Official Everybody Edits Forums

Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?

You are not logged in.

#1 Before February 2015

XxAtillaxX
Member
Joined: 2015-11-28
Posts: 4,202

SSL is now enabled

SSL is now enabled for this site as you may or may not have noticed.
This may or may not mean a whole lot, but it is integral to preventing man-in-the-middle attacks and eavesdropping. Read more...


signature.png
*u stinky*

Offline

Wooted by:

#2 Before February 2015

Creature
Member
From: The Dark Web
Joined: 2015-02-15
Posts: 9,658

Re: SSL is now enabled

I still don't understand what this means.


This is a false statement.

Offline

Wooted by:

#3 Before February 2015

some woman
Member
From: 4th dimension
Joined: 2015-02-15
Posts: 9,289

Re: SSL is now enabled

Creature wrote:

I still don't understand what this means.

Shellshock Live of course!


10 years and still awkward. Keep it up, baby!

Offline

Wooted by:

#4 Before February 2015

Creature
Member
From: The Dark Web
Joined: 2015-02-15
Posts: 9,658

Re: SSL is now enabled

some man wrote:
Creature wrote:

I still don't understand what this means.

Shellshock Live of course!

Why do we need this?


This is a false statement.

Offline

Wooted by:

#5 Before February 2015

Different55
Forum Admin
Joined: 2015-02-07
Posts: 16,575

Re: SSL is now enabled

I'm having a hard time believing anyone cares even a fraction about this site enough to launch any sort of attack that making the site's communications secure will help. What we're most vulnerable to are raids, can you do anything about those? Maybe preventing repetitive posts and disallowing image posting until you have a handful of posts made?


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

Wooted by:

#6 Before February 2015

XxAtillaxX
Member
Joined: 2015-11-28
Posts: 4,202

Re: SSL is now enabled

Different55 wrote:

I'm having a hard time believing anyone cares even a fraction about this site enough to launch any sort of attack that making the site's communications secure will help. What we're most vulnerable to are raids, can you do anything about those? Maybe preventing repetitive posts and disallowing image posting until you have a handful of posts made?

Yes. I'm going to make it so that you need to have a certain amount of posts before you can embed images.
I'm also adding some more information about tags.

EDITS:
Added an 'About BBCode' that shows more information about BBCode.
Added a limit of minimum 25 posts before a user can use BBCode.
Added a new BBCode Tag (click here to find out!)
Updated youtube tags to load content from youtube over https.
Updated the Help page to reference youtube tags.
Working on mailservers to actually work properly.


signature.png
*u stinky*

Offline

Wooted by:

#7 Before February 2015

Dazz
Member
Joined: 2015-02-15
Posts: 837

Re: SSL is now enabled

Geee thanks a lot... now the forum doesn't work on Chrome

Last edited by dazz (Oct 6 2014 1:01:18 pm)

Offline

Wooted by:

#8 Before February 2015

N1KF
Wiki Mod
From: ဪဪဪဪဪ From: ဪဪဪဪဪ From: ဪဪဪဪဪ
Joined: 2015-02-15
Posts: 11,113
Website

Re: SSL is now enabled

dazz wrote:

Geee thanks a lot... now the forum doesn't work on Chrome

It works fine for me.

Offline

#9 Before February 2015

some woman
Member
From: 4th dimension
Joined: 2015-02-15
Posts: 9,289

Re: SSL is now enabled

N1KF wrote:
dazz wrote:

Geee thanks a lot... now the forum doesn't work on Chrome

It works fine for me.

Same here.


10 years and still awkward. Keep it up, baby!

Offline

Wooted by:

#10 Before February 2015

XxAtillaxX
Member
Joined: 2015-11-28
Posts: 4,202

Re: SSL is now enabled

dazz wrote:

Geee thanks a lot... now the forum doesn't work on Chrome

It should work fine, in the case that it doesn't, it is only temporary.
SSL may not fully propagate entirely, however it should be fine for everyone within 24 hours.

The forum should be fully functional despite any certificate issues.

