Connection is not secure message when logging in
- Thread starter Sage55
- Start date
HOTFR8
Banned
I rarely log out so I have not seen that before.
tailshaft56
Well-known member
Not sure about firefox Chrome does that now. a google search explained that chrome will give a warning any time the site is not using SSL Secure Socket Language. Guess they are pushing sites to use SSL for everything. My wife raised cane with me over the Barnes and Noble website.
Dr Stan
Well-known member
Just updated Firefox and I'm getting the same BS. Wish there was a way to have FF recognize GJ as safe.
Jazzman442
Well-known member
It not secure because this site is not using a secure connection as they should. Not the browser it is this place..
Are they going to step up and add security?
Are they going to step up and add security?
ctgoodman
Well-known member
Yes, I agree they should step up to an https:// site and secure it with a proper site certificate. This would encrypt the web traffic and logins to and from the server that hosts this site.
HOTFR8
Banned
Looks like an issue with Firefox and not the GJ forum.
alwaysFlOoReD
Well-known member
@hotfr8,
I disagree with you. It is a FF issue only in that FF is letting everyone know that your site isn't secured from hacking. From what I understand a more secure way of talking between the site and members is available and the site admins either don't understand or is/are being willfully ignorant. On the other hand Privacy Badger shows 0 trackers as does Ghostery, and that is unusually good for a forum.
I disagree with you. It is a FF issue only in that FF is letting everyone know that your site isn't secured from hacking. From what I understand a more secure way of talking between the site and members is available and the site admins either don't understand or is/are being willfully ignorant. On the other hand Privacy Badger shows 0 trackers as does Ghostery, and that is unusually good for a forum.
Outlander
Well-known member
I get the same with Chrome when I click on the "i" near the URL. Never noticed until I read this thread.
HOTFR8
Banned
I do not use Firefox so really I find this hard to follow.
On that note perhaps it is an issue with the anti virus you run on your computers. I am not seeing any problems where I am.
alwaysFlOoReD
Well-known member
Because GJ uses outdated forms of security certificates and is not using HTTPS the browsers FF and Chrome, and perhaps others, are filtering access to the GJ site. I've whitelisted GJ and another site that I frequent because I'm willing to take the risk. I don't know what's involved in doing the upgrades to the site. I would suggest passing this concern on to whomever takes care of the site and see if it's a simple fix.
HOTFR8
Banned
I am sure Admin is well aware of the issue and would have seen this topic.
ctgoodman
Well-known member
I have worked in computer systems management for the past 15 years. It can be quite involved taking an existing site and applying the certificate in order to use https protocol. No matter the difficulty I do find it negligent that this has not been done yet. This is a requirement for any site I have implemented in the past 12 years.
Have you tried using the Tapatalk app for forum access? I think it's pretty slick, makes it very easy.
Sent from my E6782 using Tapatalk
IT's on my list fellas.
Last edited:
Outlander
Well-known member
Thank you sir
As an IT guy, I don't get the obsession with added security features on anonymous recreational sites. If somebody hacked my password here, they would gain absolutely nothing. Well, other than my fine reputation as a thread-killer, lol.
I mean seriously, I get it with banks, credit cards, all types of e-commerce, etc. But having to pay for an SSL Certificate on a forum? Seems unnecessary to me.
I am just cranky because I run several non-critical password-required websites, and I have been flooded with end-user tears over this new "security feature". "But... But... It says it isn't secure!" Nothing is secure honey, now go back to sleep.
I mean seriously, I get it with banks, credit cards, all types of e-commerce, etc. But having to pay for an SSL Certificate on a forum? Seems unnecessary to me.
I am just cranky because I run several non-critical password-required websites, and I have been flooded with end-user tears over this new "security feature". "But... But... It says it isn't secure!" Nothing is secure honey, now go back to sleep.
I get both sides of it...
rlitman
Well-known member
Actually, its a new industry standard. Security is becoming the norm, and all sorts of poor security practices are being phased out. One browser or another may be leading the pack (or be the first to annoy its users, from another perspective), but they're all heading this way sooner rather than later.
The VerticalScope hack of recent memory was one where password security came into play. Passwords from the hacked database were used in exploits elsewhere. While YOUR password on this site may not be your banking password (because you're clearly an IT guy who knows better), from the perspective of the attacker, if ANY user uses the same password for an "anonymous recreational site" for their banking information, then the attacker wins. Where the responsibility for this lies is a matter for debate, but rather than spiraling the drain by passing blame around to banks who should be doing a better job of establishing a customer's AAA, to owners of sites such as this who should be securing passwords accepted from a user, and to users who take no responsibility with their passwords, the industry has chosen the path of giving a bite of the sandwich to everyone instead. The idea is that if everyone takes some time to consider security, everyone gains.
As for having to pay for an SSL Certificate, that's no excuse. You could always have used a self-signed SSL Certificate for free. Users would still get an error, though not the same one, and unlike the new browser imposed error, the data in transit would still be secured. And if they saved the self-signed certificate for your site, they would still be alerted to a man-in-the-middle attack. Do you seal your envelopes when you send your mail?
