AK site and login unsecure warning messages

Discussion in 'AK News' started by KKnight, Mar 16, 2017.

  1. KKnight

    KKnight Active Member

    Messages:
    309
    Seems AK has never 'upgraded' to the standard HTTPS. With every version of Firefox since v50, always get warning messages about unsecure site, and login warnings.
     
  2. John James

    John James "Bob's your uncle" (Stolen) Subscriber

    Messages:
    7,058
    Location:
    Piney Flats, Tn.
    OK.
     
    Hyperion likes this.
  3. Chrisxo55441

    Chrisxo55441 AK Subscriber Subscriber

    Messages:
    1,697
    Location:
    Twin Cities Minnesota
    i have no issues using firefox or chrome
     
  4. buglegirl

    buglegirl In The Direction Of The Singularity Subscriber

    Messages:
    11,263
    Location:
    Mid Atlantic
    Hiya,

    The issue is that more and more when you login to sites (Not Just Here) they will require ssl for security.

    https://audiokarma.org/forums/index.php

    Likely something the site admins should look into.

    Frannie
     
  5. GordonW

    GordonW Speakerfixer Subscriber

    Messages:
    18,142
    Location:
    Marietta/Moultrie GA USA
    I get the same warning, on my computer that still has Windows 7, but not on one with Windows 8 or Windows 10. So, not every copy of Firefox out there is going to give the warning, yet.

    I assume that as browser updates come, the browsers on those other computers will start to complain about it, too...

    Regards,
    Gordon.
     
  6. buglegirl

    buglegirl In The Direction Of The Singularity Subscriber

    Messages:
    11,263
    Location:
    Mid Atlantic
    hjames likes this.
  7. sKiZo

    sKiZo Hates received: 8641 Subscriber

    Whole can of worms with portable devices, ain't it?

    Besides, I just did a scan of the forums I visit regularly, and not one has HTTPS enabled ...

    PS ... be interesting to see if Chrome follows suit ...

    Oh. Firefox has had the "not secure" logo on the top bar for quite some time now.

    [​IMG]
     
  8. buglegirl

    buglegirl In The Direction Of The Singularity Subscriber

    Messages:
    11,263
    Location:
    Mid Atlantic
    "https everywhere" is nice in theory except that part where a centralized CA could be compromised and that would be a whole big can of worms.

    And this CA could be utilized in nefarious fashion by some organizations.

    And it does not really address people using stupid passwords or not using things like two factor authentication.

    You all use two factor authentication right ??

    Here ??

    Frannie
     
  9. Bassblaster

    Bassblaster Super Member

    Messages:
    1,550
    Location:
    Cambridge, Ohio
    i have the same thing.

    upload_2017-3-16_16-57-59.png
    Ive never received any login warnings tho. always just click and it works
     
  10. sKiZo

    sKiZo Hates received: 8641 Subscriber

    Use "password" for your password on the forums. That way you can always say it's someone else who posted up something particularly stoopid ... <G>

    2FA seems a bit extreme for a forum though ...

    [​IMG]
     
    OvenMaster and John James like this.
  11. buglegirl

    buglegirl In The Direction Of The Singularity Subscriber

    Messages:
    11,263
    Location:
    Mid Atlantic
    Perhaps but it honestly is easy peasy here to do. So why not ??

    Some other places not so much but you can pick your battles against the azz clowns of the hacking world.

    Frannie
     
  12. Wildcat

    Wildcat ᕦ(ò_óˇ)ᕤ Subscriber

    Messages:
    2,100
    Location:
    SCS, MI (near a lake)
    They beat firefox to it actually, they just do it in a less "in your face" manner.

    I run several sites myself, including some Xenforo forums, and while I understand the SSL issues and all that, I don't like how it is being forced onto admins. Certificates can be had for free now (Let's Encrypt, for one). My main problem with the way the browsers are doing it is demonstrated by the existence of this thread. The error message just causes more grief for admins who have enough on their plate, then have to explain what is going on. I had to make an admin post on a large forum just a few days ago explaining that it has been this way for the fifteen years the forum has been around, and nothing has changed. I'm going all-SSL but have other things on my plate that are more important at the moment. It's a bit of work getting things redirected and working properly, so it's not like we can flip a switch and make everything secure.

    It's not like AK is directly taking credit card numbers or storing a lot of members' personal information here--it's a forum. All that is happening is that the username and password are being sent in the clear (not encrypted) across the Internet. And anyway, everyone with accounts on the Internet should be using a complex password (upper- and lowercase letters, numbers, special characters), and a different password at each site. Right? :)
     
  13. sKiZo

    sKiZo Hates received: 8641 Subscriber

    Agreed ... Chrome has the same notifications, but only if you want them. All I see here is the green lock or information icon next to the address.

    And ya ... all my passwords are "strong" and different for each site ... and I haven't a clue what any of them are. Browser stores those for me and fills them in automagically. <G>

    That's where something like Password Safe comes in handy. Anytime I need a password, I create a new listing in that, let the software generate a password, then copy that to the website. Also handy for storing responses to the 2FA checks mentioned earlier.

    Now all I gotta remember is the password to Password Safe. Let me see ... it's ... ah, crap! <G>
     
  14. +48V

    +48V hi-fi or die

    Messages:
    2,257
    Location:
    Tega Cay
    x2

    :beerchug:


    ...that said...it is (however crudely) bringing awareness to the "rube" populaces at large.
     
  15. KKnight

    KKnight Active Member

    Messages:
    309
    I get this error too in addition:
    "The owner of audiokarma.org has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website."
     
  16. buglegirl

    buglegirl In The Direction Of The Singularity Subscriber

    Messages:
    11,263
    Location:
    Mid Atlantic
    That is because they are using the default self signed "Snake Oil" cert.

    Frannie
     
  17. ConradH

    ConradH AK Subscriber Subscriber

    Messages:
    6,739
    Location:
    Canandaigua, NY
    Not being a cell user, will 2-factor eventually keep me off the 'net?
     
  18. buglegirl

    buglegirl In The Direction Of The Singularity Subscriber

    Messages:
    11,263
    Location:
    Mid Atlantic
    They have Mac/Windows computer applications for some of that.

    Like Symantec VIP Access which works with Paypal for example.

    https://m.vip.symantec.com/

    I personally don't care for two factor authentication that relies on a smart phone as that is IMHO not really secure and means you have to give your mobile number to sites.

    Frannie
     
    OvenMaster likes this.
  19. Quadman2

    Quadman2 Super Member

    Messages:
    2,071
    Still happening on my PC..."This connection may be not be secure...blah, blah, blah. However on the Mac, no warnings when logging into AK.

    Q
     
  20. buglegirl

    buglegirl In The Direction Of The Singularity Subscriber

    Messages:
    11,263
    Location:
    Mid Atlantic
    And you are using the same browser on both devices ??

    Frannie
     

Share This Page