Page 1 of 3 [ 38 posts ]  Go to page 1, 2, 3  Next

magnum233
Sea Gull
Sea Gull

User avatar

Joined: 27 Jun 2015
Age: 44
Gender: Male
Posts: 247
Location: New Zealand

30 Apr 2017, 1:02 pm

I notice up the top left it says connection to site is not secure. I would think considering the amount of people that post on this forum there should be some decent security.


_________________
Im like over there, somewhere.....


Empathy
Veteran
Veteran

User avatar

Joined: 30 Aug 2015
Gender: Female
Posts: 1,548
Location: Sovereign Nation & Commonwealth

28 May 2017, 7:56 pm

Because its free the owner hires volunteers to make his own rules for him and if anyone says anything like using their knowledge of free speech, they wait until they slip up so moderators get involved to use unecessary force to limit their rights in the future by making them look stupid and underage volunteers can jest and play around with people who they don't think that much of. (opinionated voice voided to suit their bland insinuations)
To break it down though, no one has any money and all free resources are supposed to be enahnced by the users settings for advanced protection. Failure of communication is therefore null before being exposed.



leejosepho
Veteran
Veteran

User avatar

Joined: 14 Sep 2009
Gender: Male
Posts: 9,011
Location: 200 miles south of Little Rock

28 May 2017, 9:16 pm

Empathy wrote:
Because its free the owner hires volunteers to make his own rules for him and if anyone says anything like using their knowledge of free speech, they wait until they slip up so moderators get involved to use unecessary force to limit their rights in the future by making them look stupid and underage volunteers can jest and play around with people who they don't think that much of. (opinionated voice voided to suit their bland insinuations)

^^ A mere opportunistic rant having nothing whatsoever to do with why this site does not have https set as its default!

Empathy wrote:
To break it down though, no one has any money and all free resources are supposed to be enhanced by the users settings for advanced protection...

The certificate actually already exists and anyone can use https manually. Only Alex could say why he does not make https the default, but my guess is that he does not see it as being necessary since there is nothing other than usernames and passwords to protect, and only during login.


_________________
I began looking for someone like me when I was five ...
My search ended at 59 ... right here on WrongPlanet.
==================================


Empathy
Veteran
Veteran

User avatar

Joined: 30 Aug 2015
Gender: Female
Posts: 1,548
Location: Sovereign Nation & Commonwealth

29 May 2017, 7:14 am

leejosepho wrote:
^^ A mere opportunistic rant having nothing whatsoever to do with why this site does not have https set as its default!


Empathy wrote:
To break it down though, no one has any money and all free resources are supposed to be enhanced by the users settings for advanced protection...

The certificate actually already exists and anyone can use https manually. Only Alex could say why he does not make https the default, but my guess is that he does not see it as being necessary since there is nothing other than usernames and passwords to protect, and only during login.


There is a certificate but it is insecure, anyone with proxy sense and know how can see into it and check for site encryption, which it doesn't as it would be expensive and need qualified handlers to check and moderate the site frequently and with tact.

Why am I continually misquoted or misunderstood?! I'm allowed to quote a member question and I'll do so even if you've been here for more or less than ten years, its annoying that some would justify their behaviour as being ethical when their morals spek volumes otherwise.



leejosepho
Veteran
Veteran

User avatar

Joined: 14 Sep 2009
Gender: Male
Posts: 9,011
Location: 200 miles south of Little Rock

29 May 2017, 10:12 pm

Empathy wrote:
There is a certificate but it is insecure...

Then why did you ask why there is no certificate, and what do you mean by the certificate being "insecure"? Also, and while admitting I might be confusing some things or terms unwittingly while showing some ignorance, the fact remains that https (encryption for login or whatever) actually *is* available if people want to manually add the 's' in the address bar.

As far as overall site security is concerned, I highly doubt this site is vulnerable to intrusion. I am no expert in all of this stuff, but I have domains of my own at a BlueHost VPS account with a firewall and plenty of solid .htaccess where I have never had an intrusion, and I am quite certain this site has all of that and even more to protect itself and its visitors/users from external attack.


_________________
I began looking for someone like me when I was five ...
My search ended at 59 ... right here on WrongPlanet.
==================================


Empathy
Veteran
Veteran

User avatar

Joined: 30 Aug 2015
Gender: Female
Posts: 1,548
Location: Sovereign Nation & Commonwealth

01 Jul 2017, 7:48 pm

leejosepho wrote:
Empathy wrote:
There is a certificate but it is insecure...

Then why did you ask why there is no certificate, and what do you mean by the certificate being "insecure"? \

As far as overall site security is concerned, I highly doubt this site is vulnerable to intrusion. I am no expert in all of this stuff, but I have domains of my own at a BlueHost VPS account with a firewall and plenty of solid.


