When you click on links to various merchants on this site and make a purchase, this can result in this site earning a commission. Affiliate programs and affiliations include, but are not limited to, the eBay Partner Network.
the people in my building don't have a sniff about computers and I sure as hell don't go to a library or St. Arbucks just to use free wifi to come here.
There is currently a bug with using Chrome and certain Symantec issued certificates. Google needs to fix Chrome. In the meantime, use Firefox or IE or Edge.
none of the sites that IB owns are secure right now, i just checked audiworld and it's "Not secure" as well. So I hope no one is stupid enough to use a username/password combo on IB sites and banking sites , because it's not being encrypted right now on IB.
This statement isn't quite accurate. This is not an IB only issue.
Some major browsers, such as FireFox and Chrome, recently began displaying a "not secure" message for any website that asks for a password and is not using HTTPS. CorvetteForum has not used HTTPS. This is also the case for the vast majority of community-based message forums like CorvetteForum.
The "not secure" message for any website asking for a password that's not using HTTPS is something new that browsers are doing. Previously, websites that collected passwords not using HTTPs did not have the browser generate such a message.
As you can read, this is something new that browsers have started doing. Your browser may display a "not secure" message on CorvetteForum because CorvetteForum doesn't use HTTPS but does require a password to access your account. Again, the vast majority of websites like CorvetteForum are the same.
Internet Brands does, in fact, use some HTTPS on a few sites and is in testing. CorvetteForum currently is not one of those sites as Internet Brands continues to test and monitor.
Originally Posted by Thunder22
none of the sites that IB owns are secure right now, i just checked audiworld and it's "Not secure" as well. So I hope no one is stupid enough to use a username/password combo on IB sites and banking sites , because it's not being encrypted right now on IB.
JT - To be clear, the issue with Chrome and Symantec Certs is a problem, agreed, but that results in an error message on Chrome with the usual "there is a problem with the cert" etcetc, I'm working with Google and Symantec where I work to fix that on our websites, but it looks like the simplest solution is to upgrade the cert and just bybass the problem completely.
But I was referencing that login on CF (as well as other IB sites e.g. AudiWorld) don't use HTTPS to login nor for browsing, which means that there is no secure cert at all. And yes, login does require a password, but that password is not secure and can be hacked far more easily than if IB used https. Which led to my warning that I hope people aren't so short sighted as to use the same username/password comb on CF and their financial institutions, you know, just in case the worst happens
Right, but what I'm saying is this is nothing new with CorvetteForum not using HTTPS for username/password on this site, and it's typically the same for any other community-based message forum like CorvetteForum. What is new is the message, which is coming from the browsers as a push to increase security.
Where are you getting a message about a problem with the certificate on CorvetteForum?
Originally Posted by Thunder22
JT - To be clear, the issue with Chrome and Symantec Certs is a problem, agreed, but that results in an error message on Chrome with the usual "there is a problem with the cert" etcetc, I'm working with Google and Symantec where I work to fix that on our websites, but it looks like the simplest solution is to upgrade the cert and just bybass the problem completely.
But I was referencing that login on CF (as well as other IB sites e.g. AudiWorld) don't use HTTPS to login nor for browsing, which means that there is no secure cert at all. And yes, login does require a password, but that password is not secure and can be hacked far more easily than if IB used https. Which led to my warning that I hope people aren't so short sighted as to use the same username/password comb on CF and their financial institutions, you know, just in case the worst happens
I'm not getting a cert error, I'm getting a non-secure error message. if you click on the exclamation point in the url bar next to www.corvetteforum.com, you'll get the full message. I included a snip below of the security tab under development tools because i can't snag the other warning message.
I'm not getting a cert error, I'm getting a non-secure error message. if you click on the exclamation point in the url bar next to www.corvetteforum.com, you'll get the full message. I included a snip below of the security tab under development tools because i can't snag the other warning message.
Your browser determines if a website is safe or not based on the presence of a cert and if the cert is valid or from a trusted issuer. This is normally done only when using https and or port 443.
I have never tried to access CF from https, so I don't know if it was ever working. My bet is you are using https://forums.corvetteforum.com
Just use http, I can access using http from IE/Edge/FF and Chrome with no issues.
**EDIT**
Ah I see, you are clicking the little info button - simply don't do that. CF doesn't offer a secure connection, never has, period.
OK. Like I said, that's because the major browsers (atleast Google Chrome and Mozilla Firefox) recently added an update to their browser to notify users that any website they access that asks for a password not using HTTPS is "not secure". The vast majority of websites like CorvetteForum will generate the very same message because most message forums don't use HTTPS. Typically, that was generally for banking.
In this regard, the website is not less secure today than it was last year prior to this notice that Google Chrome and Mozilla Firefox added to their browsers. There's just a security push to have any website asking for a password to use HTTPS - or atleast notify the user that the website isn't using HTTPS. CorvetteForum, for the 8 years I've been involved, has never used HTTPS - just like any other website like CorvetteForum.
Internet Brands, which owns CorvetteForum, is well aware and has been testing and discussing HTTPS across some of their networks.
The server was not hacked and is not compromised. In my opinion, this message from the browser is causing a lot of alarm about something that has always been present.
Originally Posted by Thunder22
I'm not getting a cert error, I'm getting a non-secure error message. if you click on the exclamation point in the url bar next to www.corvetteforum.com, you'll get the full message. I included a snip below of the security tab under development tools because i can't snag the other warning message.
I'm not trying to argue with you, I've got a 25 year career in IT and I've designed/supported over 100 web sites, so I'm just trying to point out the difference between what Thud reported, and that this site doesn't use a cert so it couldn't have expired, BUT, credentials can still be stolen as they're not encrypted. That's all.
I never said it was less secure today than yesterday as it's never been secure but that doesn't excuse IB and the original owner for the situation, but I'm glad it's finally being addressed. Every site that has a login should use encryption (banking sites stopped being the https poster boys years ago, most sites with a login function are https, especially in this day and age of "hack everything". )
This site NEVER had a cert installed, so it never had HTTPS.
Nothing new. Certs from a real issuer like Symantec are expensive.
They sure are. It's also expensive when some dolt uses the same username/password combo on a forum that they use for their banking, it gets hacked and their bank account gets emptied, but that's mostly on the user for not practicing good security.
03-08-2017, 12:33 PM
as it's never been secure