Viewing topics will not have a padlock icon, because it is loading images that people embed in their signatures without https. The type of content that can be loaded is unable to modify content on-site, with the exception of being (possibly) youtube with restrictions IF the content is loaded.


signature.png
*u stinky*

Offline

Wooted by:

#11 Before February 2015

Zumza
Member
From: root
Joined: 2015-02-17
Posts: 4,656

Re: SSL is now enabled

Atilla I don't believe that someone will tray to intercept the data between any user to forum...
I hope it dosent   have any heart bleed issues.


Everybody edits, but some edit more than others

Offline

Wooted by:

#12 Before February 2015

Creature
Member
From: The Dark Web
Joined: 2015-02-15
Posts: 9,658

Re: SSL is now enabled

For me it's okay having that, forum isn't run by me, i don't choose if the forum will die with ee or don't.


This is a false statement.

Offline

Wooted by:

#13 Before February 2015

XxAtillaxX
Member
Joined: 2015-11-28
Posts: 4,202

Re: SSL is now enabled

The Doctor wrote:

Atilla I don't believe that someone will tray to intercept the data between any user to forum...
I hope it dosent   have any heart bleed issues.

There aren't any heartbleed issues, that's a good concern however. Nor do I think a user would try to intercept any data, however that doesn't mean that encryption shouldn't be everywhere. It's a technology that only helps.

Plus, man in the middle attacks don't just occur from out of nowhere. If you use any of your devices from anywhere, any connections you make on a public wifi connection without encryption can have unwanted consequences.

This is what a man in the middle attack is. It can happen outside your home, and it affects a lot of people - especially due to wifi authentication and trust issues, if you want to learn more, google pineapple wifi.


signature.png
*u stinky*

Offline

Wooted by:

#14 Before February 2015

Dazz
Member
Joined: 2015-02-15
Posts: 837

Re: SSL is now enabled

XxAtillaxX wrote:
dazz wrote:

Geee thanks a lot... now the forum doesn't work on Chrome

It should work fine, in the case that it doesn't, it is only temporary.
SSL may not fully propagate entirely, however it should be fine for everyone within 24 hours.

The forum should be fully functional despite any certificate issues.

Viewing topics will not have a padlock icon, because it is loading images that people embed in their signatures without https. The type of content that can be loaded is unable to modify content on-site, with the exception of being (possibly) youtube with restrictions IF the content is loaded.

Ok ok my bad, this time, for the first time I actually can proceed and enter the page, usually it gives me an error, now is working, thank you! I still get the ''https red slash'' but meh it's ok.

Last edited by dazz (Oct 6 2014 1:33:11 pm)

Offline

Wooted by:

#15 Before February 2015

Different55
Forum Admin
Joined: 2015-02-07
Posts: 16,575

Re: SSL is now enabled

I can't access it from Opera anymore. It works fine on my mobile browser but on desktop it just says

Secure connection: fatal error (40) from server.

https://eeforumify.com/

Failed to connect to server. The reason may be that the encryption methods supported by the server are not enabled in the security preferences.

Please note that some encryption methods are no longer supported, and that access will not be possible until the website has been upgraded to use strong encryption.

so if you could switch to a different encryption method, I'd appreciate it.

And everyone is now getting invalid certificate errors on browsers that do work. While we might actually be more secure, it's not coming off that way to everyone who now sees security warnings on every page, whether that's a popup or just an annoyingly bright red address bar) where before there were none. We're probably going to scare a few potential new members, annoy a few more away, and scare away one or two old users who might think that the forums have been hacked.

EDIT: I've been doing some research on HTTPS, and HTTPS with a self-signed certificate can't protect us from man-in-the-middle attacks. Is ours self-signed? I thought so, because it yells at everyone about security.

Last edited by Different55 (Oct 6 2014 5:59:25 pm)


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

Wooted by:

#16 Before February 2015

XxAtillaxX
Member
Joined: 2015-11-28
Posts: 4,202

Re: SSL is now enabled

Different55 wrote:

I can't access it from Opera anymore. It works fine on my mobile browser but on desktop it just says

Secure connection: fatal error (40) from server.

https://eeforumify.com/

Failed to connect to server. The reason may be that the encryption methods supported by the server are not enabled in the security preferences.

Please note that some encryption methods are no longer supported, and that access will not be possible until the website has been upgraded to use strong encryption.

so if you could switch to a different encryption method, I'd appreciate it.

