Stamp Community Family of Web Sites
Thousands of stamps, consistently graded, competitively priced and hundreds of in-depth blog posts to read
Stamp Community Forum
 
Username:
Password:
Save Password
Forgot your Password?

Welcome Guest! Need help? Got a question? Inherit some stamps?
Our stamp forum is completely free! Register Now!

Security Certificate Expired?

Next Page    
 
To participate in the forum you must log in or register.
Author Previous TopicReplies: 33 / Views: 1,944Next Topic
Page: of 3
Pillar Of The Community
Learn More...
United States
1027 Posts
Posted 06/19/2020   08:42 am  Show Profile Bookmark this topic Add danstamps54 to your friends list Get a Link to this Message
This morning I got a warning that the Security Certificate for SCF expired today so I had to jump through some hoops to get in.

I'm using a Firefox browser.

Anyone else experience this?

Dan
Send note to Staff
Experienced stamps need a home too. I'd rather have an example that is imperfect than no example.
I collect for enjoyment, not investment.
APS Member #223433
Postmark Collectors Club Member #6333
Meter Stamp Society Member #1409

Pillar Of The Community
United Kingdom
5676 Posts
Posted 06/19/2020   08:51 am  Show Profile Check GeoffHa's eBay Listings Bookmark this reply Add GeoffHa to your friends list  Get a Link to this Reply
Yes, via Safari.
Send note to Staff  Go to Top of Page
Pillar Of The Community
805 Posts
Posted 06/19/2020   09:34 am  Show Profile Bookmark this reply Add sak to your friends list  Get a Link to this Reply
Send note to Staff  Go to Top of Page
Pillar Of The Community
Learn More...
United States
3046 Posts
Posted 06/19/2020   09:40 am  Show Profile Bookmark this reply Add angore to your friends list  Get a Link to this Reply
I got a similar message.
Send note to Staff  Go to Top of Page
Al
Forum Dad
USA
1702 Posts
Posted 06/19/2020   3:44 pm  Show Profile Bookmark this reply Add bobby131313 to your friends list  Get a Link to this Reply
Nothing dangerous. The SSL just expired because my host didn't update it. Billed me for it 3 weeks ago though.
Send note to Staff  Go to Top of Page
Pillar Of The Community
Learn More...
Canada
726 Posts
Posted 06/19/2020   4:15 pm  Show Profile Bookmark this reply Add itma to your friends list  Get a Link to this Reply
Got the same certificate expired message in Safari.
Send note to Staff  Go to Top of Page
Moderator
Learn More...
9491 Posts
Posted 06/19/2020   5:17 pm  Show Profile Check 51studebaker's eBay Listings Bookmark this reply Add 51studebaker to your friends list  Get a Link to this Reply
Folks should keep in mind that the entire 'certificate' or 'https' (secure sockets) thing is largely insignificant. It is meant to give confidence to technically challenged people but anyone who understands what it is knows that it adds very little to security. It is simply an encryption on the communication between your browser and a website server. Since this site, or any other that is not doing financial transactions, offers no interest to most malicious people, there is no reason for them to try to capture the traffic between you and your browser.
But even if it was a website with financial transactions, understand that the communication stream is difficult to capture, it is far easier and more productive to gain access to the server itself. An analogy is like the security of your house, adding a way to encrypt the phone line is meaningless if you do not bother to put locks on your doors or windows, do not have an alarm system, do not have a fence, do not have a mean dog, or do not protect your family with a weapon. The certificate effort was mostly driven by a few large tech companies who are now largely in control.
Don
Send note to Staff  Go to Top of Page
Pillar Of The Community
Learn More...
United States
3046 Posts
Posted 06/19/2020   5:39 pm  Show Profile Bookmark this reply Add angore to your friends list  Get a Link to this Reply
It has definitely impacted postings.
Send note to Staff  Go to Top of Page
Al
Pillar Of The Community
Learn More...
United States
2659 Posts
Posted 06/19/2020   5:54 pm  Show Profile Bookmark this reply Add littleriverphil to your friends list  Get a Link to this Reply

Quote:
It has definitely impacted postings.


It certainly gives you pause when you log on and are greeted with "This site is not secure" in red. Took me a few times before I clicked Details.
Send note to Staff  Go to Top of Page
Forum Dad
USA
1702 Posts
Posted 06/19/2020   6:13 pm  Show Profile Bookmark this reply Add bobby131313 to your friends list  Get a Link to this Reply
It does and it's ridiculous.
Send note to Staff  Go to Top of Page
Pillar Of The Community
Learn More...
6408 Posts
Posted 06/19/2020   7:34 pm  Show Profile Bookmark this reply Add rogdcam to your friends list  Get a Link to this Reply
I was afraid that if I ignored the warning that I would receive a box of spiders and cockroaches in the mail AND be exposed to COVID-19. Phew!!!
Send note to Staff  Go to Top of Page
Forum Dad
USA
1702 Posts
Posted 06/19/2020   7:58 pm  Show Profile Bookmark this reply Add bobby131313 to your friends list  Get a Link to this Reply
Well if I were to send you spiders, I'd at least send you chocolate covered ones.
Send note to Staff  Go to Top of Page
Pillar Of The Community
Learn More...
United States
1027 Posts
Posted 06/19/2020   9:39 pm  Show Profile Bookmark this reply Add danstamps54 to your friends list  Get a Link to this Reply
Bobby,

Thanks for your work!
I knew the SSL cert was bull-squirt for a site like this but my Firefox browser locked me out until I went into the details and acknowledged that my computer may melt and I might contract Covid-19 if I proceeded. I got in once and after that it wouldn't even let me check the thread. I kept getting an error message.
If you are sending chocolate spiders, count me in. They have to be better than the chocolate covered ants I've eaten!

