Forum SSL cert no longer valid...
#2
Team Owner
the people in my building don't have a sniff about computers and I sure as hell don't go to a library or St. Arbucks just to use free wifi to come here.
But thanks for the heads up.
But thanks for the heads up.
#3
Team Owner
There is currently a bug with using Chrome and certain Symantec issued certificates. Google needs to fix Chrome. In the meantime, use Firefox or IE or Edge.
#6
Administrator
Member Since: Mar 2001
Location: In a parallel universe. Currently own 2014 Stingray Coupe.
Posts: 342,883
Received 19,282 Likes
on
13,960 Posts
C7 of the Year - Modified Finalist 2021
MO Events Coordinator
St. Jude Co-Organizer
St. Jude Donor '03-'04-'05-'06-'07-'08-'09-'10-'11-'12-'13-'14-'15-'16-'17-'18-'19-
'20-'21-'22-'23-'24
NCM Sinkhole Donor
CI 5, 8 & 11 Veteran
Have you reported this to the Forum Help Section?
#8
MONARTOR
#10
Making CFOT Great Again
So what's the deal with the certificate? When will the issue be fixed?
#11
Team Owner
none of the sites that IB owns are secure right now, i just checked audiworld and it's "Not secure" as well. So I hope no one is stupid enough to use a username/password combo on IB sites and banking sites , because it's not being encrypted right now on IB.
#12
This statement isn't quite accurate. This is not an IB only issue.
Some major browsers, such as FireFox and Chrome, recently began displaying a "not secure" message for any website that asks for a password and is not using HTTPS. CorvetteForum has not used HTTPS. This is also the case for the vast majority of community-based message forums like CorvetteForum.
The "not secure" message for any website asking for a password that's not using HTTPS is something new that browsers are doing. Previously, websites that collected passwords not using HTTPs did not have the browser generate such a message.
See this blog from Google:
https://security.googleblog.com/2016...ecure-web.html
As you can read, this is something new that browsers have started doing. Your browser may display a "not secure" message on CorvetteForum because CorvetteForum doesn't use HTTPS but does require a password to access your account. Again, the vast majority of websites like CorvetteForum are the same.
Internet Brands does, in fact, use some HTTPS on a few sites and is in testing. CorvetteForum currently is not one of those sites as Internet Brands continues to test and monitor.
Some major browsers, such as FireFox and Chrome, recently began displaying a "not secure" message for any website that asks for a password and is not using HTTPS. CorvetteForum has not used HTTPS. This is also the case for the vast majority of community-based message forums like CorvetteForum.
The "not secure" message for any website asking for a password that's not using HTTPS is something new that browsers are doing. Previously, websites that collected passwords not using HTTPs did not have the browser generate such a message.
See this blog from Google:
https://security.googleblog.com/2016...ecure-web.html
As you can read, this is something new that browsers have started doing. Your browser may display a "not secure" message on CorvetteForum because CorvetteForum doesn't use HTTPS but does require a password to access your account. Again, the vast majority of websites like CorvetteForum are the same.
Internet Brands does, in fact, use some HTTPS on a few sites and is in testing. CorvetteForum currently is not one of those sites as Internet Brands continues to test and monitor.
#13
Team Owner
JT - To be clear, the issue with Chrome and Symantec Certs is a problem, agreed, but that results in an error message on Chrome with the usual "there is a problem with the cert" etcetc, I'm working with Google and Symantec where I work to fix that on our websites, but it looks like the simplest solution is to upgrade the cert and just bybass the problem completely.
But I was referencing that login on CF (as well as other IB sites e.g. AudiWorld) don't use HTTPS to login nor for browsing, which means that there is no secure cert at all. And yes, login does require a password, but that password is not secure and can be hacked far more easily than if IB used https. Which led to my warning that I hope people aren't so short sighted as to use the same username/password comb on CF and their financial institutions, you know, just in case the worst happens
But I was referencing that login on CF (as well as other IB sites e.g. AudiWorld) don't use HTTPS to login nor for browsing, which means that there is no secure cert at all. And yes, login does require a password, but that password is not secure and can be hacked far more easily than if IB used https. Which led to my warning that I hope people aren't so short sighted as to use the same username/password comb on CF and their financial institutions, you know, just in case the worst happens
Last edited by Thunder22; 03-09-2017 at 02:24 PM.
#14
Right, but what I'm saying is this is nothing new with CorvetteForum not using HTTPS for username/password on this site, and it's typically the same for any other community-based message forum like CorvetteForum. What is new is the message, which is coming from the browsers as a push to increase security.
Where are you getting a message about a problem with the certificate on CorvetteForum?
Where are you getting a message about a problem with the certificate on CorvetteForum?
