All 2 million+ pages of website now secured by SSL encryption
By Todd Northrop
As of June 26, 2015, Lottery Post is serving all of its pages over SSL encryption.
Previously, security-critical portions of the website, such as the Log In page and the password change page, were protected by SSL encryption, but the remainder of the site was transmitted over normal, non-encrypted HTTP communications.
To make the transition to all-SSL connections, the website is currently redirecting all non-SSL connections to the SSL-protected version of the site. The result is a lot more privacy for users.
SSL connections are the encrypted communications abilities built into web browsers like Internet Explorer and Google Chrome that allow activities like banking transactions to remain secure. A web user knows their connection is secured by examining the URL (web address) of the website and seeing it begin with "https://".
SSL works in three steps: First, it validates the identity of a website; then, it creates an encrypted connection; finally, it makes sure that the data was sent without an issue.
Lottery Post goes one step further to demonstrate security to its visitors and members by employing an "Extended Validation" (EV) security certificate, which appears as a green color in the web address display of the web browser. An illustration of the appearance of the EV certificate in Google Chrome can be found below.
An EV certificate clearly shows to web visitors that they are visiting the actual page they are trying to reach, and it has not been "hijacked" by a hacker or malware. Lottery Post's EV certificate shows the company name "Speednet Group LLC" — the company that owns and operates the website.
Lottery Post also employs the use of HTTP Strict Transport Security, which is supported in modern web browsers. This technique sends a signal to the web browser, indicating that the website is completely encrypted, and that all future communications with the website should be always directed through an encrypted (SSL) channel. It is a method to prevent hackers from employing a so-called "man-in-the-middle" attack to steal sensitive information passed between the web browser and the Lottery Post website.
Moving Lottery Post to complete encryption was far more difficult than most websites, not only because of the sheer volume of web pages (more than 2 million), but also because of the nature of the content posted by users on the forums and blogs.
Lottery Post members are free to post images on the forums and blogs, and most of those images are hosted on non-secure image hosting services, such as imgur, Photobucket, and other such services. If a secure web page included non-secure images, the web browser would issue warnings to the user and perhaps refuse to display the page at all.
The developer of Lottery Post invented a technique to continue to allow users to publish whatever non-secure images they wish, but when the forum page displays the image, it is automatically re-hosted at a secure Lottery Post service, and transmitted over the same encrypted communications that the rest of the page is transmitted.
In doing so, Lottery Post has dedicated a tremendous allocation of effort and data storage to ensure 100% security to its members and visitors.
When users connect to any website over SSL a network snoop can see that the person is communicating with the website, but the content of their communication with the site is entirely private. That means that even though network operators can see that users are connecting to Lottery Post, they can't see what username they're logged in under or which posts they're submitting to the site.
Major websites have switched over to default encryption in recent weeks, including Wikipedia, Reddit, and all federal websites, driven largely by security concerns. SSL also prevents attackers from injecting malware into an otherwise legitimate data stream, an increasing concern in the wake of the Snowden leaks.
Why this matters: Knowing how expansive online government surveillance is, HTTPS is a critical tool for retaining privacy. It can't stop your ISP from knowing which sites you visit, but it can stop anyone from passively reading your traffic. Privacy isn't the only reason to add HTTPS, however, as HTTPS can help defend against malicious attacks such as session hijacking.
(Click to display full-size in gallery)
I have AVG secure search, and it has the same security.
Great!!!!
Thank you!
Thank you, Todd for all the hard work you do to provide us with a safe and informative site!
Excellent update. Thanks to the LP admin...
Thanks for remembering our need for privacy Todd and kudos for continuing to innovate this great site!
Thanx Todd
Excellent.
Now we don't have to keep typing the https on certain network connections.
Good work Todd to you and your staff!
Thank you so much Todd for this.
Thanks Todd.
Thank you Todd!!
Todd it truly speaks to your character and passion for what you do that without suggestion or complaint you continually seek out ways to make the best lottery site globally even better! Hopefully Lady Luck will honor you with a lifetime achievement award (aka Big Win) very soon. Kudos!
Thanks for the nice comments! It is indeed a big step for LP, but also it was a real challenge (see the news story).
With over 2 million pages converted, there may well be a few straggling "rough spots" where something doesn't work perfectly. If you notice something like that — where something was working before and now suddenly there is an error or doesn't work properly — please send me a quick note to let me know. Thanks!
Wow Todd- last week you gave us Lotteryplaces, this week you give us this.l think it was Sir Isaac Newton who said " if l have seen further, it's because I stood on the Shoulders of Giants"..Thanks for all you do, l salute you.
Be well.
Thanks Todd. Looks like its about time for me to pony up and support this site. :)
You Da MAN! Fantastic work!
Agreed! As an IT guy, I understand the importance of this for our and LP's security going forward. Memberships (at any level) are WELL WORTH the money when they invest in "transparent (to the use) upgrades like this!
Thanks for all you and the LP crew do Todd!
Thanks Todd for everything.
"Why this matters: Knowing how expansive online government surveillance is...."
But...but...but...we can trust the govt., right? I mean...they're supposed to have our best interests at heart, right? Why would they spy on us? You don't have anything to fear if you're not a criminal or terrorist, right?
Sorry, I can't continue... I've reached my sarcasm quota for today. (and for ellipses, too.)
Great job and thank you for really having our best interests at heart.
Mr. Northrop,
Awesome work. Hats off to you.
Thanks todd
Why wasn't it done sooner?
The government reference sounds like someone is thinking of Big Brother. I don't think they
care actually about Lottery Post or its members.
There have been security issues in the past with mention of a security certificate could not
be verified. Is this part of what you fixed? Just asking cause I really don't know what category
that falls into but to see the word security makes you wonder when you're visiting a site about
the safety of being there.
I never worried about posting - I have log-in info and post under a username. It didn"t bother
me to sign in but now you're saying before the fix, it should have?
The only thing I second thought was paying through the site but was always reassured with
secure system wording.
I don't need defensive sarcasm. It's just general concerns I thought about after reading the article.
Everyone is thanking you and thank you from me too. It just might be I don't understand what there
is to be thankful about. A site is a lot of work I'm sure but users usually take for granted it's secure and
It"s as given that we should be protected whenever we visit. A site with lots of visitors and users must
stay on its toes.
Great Job Todd! I did not want scammers to intercept my multiple LP identities and find out I am secretly Ridge.
Thank you! For the hard work you and your staff do to ensure our safe enjoyment of this site, you will always have my full support!
Thanks to you all...for all you do, this Bud's for you!
Thank you.
Hahahahahahaha, that's funny. Altho I sometimes wish it was true, as I miss Rdgrnr. Sure wish we knew how he is.
Let me add my thank you to Todd as well. Can never have too much security these days.
I miss Rdg too and more recently Thrifty. I hope both are well !
Thanks for the site update, Todd and LP staff.
Thank you Todd for keeping our LotteryPost safe for the use of everyone.
I love all of your post.you will be our next Powerball winner.
Thanks Todd, nice job!
Thank You Todd
What are you waiting for, just......" Do it!"
Wow, that is so awesome! Thank u so much Todd. I love it.
Thanks Todd, for retaining our privacy.
Where i Can found latest Lottery results.
Will this be for platinum or gold members only? /sarcasm