Dumaguete Info Search


Update Forum Security Certs Updated

Discussion in 'Forum Announcements & User Feedback' started by Rye83, Apr 4, 2016.

  1. Rye83

    Rye83 with pastrami Admin Secured Account Highly Rated Poster SC Connoisseur Veteran Army

    Messages:
    13,106
    Trophy Points:
    451
    Occupation:
    FIRE
    Location:
    Valencia
    Ratings:
    +16,069 / 3,795
    Blood Type:
    O+
    This one snuck up on me. The SSL certificate (which gives you the green "https" in the address bar) expires tomorrow. It usually takes a couple days to get the new one. Tonight I'll generate my own SSL cert and install it until they email me the new cert. The site will be just as secure but your browser won't agree with that and will show a security warning because I'm not an registered trusted agent....or some nonsense like that. I might decide to just go back to regular ol' http to avoid any user confusion.....if I can remember where I put all those redirects to https a year ago.

    Sorry about that. I thought I had until the 12th for some reason. :unsure:
     
    • Informative Informative x 7
  2. alex

    alex DI Forum Patron Highly Rated Poster

    Messages:
    1,410
    Trophy Points:
    291
    Occupation:
    EXPERT BOLA BOLA
    Location:
    DUMAGUETE
    Ratings:
    +1,296 / 1,129
    ok m8 wala problima
     
  3. Dave_Hounddriver

    Dave_Hounddriver DI Forum Luminary Highly Rated Poster

    Messages:
    2,033
    Trophy Points:
    376
    Ratings:
    +2,502 / 1,061
    The security problem has started now and its a real b*tch! Every time I click anywhere ( every click! Not just once to get into the site) I get the screen that forces me to leave the site or go advanced and do a 'security override' It is surely gonna cut down on postings here so hope you get it fixed fast.

    Strange. The green https is back and the problem stopped. You must have done something magic?
     
    • Like Like x 1
  4. OP
    OP
    Rye83

    Rye83 with pastrami Admin Secured Account Highly Rated Poster SC Connoisseur Veteran Army

    Messages:
    13,106
    Trophy Points:
    451
    Occupation:
    FIRE
    Location:
    Valencia
    Ratings:
    +16,069 / 3,795
    Blood Type:
    O+
    That's because I was in the process of installing the new certificate. :wink: Managed to get the certificate verified and emailed to me in 20 minutes with Comodo (last time it took 2 days). The problem lasted for around 15 minutes because I jumped the gun and deleted the old cert but when I put in the new one I couldn't find where I saved the private key that goes with it on my computer. :banghead: Obviously I found it....it did make me start to sweat a bit though.

    Here is why the forum has it:
    1. To prevent MITM attacks against forum users on public wifi networks. (Here is a video of me "hijacking" a login made on my computer from a mobile phone. Anyone can easily do this if you're on the same wifi and visiting non-https websites. I removed this app after Date In Asia finally secured their site...messin' with the hoes on DIA and then seeing the reactions when they saw the profile "modifications" and/or replies/forwards sent to all the guys they were milking for cash was tons of fun! lol :sneaky:)
    2. To keep usernames, passwords, private messages and any other sensitive data encrypted while it travels through the internets.......making it much harder for certain agencies and groups that like to secretly (and illegally IMO) collect massive amounts of data and build profiles on people. (I really don't want them to be reading my PMs! :peeking: :cautious:)
    3. To prevent phishing attacks. (If you don't see the green address bar it's not DI and you should not attempt to log in! Going to add some additional trust indicators later on.)
    4. Google likes it enough to reward sites that have SSL 2048-bit certs.
    5. And mainly: I think that not doing it when you have user accounts is at best irresponsible (if you are completely clueless) and at worst completely unethical (if you are aware of the risks).
    I'm actually a little surprised at the number of websites/forums that don't use it. It only costs around $10/year and setting it up is not that difficult (fixing all the server vulnerabilities to get the high security rating takes a bit research, time and root access to the server though). The certs that cost $100s and even $1000s per year don't have any better encryption than the $10 ones; all SSL certs consist of is two very large prime numbers (private key) and the sum of those two primes (public key)......all the expensive ones do is verify the company that applied for the cert actually exists/is legit.