JT - To be clear, the issue with Chrome and Symantec Certs is a problem, agreed, but that results in an error message on Chrome with the usual "there is a problem with the cert" etcetc, I'm working with Google and Symantec where I work to fix that on our websites, but it looks like the simplest solution is to upgrade the cert and just bybass the problem completely.
But I was referencing that login on CF (as well as other IB sites e.g. AudiWorld) don't use HTTPS to login nor for browsing, which means that there is no secure cert at all. And yes, login does require a password, but that password is not secure and can be hacked far more easily than if IB used https. Which led to my warning that I hope people aren't so short sighted as to use the same username/password comb on CF and their financial institutions, you know, just in case the worst happens
But I was referencing that login on CF (as well as other IB sites e.g. AudiWorld) don't use HTTPS to login nor for browsing, which means that there is no secure cert at all. And yes, login does require a password, but that password is not secure and can be hacked far more easily than if IB used https. Which led to my warning that I hope people aren't so short sighted as to use the same username/password comb on CF and their financial institutions, you know, just in case the worst happens
#15
Team Owner
I'm not getting a cert error, I'm getting a non-secure error message. if you click on the exclamation point in the url bar next to www.corvetteforum.com, you'll get the full message. I included a snip below of the security tab under development tools because i can't snag the other warning message.
Last edited by Thunder22; 03-09-2017 at 06:51 PM.
#16
Team Owner
I'm not getting a cert error, I'm getting a non-secure error message. if you click on the exclamation point in the url bar next to www.corvetteforum.com, you'll get the full message. I included a snip below of the security tab under development tools because i can't snag the other warning message.
I have never tried to access CF from https, so I don't know if it was ever working. My bet is you are using https://forums.corvetteforum.com
Just use http, I can access using http from IE/Edge/FF and Chrome with no issues.
**EDIT**
Ah I see, you are clicking the little info button - simply don't do that. CF doesn't offer a secure connection, never has, period.
Last edited by Chevy Guy; 03-09-2017 at 07:23 PM.
#17
OK. Like I said, that's because the major browsers (atleast Google Chrome and Mozilla Firefox) recently added an update to their browser to notify users that any website they access that asks for a password not using HTTPS is "not secure". The vast majority of websites like CorvetteForum will generate the very same message because most message forums don't use HTTPS. Typically, that was generally for banking.
In this regard, the website is not less secure today than it was last year prior to this notice that Google Chrome and Mozilla Firefox added to their browsers. There's just a security push to have any website asking for a password to use HTTPS - or atleast notify the user that the website isn't using HTTPS. CorvetteForum, for the 8 years I've been involved, has never used HTTPS - just like any other website like CorvetteForum.
Internet Brands, which owns CorvetteForum, is well aware and has been testing and discussing HTTPS across some of their networks.
The server was not hacked and is not compromised. In my opinion, this message from the browser is causing a lot of alarm about something that has always been present.
In this regard, the website is not less secure today than it was last year prior to this notice that Google Chrome and Mozilla Firefox added to their browsers. There's just a security push to have any website asking for a password to use HTTPS - or atleast notify the user that the website isn't using HTTPS. CorvetteForum, for the 8 years I've been involved, has never used HTTPS - just like any other website like CorvetteForum.
Internet Brands, which owns CorvetteForum, is well aware and has been testing and discussing HTTPS across some of their networks.
The server was not hacked and is not compromised. In my opinion, this message from the browser is causing a lot of alarm about something that has always been present.
I'm not getting a cert error, I'm getting a non-secure error message. if you click on the exclamation point in the url bar next to www.corvetteforum.com, you'll get the full message. I included a snip below of the security tab under development tools because i can't snag the other warning message.
#18
Team Owner
#19
Team Owner
I'm not trying to argue with you, I've got a 25 year career in IT and I've designed/supported over 100 web sites, so I'm just trying to point out the difference between what Thud reported, and that this site doesn't use a cert so it couldn't have expired, BUT, credentials can still be stolen as they're not encrypted. That's all.
I never said it was less secure today than yesterday as it's never been secure but that doesn't excuse IB and the original owner for the situation, but I'm glad it's finally being addressed. Every site that has a login should use encryption (banking sites stopped being the https poster boys years ago, most sites with a login function are https, especially in this day and age of "hack everything". )
I never said it was less secure today than yesterday as it's never been secure but that doesn't excuse IB and the original owner for the situation, but I'm glad it's finally being addressed. Every site that has a login should use encryption (banking sites stopped being the https poster boys years ago, most sites with a login function are https, especially in this day and age of "hack everything". )
#20
Team Owner
They sure are. It's also expensive when some dolt uses the same username/password combo on a forum that they use for their banking, it gets hacked and their bank account gets emptied, but that's mostly on the user for not practicing good security.