Wrongplanet.net SSL is Broken

Page 1 of 1 [ 14 posts ]

Joined: 2 Nov 2010
Gender: Male
Posts: 466
Location: England

24 Apr 2017, 3:06 pm

Please fix the SSL. We are now logging in using unecrypted connections. This is not safe. Accounts are likely to be hacked.

mr_bigmouth_502
Veteran
Veteran

Joined: 12 Dec 2013
Age: 30
Gender: Non-binary
Posts: 7,028
Location: Alberta, Canada

25 Apr 2017, 5:22 am

Things have been this way for a while. HTTPSEverywhere lists Wrong Planet as "broken MCB, partial".

_________________
Every day is exactly the same...

DeepHour
Veteran
Veteran

Joined: 1 Jun 2014
Gender: Male
Posts: 78,192
Location: United Kingdom

27 Apr 2017, 1:46 pm

This really does need looking at. Can it really be so difficult to sort out? WP can't afford to go on losing active members, and there must surely be quite a few who have left, or are staying away, because of this issue.

leejosepho
Veteran
Veteran

Joined: 14 Sep 2009
Gender: Male
Posts: 9,011
Location: 200 miles south of Little Rock

27 Apr 2017, 7:07 pm

WrongPlanet.net's SSL is not broken, and you can see that by accessing it: https://wrongplanet.net/

To use SSL here, just clear your browser cache and edit your WrongPlanet.net links to include 'https'.

It would not be difficult for someone at the server to redirect all incoming requests to https, but that is not likely a priority there since none of our accounts include anything related to personal ID or finances.

_________________
I began looking for someone like me when I was five ...
My search ended at 59 ... right here on WrongPlanet.
==================================

mr_bigmouth_502
Veteran
Veteran

Joined: 12 Dec 2013
Age: 30
Gender: Non-binary
Posts: 7,028
Location: Alberta, Canada

27 Apr 2017, 9:42 pm

leejosepho wrote:

Are you sure this is actually secure though?

_________________
Every day is exactly the same...

leejosepho
Veteran
Veteran

Joined: 14 Sep 2009
Gender: Male
Posts: 9,011
Location: 200 miles south of Little Rock

28 Apr 2017, 12:16 am

mr_bigmouth_502 wrote:

leejosepho wrote:

Are you sure this is actually secure though?

Yes, https in the address bar means things are encrypted, and I would suspect Alex might not even have to be paying extra for the SSL certificate. Just as in my own case at my own sites where cPanel now includes a certificate, he likely just needs to tell someone to add the redirect to send all traffic through https.

_________________
I began looking for someone like me when I was five ...
My search ended at 59 ... right here on WrongPlanet.
==================================

danieldoesnotexist
Pileated woodpecker

Joined: 26 Apr 2017
Gender: Male
Posts: 189

29 Apr 2017, 3:08 am

Stuff like this is why I always use a VPN, and a proxy no matter what. Sounds like a pain to always type https before every link.

_________________
Your neurodiverse (Aspie) score: 189 of 200
Your neurotypical (non-autistic) score: 19 of 200

wtf

DeepHour
Veteran
Veteran

Joined: 1 Jun 2014
Gender: Male
Posts: 78,192
Location: United Kingdom

29 Apr 2017, 6:04 pm

Does using a VPN alone, which is the way I'm accessing WP at the moment, give one any protection, and if so, what precisely?

leejosepho
Veteran
Veteran

Joined: 14 Sep 2009
Gender: Male
Posts: 9,011
Location: 200 miles south of Little Rock

30 Apr 2017, 7:08 pm

A VPN provides obscurity, not security...

Quote:

It’s not enough just to tunnel data sent over a VPN. The next layer of security is encryption, where data is encoded so that packets can only be read by your VPN client and server, which are securely connected together.

