Harmony Central Forums
Announcement
Collapse
No announcement yet.

Attention HC Admins: HC Forum Connection Not Secure Warning.

Collapse
X
  • Time
  • Show
Clear All
new posts

  • Attention HC Admins: HC Forum Connection Not Secure Warning.

    Recently I started to noticed that there is no SSL used on the log in Page/Process for this forum.

    I also started to get warnings last night that the connections for which credentials are sent is not secure.

    One can simply argue that users can create a throw away account and care less about someone seeing what they are logging in with.

    I have had serious security concerns about these forums but it is reaching a another lever.

    The least we can do is use SSL and a simple Captcha.

    Given the relentless SPAM on these forums, all, one simple have to accidentally click a link and run into some serious issues.

    I enjoy our community, please don't make me run away.


    Last edited by audioicon; 01-01-2018, 11:35 AM.
    If you stand for nothing your life becomes meaningless. The world and everything you have today exist because people before you stood up, worked hard and died to provide us all the opportunity. Get involved!

    Audio Icon

  • #2
    Are you by chance getting this warning on Firefox?
    Keeping the Harmony at Harmony Central

    Comment


    • #3
      yeah, the forums aren't secure, don't know if admins here are concerned with security
      vBulletin has a fairly poor record when it comes to the number of vulnerabilities found in their software
      the fact that threads get hardly any views, but traffic is up, seems to me that it is just bogus accounts that are attacking this place
      https://thehackernews.com/2017/12/vb...m-hacking.html
      don't know if admins here are paying attention to this, hopefully so
      https://www.vbulletin.org/forum/showthread.php?t=325905

      Comment


      • #4
        Originally posted by Dendy Jarrett View Post
        Are you by chance getting this warning on Firefox?
        Yes, but Firefox simply goes the distance to make this explicit, however, all browsers are passively indicating that the connection is not secure.
        Right now as I type this message, I can see in the top left corner of all browsers that the connection is not secure.

        In IE, there should be a lock icon and HTTPS Protocol, these are simply not there. This is very similar for Opera.

        This is simply a new Firefox Update which explicitly informs the users as of version 52:

        Per Mozilla:
        Firefox will display a lock icon with red strike-through in the address bar when a login page you’re viewing does not have a secure connection. This is to inform you that if you enter your password, it could be stolen by eavesdroppers and attackers.

        Starting in Firefox version 52, you will also see a warning message when you click inside the login box to enter a username or password.



        Simply put and as you already know, there appears to be no SSL on this forum and while I understand that the issues discussed in these forums are not matters of National Security, I am simply flabbergasted that people are logging or allowed to log into a page which has no encrypted connection.
        Last edited by audioicon; 01-01-2018, 04:50 PM.
        If you stand for nothing your life becomes meaningless. The world and everything you have today exist because people before you stood up, worked hard and died to provide us all the opportunity. Get involved!

        Audio Icon

        Comment


        • #5
          Thanks guys for bringing this to our attention. We did a security patch update and we believe something didn't carry over. We're on it.

          Thanks
          D
          Keeping the Harmony at Harmony Central

          Comment


          • #6
            Did this ever get fixed?

            Best,

            Geoff
            Enthusiasm powers the world.

            Craig Anderton's Archiving Article

            Comment


            • #7
              Originally posted by Geoff Grace View Post
              Did this ever get fixed?
              I still get the warning when I log on

              The Mandolin Picker

              "Bless your hearts... and all your vital organs" - John Duffy

              "Got time to breath, got time for music!"- Briscoe Darling, Jr.

              Comment


              • #8
                Originally posted by Geoff Grace View Post
                Did this ever get fixed?

                Best,

                Geoff
                No.
                If you stand for nothing your life becomes meaningless. The world and everything you have today exist because people before you stood up, worked hard and died to provide us all the opportunity. Get involved!

                Audio Icon

                Comment


                • #9
                  Must be the economy then.
                  Originally posted by Unconfigured Static HTML Widget...








                  Write Something, or Drag and Drop Images Here...

                  Comment


                  • #10
                    I finally got my email back up on my websites. Apparently GoDaddy shut them down because they weren't secure. I had to go through a checklist for a few hours to get the access back.....and of course they also tried to sell me a SSL CERTIFICATE.

                    DAN
                    http://musicinit.com/fastfingers.php An Experiment in 80's Technology

                    http://youtube.com/techristian My YOUTUBE channel
                    Music videos at http://musicinit.com/video.php

                    Comment

                    Working...
                    X