Sciencemadness Discussion Board
Not logged in [Login ]
Go To Bottom

Printable Version  
Author: Subject: certificate err.
mfilip62
pierced by a crossbow under a bridge while eating Billy goats
***




Posts: 140
Registered: 25-8-2006
Member Is Offline

Mood: I like turtles!

[*] posted on 30-6-2010 at 06:39
certificate err.


In last few days when I try to acces forum or any thread there is annoying;

"There is a problem with this website's security certificate.

The security certificate presented by this website was not issued by a trusted certificate authority.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. "

IS this just me or!?
View user's profile View All Posts By User
pantone159
National Hazard
****




Posts: 590
Registered: 27-6-2006
Location: Austin, TX, USA
Member Is Offline

Mood: desperate for shade

[*] posted on 30-6-2010 at 06:55


I get similar messages to this, for a long time. It seems most common when I follow a link in one post to another thread. It does sound a bit alarming, but I don't think there is anything to be concerned about.
View user's profile Visit user's homepage View All Posts By User
quicksilver
International Hazard
*****




Posts: 1820
Registered: 7-9-2005
Location: Inches from the keyboard....
Member Is Offline

Mood: ~-=SWINGS=-~

[*] posted on 30-6-2010 at 07:07


Certain antispyware, malware programs, browser plug-ins, etc look for a "security certificate" (this also can range in it's meaning in anti-piracy context but not in this case however). Frequently you'll get a pop-up like that if a new spyware update database looks for "certified websites" in context. It's really not a big deal. It actually _often_ happens with privately held web sites but there are many origins for it.



View user's profile View All Posts By User
Nicodem
Super Moderator
*******




Posts: 4230
Registered: 28-12-2004
Member Is Offline

Mood: No Mood

[*] posted on 30-6-2010 at 07:11


You get that message because you are trying to access the forum using the HTTPS protocol (URL starting with https://...). It is perfectly normal that the web browser asks you to confirm the validity of the forum certificate and you should just confirm it (each browser has a different way to do this, for example, in IE you just click Yes when asked "Do you want to proceed?"). If you are accustomed browsing the forum using only HTTP protocol, then you probably never bothered installing the certificate and this is why each time you click on a link using HTTPS you will get that message. If it annoys you then just choose to install the certificate permanently and it will stop nagging you.
View user's profile View All Posts By User
quicksilver
International Hazard
*****




Posts: 1820
Registered: 7-9-2005
Location: Inches from the keyboard....
Member Is Offline

Mood: ~-=SWINGS=-~

[*] posted on 30-6-2010 at 07:35


I forgot something else...
I don't stay to up on Bill Gate's new fun house but I also believe there is a method within Windoz (or their wonder-browser) for discerning which sites are "certified" or some such. In any even, it's not something to worry about in this site particularly.




View user's profile View All Posts By User
Mr. Wizard
International Hazard
*****




Posts: 1042
Registered: 30-3-2003
Member Is Offline

Mood: No Mood

[*] posted on 30-6-2010 at 11:18


Go to the home site at:
https://www.sciencemadness.org/
Then log in with the choice second from the top that says Forum (http). The third one down gives you the site security message. You may have to change your favorites or bookmarks if you have selected the secure (https) as the log on site. I had the same problem or question myself until I noticed what I had done.
View user's profile View All Posts By User
woelen
Super Administrator
*********




Posts: 8027
Registered: 20-8-2005
Location: Netherlands
Member Is Offline

Mood: interested

[*] posted on 30-6-2010 at 11:24


Quote: Originally posted by Nicodem  
You get that message because you are trying to access the forum using the HTTPS protocol (URL starting with https://...). It is perfectly normal that the web browser asks you to confirm the validity of the forum certificate and you should just confirm it (each browser has a different way to do this, for example, in IE you just click Yes when asked "Do you want to proceed?"). If you are accustomed browsing the forum using only HTTP protocol, then you probably never bothered installing the certificate and this is why each time you click on a link using HTTPS you will get that message. If it annoys you then just choose to install the certificate permanently and it will stop nagging you.
This is just a workaround. A true solution is to ask a certificate from a certificate authority and have a certificate chain which ends at one of the well-known root certifcates (e.g. Verisign). I understand that you don't have this, because obtaining a certificate from one of the well-known CA's is very expensive.
If you use https with sciencemadness, then you only have the benefit of encrypted communication between your browser and the webserver. You do not have the benefit of identity confirmation. A spoofing site with the name https://www.sciencemаdness.org could pretend to be the true https://www.sciencemadness.org site without you noticing this. The domainname sciencemаdness.org is not registered but someone malicious could do that and make a login page which looks exactly like the true sciencemadness.org and obtain info from members.