And there's always free SSL Certificate options. I use one from StartSSL for my personal systems.
Yeah, I get that aspect of it. I am just getting burned out on IT again, and I can be a bit jaded to perceived "safeguards"... I took a 5 year hiatus from the IT field a while back, and it's about time for another, lol.
A few idiot people with bad passwords, a few idiot site developers, and a few ******* hackers to connect the dots will always be out there no matter what the technology. Not to say security measures should ever be updated, I just get sick of a few companies suddenly dictating a standard that make ME look like I dropped the ball.
Maybe I did, lol. Oh well. Carry on.
rlitman
Well-known member
Exactly. The idea is that its a failure chain, where all the links are required for the failure to occur. If we fix the security issues in any one of these points, the failure does not occur. But since we cannot guarantee that all idiots out there will get the message, we have as an industry tried to take the route of fixing as many of these issues as possible. There is an understanding in this that there is a diminishing return, but since not all of the links are within our control, we must try to fix as many as possible to be sure that we are safe.
Adding a little security to a site is no different than expecting people to keep their cars and doors locked at night.
HOTFR8
Banned
Ryan is looking after it now.
After digging around after creating this thread, your assumption would be incorrect. It's an issue the forum having users enter passwords un-encrypted - https://arstechnica.com/information...rome-start-calling-http-connections-insecure/
Won't get it into it here but you are missing the point of HTTPS entirely. By the way you don't have to pay for SSL certs, get a free one from Lets Encrypt.
Thanks Ryan, glad to know you're working on it.
XabuJr
Well-known member
I was going to say the same, certs only cost money if you want one of the higher end ones. The basic ones are now free through orgs like that. Easy to implement too.
The push has a lot to do with not just the hacking aspect, because it doesn't solve that, but for traffic security. Any non-https sites send all their traffic in clear text. If I'm at a Starbucks, I can pull up my traffic analyzer and see what everyone in that store is doing. Pretty damn interesting actually.
Security is going to continue to be a hot button topic in tech for a long time.
bubinga
Well-known member
Did your phone always do that "duckface"?
I've had my current phone, using chrome,( EDIT, Sorry, for 0ver a year,) and never had either of those problems.
Wondering if you need to do a reset, like a factory reset?
(EDIT...I have done a factory reset a few times, but that was for other issues)
Unless it's something to do with your internet provider..............?
Last edited:
bubinga
Well-known member
well, since I installed avast on my cell, it tells me walmarts wi- fi is not secure.This guy gets it.
does that mean someone in walmart could steal my info, CC numbers and the like?
bubinga
Well-known member
Oh Good, Thank You!!!!!
Oddley, I am not seeing the OP's issue, but have not updated FF in a while.
A lot of times I hate to up date, seems like something changes all the time,
Or some ad on no longer works.
Last edited:
XabuJr
Well-known member
XabuJr
Well-known member
Are you doing online shopping while in Walmart using their wifi? And even then, only if you're going to a site without SSL installed.
ANYTIME you put your credit card, social security, or other personal info into an online form, proper safety & security protocol says you need to make sure without a doubt you see a green padlock at the top. That guarantees that no one can see that information you are submitting while it's being transmitted.
It doesn't mean the site is secure from hackers, but it will at least make sure that the hipster sitting at the table next to you with the grin & the macbook isn't noting all your personal information to use or sell later.
bubinga
Well-known member
Ok, got it.
No, I don't shop online while at Walmart.
Just looking at wallmart app, and Kroger app.
Sent from my MotoG3 using Tapatalk
thesilverone
Well-known member
any public free wifi isn't secure
ez-duzit
Well-known member
Just the last couple days I've been sent to a "privacy error" page "your connection is not secure", every time I click the link that is emailed to update subscribed threads. So it won't allow me to access subscribed threads as before. (Using Google Chrome)
What's going on with that? Anyone else having this problem?
What's going on with that? Anyone else having this problem?
We are working on it... and no, it doesn't take moments when you are running five different versions of PHP, latest 3-series of VB, 20 years of content, etc... It's actually pretty complicated.
Hope to be done today.
LB-1911
ALLIANCE MEMBER
kbuhagiar
Well-known member
Thanks Ryan, as always we appreciate all of your efforts.
HOTFR8
Banned
I am seeing it now when I click on a subscribed topic link. It will not let me access topics I have subscribed to.
engineer2
Well-known member
I get the dire warning "This server could not prove that it is www.garagejournal.com; its security certificate is from atomic1.urljet.com. This may be caused by a misconfiguration or an attacker intercepting your connection"
Easy enough to fix the cert (usually), but then you have to check the site's coding to get rid of http external links that can cause the https to not appear.
Google is now wanting sites to be https and may penalize your page rank if you are not.
Easy enough to fix the cert (usually), but then you have to check the site's coding to get rid of http external links that can cause the https to not appear.
Google is now wanting sites to be https and may penalize your page rank if you are not.