Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?
You are not logged in.
SSL is now enabled for this site as you may or may not have noticed.
This may or may not mean a whole lot, but it is integral to preventing man-in-the-middle attacks and eavesdropping. Read more...
*u stinky*
Offline
I still don't understand what this means.
This is a false statement.
Offline
I still don't understand what this means.
Shellshock Live of course!
10 years and still awkward. Keep it up, baby!
Offline
Creature wrote:I still don't understand what this means.
Shellshock Live of course!
Why do we need this?
This is a false statement.
Offline
I'm having a hard time believing anyone cares even a fraction about this site enough to launch any sort of attack that making the site's communications secure will help. What we're most vulnerable to are raids, can you do anything about those? Maybe preventing repetitive posts and disallowing image posting until you have a handful of posts made?
"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto
Offline
I'm having a hard time believing anyone cares even a fraction about this site enough to launch any sort of attack that making the site's communications secure will help. What we're most vulnerable to are raids, can you do anything about those? Maybe preventing repetitive posts and disallowing image posting until you have a handful of posts made?
Yes. I'm going to make it so that you need to have a certain amount of posts before you can embed images.
I'm also adding some more information about tags.
EDITS:
Added an 'About BBCode' that shows more information about BBCode.
Added a limit of minimum 25 posts before a user can use BBCode.
Added a new BBCode Tag (click here to find out!)
Updated youtube tags to load content from youtube over https.
Updated the Help page to reference youtube tags.
Working on mailservers to actually work properly.
*u stinky*
Offline
Geee thanks a lot... now the forum doesn't work on Chrome
Last edited by dazz (Oct 6 2014 1:01:18 pm)
Offline
dazz wrote:Geee thanks a lot... now the forum doesn't work on Chrome
It works fine for me.
Same here.
10 years and still awkward. Keep it up, baby!
Offline
Geee thanks a lot... now the forum doesn't work on Chrome
It should work fine, in the case that it doesn't, it is only temporary.
SSL may not fully propagate entirely, however it should be fine for everyone within 24 hours.
The forum should be fully functional despite any certificate issues.
Viewing topics will not have a padlock icon, because it is loading images that people embed in their signatures without https. The type of content that can be loaded is unable to modify content on-site, with the exception of being (possibly) youtube with restrictions IF the content is loaded.
*u stinky*
Offline
Atilla I don't believe that someone will tray to intercept the data between any user to forum...
I hope it dosent have any heart bleed issues.
Everybody edits, but some edit more than others
Offline
For me it's okay having that, forum isn't run by me, i don't choose if the forum will die with ee or don't.
This is a false statement.
Offline
Atilla I don't believe that someone will tray to intercept the data between any user to forum...
I hope it dosent have any heart bleed issues.
There aren't any heartbleed issues, that's a good concern however. Nor do I think a user would try to intercept any data, however that doesn't mean that encryption shouldn't be everywhere. It's a technology that only helps.
Plus, man in the middle attacks don't just occur from out of nowhere. If you use any of your devices from anywhere, any connections you make on a public wifi connection without encryption can have unwanted consequences.
This is what a man in the middle attack is. It can happen outside your home, and it affects a lot of people - especially due to wifi authentication and trust issues, if you want to learn more, google pineapple wifi.
*u stinky*
Offline
dazz wrote:Geee thanks a lot... now the forum doesn't work on Chrome
It should work fine, in the case that it doesn't, it is only temporary.
SSL may not fully propagate entirely, however it should be fine for everyone within 24 hours.The forum should be fully functional despite any certificate issues.
Viewing topics will not have a padlock icon, because it is loading images that people embed in their signatures without https. The type of content that can be loaded is unable to modify content on-site, with the exception of being (possibly) youtube with restrictions IF the content is loaded.
Ok ok my bad, this time, for the first time I actually can proceed and enter the page, usually it gives me an error, now is working, thank you! I still get the ''https red slash'' but meh it's ok.