[Edited on 30-6-10 by woelen]




The art of wondering makes life worth living...
Want to wonder? Look at https://woelen.homescience.net
View user's profile Visit user's homepage View All Posts By User
psychokinetic
National Hazard
****




Posts: 558
Registered: 30-8-2009
Location: Nouveau Sheepelande.
Member Is Offline

Mood: Constantly missing equilibrium

[*] posted on 30-6-2010 at 12:52


Firefox asks me if I trust ScienceMadness if I've deleted all my security exceptions. I'm sure most browsers will let you bypass it, as it's just a security measure to stop actually bad sites from raping your computer.

(By raping, I mean what woelen has just said about fake login screens. This is how bank and farcebook users get done over)




“If Edison had a needle to find in a haystack, he would proceed at once with the diligence of the bee to examine straw after straw until he found the object of his search.
I was a sorry witness of such doings, knowing that a little theory and calculation would have saved him ninety per cent of his labor.”
-Tesla
View user's profile View All Posts By User
turd
National Hazard
****




Posts: 800
Registered: 5-3-2006
Member Is Offline

Mood: No Mood

[*] posted on 1-7-2010 at 03:26


Quote: Originally posted by woelen  
If you use https with sciencemadness, then you only have the benefit of encrypted communication between your browser and the webserver. You do not have the benefit of identity confirmation. A spoofing site with the name https://www.sciencemаdness.org could pretend to be the true https://www.sciencemadness.org site without you noticing this. The domainname sciencemаdness.org is not registered but someone malicious could do that and make a login page which looks exactly like the true sciencemadness.org and obtain info from members.

Nice one. Unicode 0x0430, cyrillic a (http://www.unicodemap.org/details/0x0430/index.html).
But how does this help? The imposter could simply buy a certificate for the sciencem-cyrillica-dness.org site. This looks more like a browser issue - the browser should show you clearly that the domain name is a mix of latin and cyrillic. Or do you suggest that the certificate authorities have higher standards than the domain registrars and would deny such a certificate?

I was under impression that the point of signed certificates is to prevent man-in-the-middle attacks, not domain imposters. And I wonder how good it works. Certain governments probably have good ties to the certificate authorities, so I wonder if they can get the necessary private keys?
View user's profile View All Posts By User
Eliteforum
National Hazard
****




Posts: 571
Registered: 18-11-2002
Location: United Kingdom
Member Is Offline

Mood: Enjoying the journey

[*] posted on 16-8-2010 at 09:34


I've had this problem, usually after my CMOS battery has died/dying. It sometimes happens when the date/time is not correct. Simply putting the clock to the right date/time fixes it.



All that glitters isn't gold.
View user's profile View All Posts By User This user has MSN Messenger
woelen
Super Administrator
*********




Posts: 8027
Registered: 20-8-2005
Location: Netherlands
Member Is Offline

Mood: interested

[*] posted on 16-8-2010 at 22:43


Quote: Originally posted by turd  
Quote: Originally posted by woelen  
If you use https with sciencemadness, then you only have the benefit of encrypted communication between your browser and the webserver. You do not have the benefit of identity confirmation. A spoofing site with the name https://www.sciencemаdness.org could pretend to be the true https://www.sciencemadness.org site without you noticing this. The domainname sciencemаdness.org is not registered but someone malicious could do that and make a login page which looks exactly like the true sciencemadness.org and obtain info from members.

Nice one. Unicode 0x0430, cyrillic a (http://www.unicodemap.org/details/0x0430/index.html).
But how does this help? The imposter could simply buy a certificate for the sciencem-cyrillica-dness.org site. This looks more like a browser issue - the browser should show you clearly that the domain name is a mix of latin and cyrillic. Or do you suggest that the certificate authorities have higher standards than the domain registrars and would deny such a certificate?

I was under impression that the point of signed certificates is to prevent man-in-the-middle attacks, not domain imposters. And I wonder how good it works. Certain governments probably have good ties to the certificate authorities, so I wonder if they can get the necessary private keys?

The well-known authorities which can issue certificates, which are part of a known chain (e.g. end at roots like Verisign or a national agency), require some form of ID of the person who requests a certificate. Besides that, certificates like this have a high price. I'm quite sure that all known certificate authorities would reject a request for a certificate for this type of domainname. A self-signed certificate leads to a browser error, because that does not have a chain which ends at a well known authority.

If an organisation wants even more security, then it can require the use of two-sided certificate checking. With sciencemadness.org, there only is checking of the identity of the server by the client, but things can be set up such that the server also checks the identity of the client. The client in that case needs to provide a certificate each time when it connects to the server. The organisation then gives a certificate file to the client (usually by other means than the connection itself) and the ownership of this certificate then is checked by the server before allowing further communication.

@Eliteforum: What has your CMOS setup to do with certificates of sciencemadness.org? I see no relation between these subjects.

[Edited on 17-8-10 by woelen]




The art of wondering makes life worth living...
Want to wonder? Look at https://woelen.homescience.net
View user's profile Visit user's homepage View All Posts By User

  Go To Top