    I believe everything should be good on security until next year. When tested there was a green Screenshot (450).png in Chrome (desktop and mobile), Firefox and Opera. Microsoft's Explorer and Edge are showing a gray but locked padlock, that is just Microsoft being Microsoft. No idea about Safari but compatibility tests show all modern browsers should be working.

    I have added the HSTS security policy telling browsers they should only use the site in https to protect again protocol downgrade attacks. This improved DI's security grade from the"A" it got last year to:
    Screenshot (457).png


    If anyone has problems please let me know. :thumbsup:

    Just for fun I thought I'd look at some other site's scores to see how DI servers compared.

    Date In Asia:
    Screenshot (458).png

    Facebook:
    Screenshot (452).png

    Amazon:
    Screenshot (454).png

    CIA:
    Screenshot (455).png

    NSA :hilarious::
    Screenshot (456).png

    All sites surveyed last month.
    Screenshot (460).png
    (Not sure if I should be happy about being in that 3.1% or if I should go get a life. :bag:)
     

    Attached Files:

    • Like Like x 2
    • Thanks Thanks x 1
  5. AlwaysRt

    AlwaysRt DI Forum Patron Highly Rated Poster Blood Donor Veteran Air Force Marines

    Messages:
    1,250
    Trophy Points:
    310
    Location:
    Valencia
    Ratings:
    +1,329 / 391
    Blood Type:
    A+
    It has been my habit to to default to the new posts page, click to read new post(s) then backspace to return to the new posts page. Now when I backspace it takes me to the main categories page. Not sure the security issue caused it (or what would cause it) but the timing is the same. Running Chrome on win10, any ideers?
     
  6. OP
    OP
    Rye83

    Rye83 with pastrami Admin Secured Account Highly Rated Poster SC Connoisseur Veteran Army

    Messages:
    13,106
    Trophy Points:
    451
    Occupation:
    FIRE
    Location:
    Valencia
    Ratings:
    +16,069 / 3,795
    Blood Type:
    O+
    Hitting backspace on the keyboard should be the same as hitting the back button on your browser, taking you to the last page you were on. The forum software has no control over the shortkeys on your computer as far as I know. You might want to check your browser settings to see what the shortkey settings are there.
     
    • Informative Informative x 1
  7. DavyL200

    DavyL200 DI Forum Luminary ★ Global Mod ★ ★ Moderator ★ Highly Rated Poster Showcase Reviewer

    Messages:
    3,968
    Trophy Points:
    401
    Location:
    On an island
    Ratings:
    +5,126 / 466
    I am also having this prob when hitting the back a page button it takes me back the the catogories main page. Something is not quite right!
     
  8. robert k

    robert k DI Forum Patron Highly Rated Poster Veteran Army

    Messages:
    1,525
    Trophy Points:
    315
    Ratings:
    +1,213 / 264
    Yes, go back to W7 which has the bugs worked out of it.:smile:

    I got no problems with my comp.
     
    • Funny Funny x 1
  9. AlwaysRt

    AlwaysRt DI Forum Patron Highly Rated Poster Blood Donor Veteran Air Force Marines

    Messages:
    1,250
    Trophy Points:
    310
    Location:
    Valencia
    Ratings:
    +1,329 / 391
    Blood Type:
    A+
    I didn't have any problem either until today, and only on DI. All other sites backup fine. Must be a ghost in the machine.
     
  10. PatO

    PatO DI Forum Luminary Highly Rated Poster Showcase Reviewer Veteran Marines

    Messages:
    6,087
    Trophy Points:
    451
    Ratings:
    +4,554 / 1,017
    On my Apple, the back arrow doesn't work as it should so I go back up to the Forum button to start back then go to the next post I want.
     
Loading...