Dan
Send note to Staff  Go to Top of Page
Experienced stamps need a home too. I'd rather have an example that is imperfect than no example.
I collect for enjoyment, not investment.
APS Member #223433
Postmark Collectors Club Member #6333
Meter Stamp Society Member #1409
Pillar Of The Community
United States
1414 Posts
Posted 06/20/2020   01:32 am  Show Profile Bookmark this reply Add cfrphoto to your friends list  Get a Link to this Reply

Quote:
Since this site, or any other that is not doing financial transactions, offers no interest to most malicious people, there is no reason for them to try to capture the traffic between you and your browser.


Don,

I am not sure this is entirely true. I had an account on a railroad site that was compromised and did not bother to encrypt passwords. The result has been bogus email messages claiming to have reached other more important sites. Unfortunately some users may have used the same password for that site and more important sites. Still, the problem is bad enough because it is possible for hackers to post bogus messages, links or steal copyrighted images.

I hope that this site encrypts passwords. If not, it should be mentioned on the user account page.

Send note to Staff  Go to Top of Page
Moderator
Learn More...
9491 Posts
Posted 06/20/2020   04:40 am  Show Profile Check 51studebaker's eBay Listings Bookmark this reply Add 51studebaker to your friends list  Get a Link to this Reply
Hi Clark,
Understood, but if anyone is using the same password for multiple sites then they should have bigger concerns than a missing HTTP certificate.

I cannot recall a recent cyber-attack that involved sniffing packets. The most common 'hacking' method is physical access to a server (but you never hear anything about this issue). Who here thinks that these tech companies vets and bonds every person who has physical access? One of the more famous compromises was when a hacker purchased a large stack of pizzas and was allowed to waltz into the server room with a thumb drive. In another case a hacker gained physical access to an internet café router and replaced it with his own router. HTTPS is has no value in these more common types of hacks, physical access is far more feasible and cost effective way to access information. Just today I got a robocall letting me know that they had detected 'unusual' activity on my Apple device and that I immediately needed to 'press 1' to prevent a significant compromise of my personal information. I guess that they did not know they I do not have any Apple device in my home.

At my dialysis center and as a Medicare facility they are supposed to be following HIPPA guidelines to protect patients' electronically stored information (known as "ePHI"); this requires a new secure password every month. Yet when you walk into the lobby, they have hung a large poster showing the wireless user name and password their network for the next 12 months. I have also seen Verizon payment kiosks which stored everyone's credit card numbers and PINs in plain text files. They did a great job in making the kiosk hard drive highly secure to boot into but it took me 5 minutes to hook up a kiosk drive as slave drive and access the credit card text file. I instantly has access to hundreds of thousands credit cards and PIN numbers. I worked with a group who developed and implemented our own TCP/IP stack and we had equipment to sniff packets. It requires an incredible amount of time and money to sniff packets and recombine them; it is like trying to catch specific raindrops in a thunderstorm.

I have seen hundreds of thousands of user passwords over the years and I cannot tell you how easy it is to guess passwords. (It was so easy that I often would try guessing a user password rather than walking back to the server room.) If folks want to be more secure I suggest they be more concerned over the passwords they chose than worrying about an out-of-date https certificate and someone sniffing packets on a hobby website. My recommendation is that they stop choosing blindingly easy passwords, stop trying to manage complex password lists (often taped to their monitors),and spend a few minutes developing a password scheme. Bobby has previous mentioned how to do this. Why try to remember a bunch of different complex passwords instead of remembering a single scheme? This is a no brainer. Simply make a unique password scheme based upon the website name you are using combined with some other easy for you to recall person information. You might choose the first 6 letters of the website name, or skip the first two letters and select the next 6, or reverse the website name and use the first 5 characters. Then add to this another piece of personal information and add a special character (@#$%^&*?!). If the site requires a new password each month, then integrate the a date number somewhere in your scheme. The combinations are endless, gives you a unique password for every site, and only requires you to remember a single scheme.

At a minimum (and if folks want to be lazy) then at least use two different passwords. Use the same password for all non-commercial website like this one, websites that you might visit on public networks and do not do transactions on. But use a different, stronger password for transactional websites and never access them on public networks.

But it is easy scare people and fear is currently the method being used to control people in our society. The antidote to fear is knowledge and common sense for anyone who does not want to be a lemming.
Don
Send note to Staff  Go to Top of Page
Pillar Of The Community
Learn More...
528 Posts
Posted 06/20/2020   08:39 am  Show Profile Bookmark this reply Add rismoney to your friends list  Get a Link to this Reply
Yet another reason why this site needs to be in the cloud and not run on physical gear. These issues are already solved if you use Amazon ALB with Amazon ACM in front of your web servers. Cheap and 0 maintenance.
Send note to Staff  Go to Top of Page
Page: of 3 Previous TopicReplies: 33 / Views: 1,944Next Topic  
Next Page
 
To participate in the forum you must log in or register.


Go to Top of Page
Disclaimer: While a tremendous amount of effort goes into ensuring the accuracy of the information contained in this site, Stamp Community assumes no liability for errors. Copyright 2005 - 2021 Stamp Community Family - All rights reserved worldwide. Use of any images or content on this website without prior written permission of Stamp Community or the original lender is strictly prohibited.
Privacy Policy / Terms of Use    Advertise Here
Stamp Community Forum © 2007 - 2021 Stamp Community Forums
It took 0.24 seconds to lick this stamp. Powered By: Snitz Forums 2000 Version 3.4.05