Listen up, the origins of this planets database, state otherwise. The OP wasn't talking about access, he was discussing why the site does not havd a valid certificate, anybody can look it up on any norton sercurity scan setting or cloudfare operating system. Hacking, which brings the site down on malware and insecure encryption intrusion..are added for the ads and pop ups, made via the forums mass funding distributors who invalidate everything, based on cashing in on their resources.
Please inform Alex if you have come forth bearing fruit, any valuable information would be good for the site and its leader.



alex
Developer
Developer

User avatar

Joined: 13 Jun 2004
Age: 37
Gender: Male
Posts: 10,214
Location: Beverly Hills, CA

01 Jul 2017, 8:13 pm

The site has a valid ssl certificate.


_________________
I'm Alex Plank, the founder of Wrong Planet. Follow me (Alex Plank) on Blue Sky: https://bsky.app/profile/alexplank.bsky.social


Empathy
Veteran
Veteran

User avatar

Joined: 30 Aug 2015
Gender: Female
Posts: 1,548
Location: Sovereign Nation & Commonwealth

01 Jul 2017, 8:18 pm

I wonder if its been valid in the last say, five or ten years? It can't be that safe, otherwise Cloudfare wouldn't have kept on buggering it up.

Quote
''He came, They saw, and It knew..''



alex
Developer
Developer

User avatar

Joined: 13 Jun 2004
Age: 37
Gender: Male
Posts: 10,214
Location: Beverly Hills, CA

01 Jul 2017, 8:25 pm

Empathy wrote:
I wonder if its been valid in the last say, five or ten years? It can't be that safe, otherwise Cloudfare wouldn't have kept on buggering it up.

I can't understand what you're asking but if you're browsing the site over SSL, it's secure. Make sure to use HTTPS. https://wrongplanet.net


_________________
I'm Alex Plank, the founder of Wrong Planet. Follow me (Alex Plank) on Blue Sky: https://bsky.app/profile/alexplank.bsky.social


Empathy
Veteran
Veteran

User avatar

Joined: 30 Aug 2015
Gender: Female
Posts: 1,548
Location: Sovereign Nation & Commonwealth

01 Jul 2017, 8:32 pm

Alex, Everyone knows the SSL,and thats the problem. You may have stopped sharing it now, but other cloudfare user scripts were over-riding this once and that's most likely where the spam has originated itself from.
It is only secure if users protect themselves from the sites encryption probs, you've had to deal with it too, so you know. No point in hiding behind the curtain.
The bigger a network, the more safety risks posed, so users like me had to use encryption on our androids to stop the threat of the harmful web bugs. You only have to agree with your aliases but haven't had to share the bait(us) with them.

This may have happened to me a while back, before I reset it but its ok just on a tablet now.http://www.techrepublic.com/article/enc ... -security/


Have you seen this?https://www.comodo.com/ssl-certificate-auto-installer/?key5sk1=1a0cc5ecbcc77c7cb5bbcba5043e1dafd9891bd4#_ga=2.112788288.514410999.1498959162-52339879.1498959162

Don't know the price, but it's worth finding out..if you change your mind.



Empathy
Veteran
Veteran

User avatar

Joined: 30 Aug 2015
Gender: Female
Posts: 1,548
Location: Sovereign Nation & Commonwealth

01 Jul 2017, 8:54 pm

magnum233 wrote:
I notice up the top left it says connection to site is not secure. I would think considering the amount of people that post on this forum there should be some decent security.


That's also what i keep saying. We the users are trying to support site admin a bit too. Try a few SSLs and see what comes of it. I've left a bold one open for some advice and free input.

Purchase a new SSL certificate
Only the Comodo certificate provided in this process is supported in FileMaker Cloud. If you choose to use a different SSL certificate, be sure to test it before going into production.
Use a certificate tool such as OpenSSL to create a certificate signing request (CSR) for your domain name, along with a corresponding private key file. By default, these files are created in your home folder as "myserver.key" (private key) and "server.csr" (CSR). Specify your domain name, email address and company name during CSR creation. 
In the Cloud Console (https://<yourdomain>/console#/login), go to Configuration > SSL Certificates, and click "Purchase Comodo Certificate" to begin Comodo's SSL purchase process.
Note: If the trial SSL certificate has expired, you cannot access the Cloud Console in Safari using the hostname. As a workaround, use a differnet browser or use the instance's IP address until the SSL certificate is renewed.
Following Comodo's on-screen prompts, provide information including:
The contents of the CSR created in step #1. Open the CSR in a text editor and copy the entire contents into the space provided on Comodo's page.
Select "Other" as the server software used to generate the CSR.
Select the number of years the certificate will be valid for (1, 2, or 3).
Select your DNS email address for domain validation to verify that you are the owner of the domain specified in the CSR.
An email will be sent to your new DNS email account. Login through the DNS registrar's website to manage this account and acknowledge the domain validation email from Comodo. 

[email protected]



alex
Developer
Developer

User avatar

Joined: 13 Jun 2004
Age: 37
Gender: Male
Posts: 10,214
Location: Beverly Hills, CA

03 Jul 2017, 3:16 pm

I have no idea what you're talking about. As I said, if you access the site via SSL, you will have a secure connection. If you access the site over normal http, obviously it's not encrypted.


