mfilip62
pierced by a crossbow under a bridge while eating Billy goats
Posts: 140
Registered: 25-8-2006
Member Is Offline
Mood: I like turtles!
|
|
certificate err.
In last few days when I try to acces forum or any thread there is annoying;
"There is a problem with this website's security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. "
IS this just me or!?
|
|
pantone159
National Hazard
Posts: 590
Registered: 27-6-2006
Location: Austin, TX, USA
Member Is Offline
Mood: desperate for shade
|
|
I get similar messages to this, for a long time. It seems most common when I follow a link in one post to another thread. It does sound a bit
alarming, but I don't think there is anything to be concerned about.
|
|
quicksilver
International Hazard
Posts: 1820
Registered: 7-9-2005
Location: Inches from the keyboard....
Member Is Offline
Mood: ~-=SWINGS=-~
|
|
Certain antispyware, malware programs, browser plug-ins, etc look for a "security certificate" (this also can range in it's meaning in anti-piracy
context but not in this case however). Frequently you'll get a pop-up like that if a new spyware update database looks for "certified websites" in
context. It's really not a big deal. It actually _often_ happens with privately held web sites but there are many origins for it.
|
|
Nicodem
Super Moderator
Posts: 4230
Registered: 28-12-2004
Member Is Offline
Mood: No Mood
|
|
You get that message because you are trying to access the forum using the HTTPS protocol (URL starting with https://...). It is perfectly normal that
the web browser asks you to confirm the validity of the forum certificate and you should just confirm it (each browser has a different way to do this,
for example, in IE you just click Yes when asked "Do you want to proceed?"). If you are accustomed browsing the forum using only HTTP protocol, then
you probably never bothered installing the certificate and this is why each time you click on a link using HTTPS you will get that message. If it
annoys you then just choose to install the certificate permanently and it will stop nagging you.
|
|
quicksilver
International Hazard
Posts: 1820
Registered: 7-9-2005
Location: Inches from the keyboard....
Member Is Offline
Mood: ~-=SWINGS=-~
|
|
I forgot something else...
I don't stay to up on Bill Gate's new fun house but I also believe there is a method within Windoz (or their wonder-browser) for discerning which
sites are "certified" or some such. In any even, it's not something to worry about in this site particularly.
|
|
Mr. Wizard
International Hazard
Posts: 1042
Registered: 30-3-2003
Member Is Offline
Mood: No Mood
|
|
Go to the home site at:
https://www.sciencemadness.org/
Then log in with the choice second from the top that says Forum (http). The third one down gives you the site security message. You may have to change
your favorites or bookmarks if you have selected the secure (https) as the log on site. I had the same problem or question myself until I noticed what
I had done.
|
|
woelen
Super Administrator
Posts: 8027
Registered: 20-8-2005
Location: Netherlands
Member Is Offline
Mood: interested
|
|
Quote: Originally posted by Nicodem | You get that message because you are trying to access the forum using the HTTPS protocol (URL starting with https://...). It is perfectly normal that
the web browser asks you to confirm the validity of the forum certificate and you should just confirm it (each browser has a different way to do this,
for example, in IE you just click Yes when asked "Do you want to proceed?"). If you are accustomed browsing the forum using only HTTP protocol, then
you probably never bothered installing the certificate and this is why each time you click on a link using HTTPS you will get that message. If it
annoys you then just choose to install the certificate permanently and it will stop nagging you. | This is
just a workaround. A true solution is to ask a certificate from a certificate authority and have a certificate chain which ends at one of the
well-known root certifcates (e.g. Verisign). I understand that you don't have this, because obtaining a certificate from one of the well-known CA's is
very expensive.
If you use https with sciencemadness, then you only have the benefit of encrypted communication between your browser and the webserver. You do not
have the benefit of identity confirmation. A spoofing site with the name https://www.sciencemаdness.org could pretend to be the true https://www.sciencemadness.org site without you noticing this. The domainname sciencemаdness.org is not registered but someone malicious
could do that and make a login page which looks exactly like the true sciencemadness.org and obtain info from members.
[Edited on 30-6-10 by woelen]
|
|
psychokinetic
National Hazard
Posts: 558
Registered: 30-8-2009
Location: Nouveau Sheepelande.