Last edited by dazz (Oct 6 2014 1:33:11 pm)
Offline
I can't access it from Opera anymore. It works fine on my mobile browser but on desktop it just says
Secure connection: fatal error (40) from server.
Failed to connect to server. The reason may be that the encryption methods supported by the server are not enabled in the security preferences.
Please note that some encryption methods are no longer supported, and that access will not be possible until the website has been upgraded to use strong encryption.
so if you could switch to a different encryption method, I'd appreciate it.
And everyone is now getting invalid certificate errors on browsers that do work. While we might actually be more secure, it's not coming off that way to everyone who now sees security warnings on every page, whether that's a popup or just an annoyingly bright red address bar) where before there were none. We're probably going to scare a few potential new members, annoy a few more away, and scare away one or two old users who might think that the forums have been hacked.
EDIT: I've been doing some research on HTTPS, and HTTPS with a self-signed certificate can't protect us from man-in-the-middle attacks. Is ours self-signed? I thought so, because it yells at everyone about security.
Last edited by Different55 (Oct 6 2014 5:59:25 pm)
"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto
Offline
I can't access it from Opera anymore. It works fine on my mobile browser but on desktop it just says
Secure connection: fatal error (40) from server.
Failed to connect to server. The reason may be that the encryption methods supported by the server are not enabled in the security preferences.
Please note that some encryption methods are no longer supported, and that access will not be possible until the website has been upgraded to use strong encryption.
so if you could switch to a different encryption method, I'd appreciate it.
And everyone is now getting invalid certificate errors on browsers that do work. While we might actually be more secure, it's not coming off that way to everyone who now sees security warnings on every page, whether that's a popup or just an annoyingly bright red address bar) where before there were none. We're probably going to scare a few potential new members, annoy a few more away, and scare away one or two old users who might think that the forums have been hacked.
EDIT: I've been doing some research on HTTPS, and HTTPS with a self-signed certificate can't protect us from man-in-the-middle attacks.
a self signed certificate is more insecure than a CA certificate only when the client does not know the certificate in advance and therefore has no way to validate that the server is who it says it is.
If you add the self signed certificate to the client and don't accept any other certificate, you're actually as secure (or, one could argue, even more so) than having a certificate authority signed certificate.
The important parts to keep SSL secure with or without a certificate authority are;
The server private key (and in the case of a CA, the private keys of all its roots) is kept secret.
The client knows the server certificate (or its CA root).
The SSL errors should disappear within a day or two. The encryption shouldn't be a problem.
*u stinky*
Offline
its funny that the Forum of EE have SSL but EE dosent.
Everybody edits, but some edit more than others
Offline
The encryption shouldn't be a problem.
It is tho. ;_;
"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto
Offline
I thought these forums were down for a few days, I was getting an error page until just now I noticed there was a "Continue anyway" button. Now the adress bar is red, huh..
And that's going to happen to every person who comes here. I doubt we'll ever see another new user as long as they keep getting scared off by security errors designed to look intimidating. Trying to run a (small) website (Where nobody will ever launch a MITM attack) with SSL without a certificate is just shooting yourself in the foot. Having a self-signed certificate desensitizes everyone to security errors. If they somehow get caught up in a MITM attack, they'll see another error... Which they will then ignore because most people don't know better. The errors will look identical to them, so they'll continue and then fall into the MITM anyway. Some browsers display certificate errors once each session. Those people are particularly susceptible, since they won't even notice if something is out of the ordinary. This SSL isn't helping anyone.
And I'm probably going to be a lot less active since I can only get on the forums on my phone as long as we keep the current encryption method.
"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto
Offline
I don't have any errors either.
thx for sig bobithan
Offline
If you weren't warned at least the first time you came here after SSL was added, I fear for your browser.
"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto
Offline
I also don't get any errors across multiple browsers, computers and networks.
Tried on firefox, chrome and ie. Didn't get any warnings at all.
thx for sig bobithan
Offline
[ Started around 1732407352.1966 - Generated in 0.092 seconds, 12 queries executed - Memory usage: 1.8 MiB (Peak: 2.08 MiB) ]