_________________
I'm Alex Plank, the founder of Wrong Planet. Follow me (Alex Plank) on Blue Sky: https://bsky.app/profile/alexplank.bsky.social


Aristophanes
Veteran
Veteran

User avatar

Joined: 10 Apr 2014
Age: 42
Gender: Male
Posts: 3,603
Location: USA

03 Jul 2017, 3:23 pm

The site IS using SSL and your connection to and from the site IS secure. The warning you're getting is because the site isn't going through a third-party vendor for the SSL certificate. All a third-party SSL does is offer third party validation that the site is what it says it is. Browsing a few posts here is all it should take for you to accept that this is indeed the legitimate WP. Some browsers go apeshit crazy over 3rd party SSL, it so happens they also have business deals with third-party SSL vendors. Long story short: you're getting that warning because WP isn't paying third-party scam artists to turn it off, and that's the only reason.



Empathy
Veteran
Veteran

User avatar

Joined: 30 Aug 2015
Gender: Female
Posts: 1,548
Location: Sovereign Nation & Commonwealth

03 Jul 2017, 7:49 pm

Aristophanes wrote:
The site IS using SSL and your connection to and from the site IS secure. The warning you're getting is because the site isn't going through a third-party vendor for the SSL certificate. All a third-party SSL does is offer third party validation that the site is what it says it is. Browsing a few posts here is all it should take for you to accept that this is indeed the legitimate WP. Some browsers go apeshit crazy over 3rd party SSL, it so happens they also have business deals with third-party SSL vendors. Long story short: you're getting that warning because WP isn't paying third-party scam artists to turn it off, and that's the only reason.


Exactly Aristophanes, thanks for quoting me,I was referring actually to third party SSLs, and the link with Cloudfare and modern encrypted browsers. Maybe thats changed now..

And.., as I said, i was having these problems that others had shared and also, a certain someone said that you
couldn't adjust the SSL with the TCP or IPs for foreign servers. (Like in the U.K).
So, maybe someone can please clarify my modest input for what it is.

Alex wrote:
I have no idea what you're talking about.

That's maybe because you'd rather not listen to the females of W.P.
How comes you aborted Cloudfare? surely its supposed to enhance encryption levels but the downside is it slows down internet providers, such as mine and other peoples.



Aristophanes
Veteran
Veteran

User avatar

Joined: 10 Apr 2014
Age: 42
Gender: Male
Posts: 3,603
Location: USA

03 Jul 2017, 8:11 pm

Empathy wrote:
Aristophanes wrote:
The site IS using SSL and your connection to and from the site IS secure. The warning you're getting is because the site isn't going through a third-party vendor for the SSL certificate. All a third-party SSL does is offer third party validation that the site is what it says it is. Browsing a few posts here is all it should take for you to accept that this is indeed the legitimate WP. Some browsers go apeshit crazy over 3rd party SSL, it so happens they also have business deals with third-party SSL vendors. Long story short: you're getting that warning because WP isn't paying third-party scam artists to turn it off, and that's the only reason.


Exactly Aristophanes, thanks for quoting me,I was referring actually to third party SSLs, and the link with Cloudfare and modern encrypted browsers. Maybe thats changed now..

And.., as I said, i was having these problems that others had shared and also, a certain someone said that you
couldn't adjust the SSL with the TCP or IPs for foreign servers. (Like in the U.K).
So, maybe someone can please clarify my modest input for what it is.

Alex wrote:
I have no idea what you're talking about.

That's maybe because you'd rather not listen to the females of W.P.
How comes you aborted Cloudfare? surely its supposed to enhance encryption levels but the downside is it slows down internet providers, such as mine and other peoples.

There's too many issues out there, we were bound to agree on something at some point, as distasteful as that may seem. :wink:



Empathy
Veteran
Veteran

User avatar

Joined: 30 Aug 2015
Gender: Female
Posts: 1,548
Location: Sovereign Nation & Commonwealth

03 Jul 2017, 8:30 pm

Empathy wrote:
Alex wrote:
The site has a valid ssl certificate.

And.., as I said, i was having these problems that others had shared and also, a certain someone said that you
couldn't adjust the SSL with the TCP or IPs for foreign servers. (Like in the U.K).

Aristophanes wrote:
There's too many issues out there, we were bound to agree on something at some point, as distasteful as that may seem.


I just hope for mine and everyones sakes out there, that cloudfare issues have been aborted for good so that no more site encryption can take place on any browser or displaced ruminage of the site.
I guess my qsts have interfered too much with the sites official stamped ownership now, by biting off more than is deemed necessary for an average user like me. Clearly an interest that affects U.k users is deemed out of bounds, but I have an old Ideapad, and it's more than equipped to beat off the old controversies and former ways of this sites processes and protocols.

And also, Cloudfare is just a bargaining chip for other shared site users out there, to access CPU caches that steals encryption.
I'm sure as a computer systems web programmer, you've done and tidied all your research already, but some more input can't be ruled out, not when all these problems are still coming up on other threads, like the not logging in straight away, resubmitting forms,check your browser again, even on InPrivate browsing it is against, so you must have used some double layered spam filtering for that, and maybe the spell checker was taken away because it used other means of invisible encryption.
http://searchcloudsecurity.techtarget.c ... d-security
Anyway..Carry on at your convenience :)