Member Is Offline
Mood: Constantly missing equilibrium
|
|
Firefox asks me if I trust ScienceMadness if I've deleted all my security exceptions. I'm sure most browsers will let you bypass it, as it's just a
security measure to stop actually bad sites from raping your computer.
(By raping, I mean what woelen has just said about fake login screens. This is how bank and farcebook users get done over)
“If Edison had a needle to find in a haystack, he would proceed at once with the diligence of the bee to examine straw after straw until he found
the object of his search.
I was a sorry witness of such doings, knowing that a little theory and calculation would have saved him ninety per cent of his labor.”
-Tesla
|
|
turd
National Hazard
Posts: 800
Registered: 5-3-2006
Member Is Offline
Mood: No Mood
|
|
Quote: Originally posted by woelen | If you use https with sciencemadness, then you only have the benefit of encrypted communication between your browser and the webserver. You do not
have the benefit of identity confirmation. A spoofing site with the name https://www.sciencemаdness.org could pretend to be the true https://www.sciencemadness.org site without you noticing this. The domainname sciencemаdness.org is not registered but someone malicious
could do that and make a login page which looks exactly like the true sciencemadness.org and obtain info from members. |
Nice one. Unicode 0x0430, cyrillic a (http://www.unicodemap.org/details/0x0430/index.html).
But how does this help? The imposter could simply buy a certificate for the sciencem-cyrillica-dness.org site. This looks more like a browser issue -
the browser should show you clearly that the domain name is a mix of latin and cyrillic. Or do you suggest that the certificate authorities have
higher standards than the domain registrars and would deny such a certificate?
I was under impression that the point of signed certificates is to prevent man-in-the-middle attacks, not domain imposters. And I wonder how good it
works. Certain governments probably have good ties to the certificate authorities, so I wonder if they can get the necessary private keys?
|
|
Eliteforum
National Hazard
Posts: 571
Registered: 18-11-2002
Location: United Kingdom
Member Is Offline
Mood: Enjoying the journey
|
|
I've had this problem, usually after my CMOS battery has died/dying. It sometimes happens when the date/time is not correct. Simply putting the clock
to the right date/time fixes it.
All that glitters isn't gold.
|
|
woelen
Super Administrator
Posts: 8027
Registered: 20-8-2005
Location: Netherlands
Member Is Offline
Mood: interested
|
|
Quote: Originally posted by turd | Quote: Originally posted by woelen | If you use https with sciencemadness, then you only have the benefit of encrypted communication between your browser and the webserver. You do not
have the benefit of identity confirmation. A spoofing site with the name https://www.sciencemаdness.org could pretend to be the true https://www.sciencemadness.org site without you noticing this. The domainname sciencemаdness.org is not registered but someone malicious
could do that and make a login page which looks exactly like the true sciencemadness.org and obtain info from members. |
Nice one. Unicode 0x0430, cyrillic a (http://www.unicodemap.org/details/0x0430/index.html).
But how does this help? The imposter could simply buy a certificate for the sciencem-cyrillica-dness.org site. This looks more like a browser issue -
the browser should show you clearly that the domain name is a mix of latin and cyrillic. Or do you suggest that the certificate authorities have
higher standards than the domain registrars and would deny such a certificate?
I was under impression that the point of signed certificates is to prevent man-in-the-middle attacks, not domain imposters. And I wonder how good it
works. Certain governments probably have good ties to the certificate authorities, so I wonder if they can get the necessary private keys?
|
The well-known authorities which can issue certificates, which are part of a known chain (e.g. end at roots like Verisign or a national agency),
require some form of ID of the person who requests a certificate. Besides that, certificates like this have a high price. I'm quite sure that all
known certificate authorities would reject a request for a certificate for this type of domainname. A self-signed certificate leads to a browser
error, because that does not have a chain which ends at a well known authority.
If an organisation wants even more security, then it can require the use of two-sided certificate checking. With sciencemadness.org, there only is
checking of the identity of the server by the client, but things can be set up such that the server also checks the identity of the client. The client
in that case needs to provide a certificate each time when it connects to the server. The organisation then gives a certificate file to the client
(usually by other means than the connection itself) and the ownership of this certificate then is checked by the server before allowing further
communication.
@Eliteforum: What has your CMOS setup to do with certificates of sciencemadness.org? I see no relation between these subjects.
[Edited on 17-8-10 by woelen]
|
|