Security), which does not have any known security risks.

The only browser which users will notice a problem is Internet Explorer 6 (IE6).  For users of that browser (and frankly nobody should be using it anymore!) it is not configured by default to use TLS, so you'll have to enable it yourself.  I have prepared a simple instruction guide to do it.

The second security change is that I have upgraded the type of security certificate used at Lottery Post to a more secure type, using something called SHA256.

Researchers have determined that an older type of certificate (using SHA1) has flaws, and the industry is working to eliminate the use of older SHA1 certificates.  In fact, Microsoft and Google have issued statements that by 2016, SHA1 certificates will not even be permitted within their Web browsers.  (Google is taking an even more strict approach, "outlawing" them within Google Chrome in 2015.)

Like the first change, most people will notice no difference in the way anything works or operates.  The only people who will have a problem is users of very old mobile devices and Windows XP users who do not have Service Pack 3 installed.

So, if you have Windows XP and you have a problem with a secure page at Lottery Post (or USA Mega), simply apply Microsoft's Windows XP Service Pack 3 (a free download), and you'll be good to go.


Check the State Lottery Report Card
What grade did your lottery earn?


Sign the Petition for True Lottery Drawings
Help eliminate computerized drawings!

    emilyg's avatar - cat anm.gif

    United States
    Member #14
    November 9, 2001
    31558 Posts
    Posted: November 3, 2014, 6:39 pm - IP Logged


    love to nibble those micey feet.



      Republic of Texas
      United States
      Member #57557
      January 9, 2008
      1095 Posts
      Posted: November 3, 2014, 6:58 pm - IP Logged

       maioah agdfifh sfvdvn hv vi hiohv fah ni ohv oduvzn jkiddevdawh  <-----  "Techno Babble" as I see it. 


      Thanks Todd. Always looking out for us Techno-deficient ones. Group Hug



        noise-gate's avatar - images q=tbn:ANd9GcR91HDs4UJhjxO7cmeMQWZ5lB_FOcMLOGicau4V74R45tDgPWrr
        Bay Area - California
        United States
        Member #136477
        December 12, 2012
        4146 Posts
        Posted: November 3, 2014, 7:06 pm - IP Logged

        As a friend of mine once said " anyone using XP should upgrade as soon as possible,  if that is not possible be prepared to let your computer become a "boat anchor" moving forward.

        People who say it cannot be done should not interrupt those who are doing it- George Bernard Shaw.

          Nikkicute's avatar - nnjx1k
          United States
          Member #123290
          February 17, 2012
          3092 Posts
          Posted: November 5, 2014, 12:11 am - IP Logged

          Thanks Todd for keeping the site safe for us! Thumbs Up

            Drenick1's avatar - villiarna
            United States
            Member #152799
            February 25, 2014
            1095 Posts
            Posted: November 5, 2014, 1:14 pm - IP Logged

            Thank you Todd.

              helpmewin's avatar - dandy
              United States
              Member #106665
              February 22, 2011
              19967 Posts
              Posted: November 6, 2014, 7:37 am - IP Logged

              PatriotGreat news Thanks