SitePoint Sponsor

User Tag List

Results 1 to 10 of 10

Thread: SSL no worky

  1. #1
    SitePoint Addict WolfShade's Avatar
    Join Date
    Mar 2014
    Location
    St. Louis, MO, USA
    Posts
    280
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)

    Exclamation SSL no worky

    I tried to access this site via SSL, just playin' around, also wanting to make sure that when I log on, I can do it securely.

    No dice. Got the following error message:

    Secure Connection Failed

    An error occurred during a connection to www.sitepoint.com. Peer's Certificate has been revoked. (Error code: sec_error_revoked_certificate)

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.


    Isn't this a bit of a security issue? If it isn't, please advise.

    V/r,

    ^_^

  2. #2
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,154
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    Um the forums have never been under SSL (as far as I know)... So I'm not sure why you think it would work.

  3. #3
    SitePoint Addict WolfShade's Avatar
    Join Date
    Mar 2014
    Location
    St. Louis, MO, USA
    Posts
    280
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    The login for the forum _should_ be done via SSL/TLS. Without it, the forum could be a playground for MitM attack.

  4. #4
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,154
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by WolfShade View Post
    The login for the forum _should_ be done via SSL/TLS. Without it, the forum could be a playground for MitM attack.
    I don't buy that. There isn't anything here that is worth gathering. No financial transactions, no personal information (that'd be used for government purposes), so nothing really to protect. Just your username and password and frankly, if you are using the same password here for other websites, you are already doomed.

  5. #5
    SitePoint Addict WolfShade's Avatar
    Join Date
    Mar 2014
    Location
    St. Louis, MO, USA
    Posts
    280
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    As well as the staff, here, do to prevent spam from getting in, accounts would be hacked less if two things happen: 1. People use long and complex passwords, and 2. the staff uses SSL/TLS to make sure that passwords aren't stolen by MitM.

    The first one isn't completely realistic - most users STILL don't understand that short, simple, all lower-case passwords are easily hacked.

    The second one won't completely eliminate accounts being hacked, but it will go a LONG way in significantly reducing it.

    And, no, I don't use the same password for other sites. I've been internet security minded since before it became a huge issue.

    ^_^

  6. #6
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,154
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by WolfShade View Post
    As well as the staff, here, do to prevent spam from getting in, accounts would be hacked less if two things happen: 1. People use long and complex passwords, and 2. the staff uses SSL/TLS to make sure that passwords aren't stolen by MitM.

    The first one isn't completely realistic - most users STILL don't understand that short, simple, all lower-case passwords are easily hacked.

    The second one won't completely eliminate accounts being hacked, but it will go a LONG way in significantly reducing it.

    And, no, I don't use the same password for other sites. I've been internet security minded since before it became a huge issue.

    ^_^

    Those are fair points, and I've used long passwords for a really long time. But as far as someone gaining control over a staff account, it really isn't much to worry about. There isn't a lot they could do with that access, before being caught by another leary mod/admin.

    Nonetheless, valid points, but the risk is low (in my opinion).

  7. #7
    SitePoint Addict WolfShade's Avatar
    Join Date
    Mar 2014
    Location
    St. Louis, MO, USA
    Posts
    280
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    It's not staff accounts that I'm concerned about, really. I haven't seen any attempted SPAM postings from any staff members, anyway. But the spam attempts (I say 'attempts' because I've seen more than a few obvious subject entries, but there's no content when the post is viewed - KUDOS to the people/technology that is doing such an excellent job!) are being seen from standard user accounts. Most likely due to passwords not being long/complex, but I'm not going to discount potential MitM as a culprit.

    Anyhoo... that's just my $0.03472 worth.

  8. #8
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,500
    Mentioned
    163 Post(s)
    Tagged
    4 Thread(s)
    Spam attempts are usually made from spam accounts registered by the spammers themselves. I don't remember a case of a user account being hacked to use it for spamming.

  9. #9
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,189
    Mentioned
    191 Post(s)
    Tagged
    2 Thread(s)
    At first I thought you might have gotten that message as a result of trying to go to something no longer there. i.e. a removed SPAM post.

    But SSL doesn't sound right because as said, unless wrong, the SitePoint forums don't use SSL
    But @HAWK ; should know about this for certain.

  10. #10
    Galactic Overlord gold trophysilver trophybronze trophy
    HAWK's Avatar
    Join Date
    Aug 2003
    Location
    New Zealand
    Posts
    12,550
    Mentioned
    957 Post(s)
    Tagged
    14 Thread(s)
    Quote Originally Posted by Mittineague View Post
    But @HAWK ; should know about this for certain.
    Confirmed.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •