Firefox has started telling me that my log in on Apex is an insecure site.
Has Firefox gone mad?????
Unsecure?
Firefox has started telling me that my log in on Apex is an insecure site.
Has Firefox gone mad?????
It's a Microsoft thing.
Lawrence Hayes
Hayes Cages, LLC
Sagle, ID.
Yes. They all do eventually.Has Firefox gone mad?????
I noticed that too. I wonder about switching to chrome.
Odd, must be a PC thing. Not showing any issues on a Mac.
We are currently working on a major forum upgrade at the moment, so hang tight, there will be good things coming.
Chrome and Firefox will not tell you connections are not secure if
you do not connect via https......
you connected via https and the website does not have a SHA-2 certifcate
(many certificates issues for multiple years are SHA-1)
I think Safari, like Internet Explorer, isn't warning......
Last edited by BeerBudgetRacing; 03.15.17 at 1:44 PM.
It's just a warning - any time a site is not "https" you may get that. I have not gotten it here, but on other non-secure sites I have.Originally Posted by Steve Demeter
Dave Weitzenhof
Believe Firefox just issued a 'security upgrade'.
Chrome warns that it is not a secure site (i.e. http, not https).
I noticed that too. I wonder about switching to chrome.
John Nesbitt
ex-Swift DB-1
I use Chrome and I don't get the warning for ApexSpeed...
Dave Weitzenhof
As you say, it is just a warning - http, not https. Still, with a password-protected userid ...
Look in the address bar, to the left of www.apexspeed.com, you should see a circle with an exclamation point inside.
John Nesbitt
ex-Swift DB-1
I don't know of any forums using SSLs, so I'm not sure why the browsers are now searching for an SSL on every domain.
You WILL get a warning if you login. If you are already logged in and stay logged in you won't get the warning.
It detects masked fields (where what you type is hidden) and expects https when those fields are present.....
Interesting. Learn something new every day. I'll look for it when I next have to log in.
Dave Weitzenhof
Given the amount of commerce and other confidential stuff going across the interwebz, I suspect that it would be best practice for browsers to warn you that a site is using http, not https.I don't know of any forums using SSLs, so I'm not sure why the browsers are now searching for an SSL on every domain.
As you say, forums are maybe not a high-security application. As long as I use a different password and user name on my bank accounts etc., I do not give it any worry.
I think that I speak on behalf of all of us when I say thanks for maintaining this site.
Last edited by John Nesbitt; 03.15.17 at 1:57 PM. Reason: Sperring
John Nesbitt
ex-Swift DB-1
Just burn the house down. It's got viruses and is going to steel the change off your dresser.
Chris Livengood, enjoying underpriced ferrous whizzy bits that I hacked out in my tool shed since 1999.
FWIW google has been pushing for HTTPS everywhere for ~5-6 years now.
https://blog.digicert.com/google-tak...ps-everywhere/
https://www.brightedge.com/blog/is-h...lly-necessary/
https://www.youtube.com/watch?v=cBhZ6S0PFCY
https://www.lullabot.com/articles/ht...just-for-banks
------------------
'Stay Hungry'
JK 1964-1996 #25
The company I am working for is in the middle of a "convert all our sites to secure (SSL)" initiative. Executives freak out when they read scary press releases. It's painful for larger companies like ours with tens of thousands of domains and dynamic content served cross-domain. Don't get me started about "flash is going away"... the RTMP protocol is just too valuable and there are no standards for live streaming video yet. I long for the simple days of IE vs. Firefox.
Submitting all forms like login or registration to a secure domain will alleviate a bunch of error messages like this, even if the base site is http://. If you're on https:// and submit a form to http://, most browsers will throw a nasty error that scares people away nowadays. Just getting an SSL cert for apexspeed.com every year is another thing that costs money unfortunately. Then you need to make sure external content like images from a CDN are also served thru SSL to prevent other error messages from showing in the console (for now).
I do know for sure that Google is penalizing SE-marketers for not serving from an SSL-certified domain.
I just noticed, after all these years, that this site does not use TLS (https). When logging in to this site, your credentials are passed around as plain text that anyone in the middle can read.
Use the same password for your email associated with this account? You could be in trouble.
Use a unique password for this site and assume it is compromised.
Doug, look into a low cost cert provider like letsencrypt. I can not stress how important this is.
Yes, the whole internet is moving to HTTPS secured with SSL/TLS certificates. It's been happening for several years now.
With HTTP, anyone can listen and grab the passwords.
It may not sound important for apexspeed.com (it's not a bank, afterall), but are there any cases where apexspeed.com retains credit card numbers? Say, for example, for the new paid classified ads? Or perhaps for donations?
If so, those credit cards numbers could easily be stolen from apexspeed.com as it is configured today.
We don't use or hold CC #s for any reason.
We are looking into an SSL for ApexSpeed, but because there is no serious secure information handled with our forum, it hasn't been a priority.
I just noticed that the site still does not use TLS/SSL. While there is no 'secure' information being handled, user passwords themselves should be treated as requiring secure transmission. A LOT of people use the same password for multiple sites, so your ApexSpeed password could also be your Amazon password, or say your email password. This is far more common than you would think, which is why bad actors still try to obtain unsalted, or worse un-hashed, passwords off of forums such as these.
We are in the process of setting up an SSL, though it's taking longer than expected because we just moved (again, for the final time) and need to re-establish all of the business records for the new location before the SSL can be verified. I love waiting on the government to keep the process moving.
Should be set up in the next couple of weeks, and we'll make an announcement when the domain will be changing to the new secure address.
Security
I haven’t read all the posts on this and know diddly about running a site but I do remember FF Underground that completely disappeared years ago and it was a great shame. The password I’ve used here since 2012 would not g3 accepted by any modern site as too weak.
id hate to see this great repository of knowledge disappear like FF Underground did.
Hybels
The new SSL should be set up sometime this week. What a bunch of BS to have to do to "secure" a site that isn't dealing with finances or transactions. Such a ridiculous money grab. We will look back on this era of website "security" and laugh at how much of a red herring it was.
We will have 301 re-directs in place so your links will still work, but the site will be down for a brief time coming up at some point this week for the changeover.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote
