[Pro] security issue with forum?

Hi Folks,
So happy to see Freeway has a new life.
When I log into this forum, Firefox gives me the following warning. Scares the H out of me as I have to click advanced and to make an exception to ignore their security warning every time. No one seems to have flagged this on the forum so I wonder what’s up! message:

Your connection is not secure

The owner of freewaytalk.softpress.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

Learn more…

Report errors like this to help Mozilla identify and block malicious sites

freewaytalk.softpress.com uses an invalid security certificate.

The certificate expired on July 13, 2016 at 8:50 AM. The current time is April 7, 2017 at 5:44 PM.

Error code: SEC_ERROR_EXPIRED_CERTIFICATE


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

It’s not great, but what critical info do you provide this site besides your username and password for it? It’s a shame that the password could be exposed in transit, but it’s not like you use this password on any other sites, right? :wink:


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

The issue is that the certificate has expired, not that the security provided by SSL (Secure Socket Layer) is not present. So actually (pushes glasses up) the site is as secure as any bank site.

What’s missing is the chain of authority saying that nobody has gone to the trouble to create a mirror of the site with their own software to capture your (hopefully one-site-used) password and somehow profit from that knowledge.

As Joe pointed out, there is nothing in this server that isn’t also in countless in-boxes anyway. Nothing secret or requiring of extreme security.

SSL is separate from and orthogonal to the security on the server itself that keeps those long on spare time and short on morals from exposing the entire list of people, and getting at that treasure trove of e-mail addresses – again, the same addresses that you would have used on countless other sites and services.

Walter

On Apr 8, 2017, at 7:55 AM, Joe Muscara email@hidden wrote:

It’s not great, but what critical info do you provide this site besides your username and password for it? It’s a shame that the password could be exposed in transit, but it’s not like you use this password on any other sites, right? :wink:


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

Thanks for the explanation. I really appreciate it!
Makes me feel a little bit better…

best regards Barry


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

Security, both real or perceived should always be of the utmost importance.

Imagine as people come across Softpress for the first time (unless new users are not desired?). As they look to see what community support is offered, as this along with proper documentation are two major interests of importance for new users or potential customers. Then they see the security warming, what type of image or perception is that projecting to these people?

Yet its such a simple fix to resolve this issue and prevent this type of unneeded perception for Softpress, its users and potential customers.


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

Yes I agree with that too.
I would 100% run away from every site that both Firefox and Safari flagged as a security risk. I only came back because of the above answers.
Even with the great explanation above I find myself mentally evaluating my desire to log into the forum vs the feeling that potentially my data or computer might get hijacked. Or at least opening the door to a thousand unwanted emails.
Ya I know nothing bad will likely happen but the feeling is very real which is not a good thing.


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options