Security breach
#1
Red X through the lock and red score line through the https:

Your connection is not private.


Anyone else experiencing this??

All other sites working fine.

NB. If I load TPB no problem until I click on "Forum" then the same warnings.
Reply
#2
The site SSL certificate has expired and one of the Admins is working to fix it. The forum will be no less secure than it was before and all you need to do is click on either 'further info,' or whatever the option is on your browser to view the site.
Reply
#3
nah
I just Ignore the risk
since I know where and what I'm going and doing by entering this forum address on the URL bars
Reply
#4
today 11 November 2014 i tried to login to suprbay but got shown this screen [Image: Capturesuprbay11npv14_zps006beb16.jpg] thats screenshot to show something it seems suprbay need to fix

i clicked the ignore warning link and managed to get past their block
Reply
#5
That is a very misleading error. All that happened is that the certificate "expired." As in the clock ticked past the date the certificate was issued for. The site is as secure as it was yesterday as nothing has really changed except the date on the calendar.


A certificate is just an electronic document issued by a 3rd party stating that the site is what it says it is. The actual encryption is handled by the SSL key, which has not changed. When the certificate expired, it just meant that now the 3rd party is no longer vouching for our identity.

To say the connection is not private is a an outright lie.

You can continue to use the site as usual by ignoring the error until Suprbay gets around to having a new certificate issued.
Reply
#6
certificates cost money. Its basically blackmail. Pay us money or we will tell everyone your not trust worthy.
Reply
#7
(Nov 11, 2014, 13:17 pm)ShadyJay Wrote: certificates cost money. Its basically blackmail. Pay us money or we will tell everyone your not trust worthy.

Well that didn't work.
Reply
#8
If this 3rd party is trying to extort money can't the certification be obtained from another company? (Entrust, Verisign etc)
Reply
#9
(Nov 19, 2014, 15:10 pm)Beer_Money Wrote: If this 3rd party is trying to extort money can't the certification be obtained from another company? (Entrust, Verisign etc)

sure, but eventually those certificates will need to be renewed also. in the mean time, an admin is working on it and the site is still secure.
Reply
#10
The certification process is really a scam. It's simply the generation of a pair of random numbers which can be used by web browsers and servers to encrypt and decrypt any messages they exchange.

An "authority" generates the pair, and confirms (for the next year, or however long you pay for) that they're associated with a particular domain.

But it's not like they ever actually visit the home of anyone requesting a certificate, conduct background checks of individuals or monitor the activities of the site and individuals after the "certificate" has been issued.

You simply fork over a few hundred bucks and they send you a file. You copy the file on to your server, change a few configuration settings and, bingo, your site can now be accessed by typing in https instead of http and your web browser displays a padlock to reassure users that they're "safe". It's total bollocks.

The problem is that the web browser developers are complicit in the scam. Without a certificate, your web browser won't display the padlock and it thereby gives the impression that your site hasn't proven it is trustworthy.

And, without a certificate, your web browser won't encrypt your traffic.

You can create your own certificates, for free, but web browsers then display alarming popups "warning" users that the site has generated it's own certificate and not "proven" itself to an "authority", which effectively makes it look like the site is trying to scam people.

Thankfully, the EFF is setting itself up as an authority, and they will be issuing certificates for free. But they're not launching that until Summer 2015. We will probably pay for a certificate to cover the interim period, but frankly it sticks in the craw.

[In the meantime, as has been said, the encrpytion of traffic is still happening even though the "authority" is no longer confirming that they issued them.]
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Problem with Security Certificate keeybee 3 13,605 Dec 28, 2013, 12:00 pm
Last Post: Kitlope



Users browsing this thread: 1 Guest(s)