And everyone is now getting invalid certificate errors on browsers that do work. While we might actually be more secure, it's not coming off that way to everyone who now sees security warnings on every page, whether that's a popup or just an annoyingly bright red address bar) where before there were none. We're probably going to scare a few potential new members, annoy a few more away, and scare away one or two old users who might think that the forums have been hacked.

EDIT: I've been doing some research on HTTPS, and HTTPS with a self-signed certificate can't protect us from man-in-the-middle attacks.

http://stackoverflow.com/a/11726273/4026373 wrote:

a self signed certificate is more insecure than a CA certificate only when the client does not know the certificate in advance and therefore has no way to validate that the server is who it says it is.

If you add the self signed certificate to the client and don't accept any other certificate, you're actually as secure (or, one could argue, even more so) than having a certificate authority signed certificate.

The important parts to keep SSL secure with or without a certificate authority are;

The server private key (and in the case of a CA, the private keys of all its roots) is kept secret.
The client knows the server certificate (or its CA root).

The SSL errors should disappear within a day or two. The encryption shouldn't be a problem.


signature.png
*u stinky*

Offline

Wooted by:

#17 Before February 2015

Zumza
Member
From: root
Joined: 2015-02-17
Posts: 4,656

Re: SSL is now enabled

its funny that the Forum of EE have SSL but EE dosent. //forums.everybodyedits.com/img/smilies/tongue


Everybody edits, but some edit more than others

Offline

Wooted by:

#18 Before February 2015

Different55
Forum Admin
Joined: 2015-02-07
Posts: 16,575

Re: SSL is now enabled

XxAtillaxX wrote:

The encryption shouldn't be a problem.

It is tho. ;_;


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

Wooted by:

#19 Before February 2015

AzurePudding
Guest

Re: SSL is now enabled

I thought these forums were down for a few days, I was getting an error page until just now I noticed there was a "Continue anyway" button.   Now the adress bar is red, huh..

Wooted by:

#20 Before February 2015

Different55
Forum Admin
Joined: 2015-02-07
Posts: 16,575

Re: SSL is now enabled

And that's going to happen to every person who comes here. I doubt we'll ever see another new user as long as they keep getting scared off by security errors designed to look intimidating. Trying to run a (small) website (Where nobody will ever launch a MITM attack) with SSL without a certificate is just shooting yourself in the foot. Having a self-signed certificate desensitizes everyone to security errors. If they somehow get caught up in a MITM attack, they'll see another error... Which they will then ignore because most people don't know better. The errors will look identical to them, so they'll continue and then fall into the MITM anyway. Some browsers display certificate errors once each session. Those people are particularly susceptible, since they won't even notice if something is out of the ordinary. This SSL isn't helping anyone.

And I'm probably going to be a lot less active since I can only get on the forums on my phone as long as we keep the current encryption method.


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

Wooted by:

#21 Before February 2015

N1KF
Wiki Mod
From: ဪဪဪဪဪ From: ဪဪဪဪဪ From: ဪဪဪဪဪ
Joined: 2015-02-15
Posts: 11,113
Website

Re: SSL is now enabled

Different55 wrote:

And that's going to happen to every person who comes here.

Every person but me? I am having no errors of any kind.

Offline

#22 Before February 2015

skullz17
Member
Joined: 2015-02-15
Posts: 6,699

Re: SSL is now enabled

I don't have any errors either.


m3gPDRb.png

thx for sig bobithan

Offline

Wooted by:

#23 Before February 2015

Different55
Forum Admin
Joined: 2015-02-07
Posts: 16,575

Re: SSL is now enabled

If you weren't warned at least the first time you came here after SSL was added, I fear for your browser.


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

Wooted by:

#24 Before February 2015

Cyclone or Meredith
Guest

Re: SSL is now enabled

I also don't get any errors across multiple browsers, computers and networks.

Wooted by:

#25 Before February 2015

skullz17
Member
Joined: 2015-02-15
Posts: 6,699

Re: SSL is now enabled

Tried on firefox, chrome and ie. Didn't get any warnings at all.


m3gPDRb.png

thx for sig bobithan

Offline

Wooted by:
XxAtillaxX14239530488384

Board footer

Powered by FluxBB

[ Started around 1732205247.6552 - Generated in 0.100 seconds, 12 queries executed - Memory usage: 1.8 MiB (Peak: 2.07 MiB) ]