Encrypting the packets

_________________
I began looking for someone like me when I was five ...
My search ended at 59 ... right here on WrongPlanet.
==================================

danieldoesnotexist
Pileated woodpecker

Joined: 26 Apr 2017
Gender: Male
Posts: 189

01 May 2017, 12:07 am

leejosepho wrote:

A VPN provides obscurity, not security...

Quote:

Ya, a vpn isn't total protection. They really should sort this out. I also use tor with bridges which is another layer of security. I'm a bit paranoid about this sorta thing..

_________________
Your neurodiverse (Aspie) score: 189 of 200
Your neurotypical (non-autistic) score: 19 of 200

wtf

AspieUtah
Veteran
Veteran

Joined: 20 Jun 2014
Age: 61
Gender: Male
Posts: 6,118
Location: Brigham City, Utah

03 May 2017, 9:32 am

leejosepho wrote:

It would be nice if Alex would change the "http" URL to redirect to the new "https" URL. In short order, most members (who care) would save the proper link. But, I wouldn't be surprised if he is off today battling spam warriors from pissy nations with economies which thrive on scamming.

_________________
Diagnosed in 2015 with ASD Level 1 by the University of Utah Health Care Autism Spectrum Disorder Clinic using the ADOS-2 Module 4 assessment instrument [11/30] -- Screened in 2014 with ASD by using the University of Cambridge Autism Research Centre AQ (Adult) [43/50]; EQ-60 for adults [11/80]; FQ [43/135]; SQ (Adult) [130/150] self-reported screening inventories -- Assessed since 1978 with an estimated IQ [≈145] by several clinicians -- Contact on WrongPlanet.net by private message (PM)

leejosepho
Veteran
Veteran

Joined: 14 Sep 2009
Gender: Male
Posts: 9,011
Location: 200 miles south of Little Rock

03 May 2017, 7:45 pm

AspieUtah wrote:

It would be nice if Alex would change the "http" URL to redirect to the new "https" URL. In short order, most members (who care) would save the proper link...

Anyone who wishes can actually do that even now by either deleting or editing all WP bookmarks and then logging in using https and continuing on from there. In fact, I just switched to https while typing this post and then right-clicked "View posts since last visit" and that came up in https also...

...and if you click ^^^that link^^^ in this post, you too will have just "made the switch"!

_________________
I began looking for someone like me when I was five ...
My search ended at 59 ... right here on WrongPlanet.
==================================

leejosepho
Veteran
Veteran

Joined: 14 Sep 2009
Gender: Male
Posts: 9,011
Location: 200 miles south of Little Rock

03 May 2017, 9:26 pm

leejosepho wrote:

AspieUtah wrote:

It would be nice if Alex would change the "http" URL to redirect to the new "https" URL. In short order, most members (who care) would save the proper link...

Anyone who wishes can actually do that even now by either deleting or editing all WP bookmarks and then logging in using https and continuing on from there...

Oops, I was wrong. You can use https to log in -- always a secure login that way -- but then the login script will drop you back to http...and then you can change http to https in your browser address bar and return to https and remain there for the duration of the session.

_________________
I began looking for someone like me when I was five ...
My search ended at 59 ... right here on WrongPlanet.
==================================

Pieplup
Veteran
Veteran

Joined: 15 Dec 2015
Age: 20
Gender: Non-binary
Posts: 2,658
Location: Maine

11 May 2017, 12:24 pm

Adamantus wrote:

Please fix the SSL. We are now logging in using unecrypted connections. This is not safe. Accounts are likely to be hacked.

Click this link. If you type in https:// It works. Just make a bookmark that has it and use that.

_________________
ever changing evolving and growing
I am pieplup i have level 3 autism and a number of severe mental illnesses. I am rarely active on here anymore.
I run a discord for moderate-severely autistic people if anyone would like to join. You can also contact me on discord @Pieplup or by email at [email protected]

Page 1 of 1 [ 14 posts ]

Jump to:

Wrongplanet.net SSL is Broken Post Reply New Topic

Wrongplanet.net SSL is Broken