PDA

View Full Version : Is the forum under attack


jbergey22
10-02-2021, 12:23 AM
I keep getting a message from Chrome telling me this site can not be proved safe and may be under attack.

SirFozzie
10-02-2021, 12:44 AM
Probably s omething to do wtih the downtime OS had earlier today.

JonInMiddleGA
10-02-2021, 05:54 AM
I keep getting a message from Chrome telling me this site can not be proved safe and may be under attack.

Security certificate has/had expired

Drake
10-02-2021, 06:58 AM
Security certificate has/had expired

Kind of makes me feel better about the fact that no matter what record keeping system we try to employ at work we seem to end up with a couple of certificates that don't get renewed on time every single year.

JonInMiddleGA
10-02-2021, 07:02 AM
Kind of makes me feel better about the fact that no matter what record keeping system we try to employ at work we seem to end up with a couple of certificates that don't get renewed on time every single year.

My streak of not actually knowing wtf those things even do / refer to continues.

bhlloy
10-02-2021, 11:08 AM
Some customers of ours had issues on Thursday and into the weekend as a cert for a popular free authority (Let’s encrypt) had expired - shouldn’t have been an issue with the way they handle it but there’s a bug in older versions of OpenSSL that meant the cert they added to the trust chain in parallel wasn’t honored all the time. Not sure this is the exact same issue due to timing, but seems suspicious.

For those who don’t know what any of that means, imagine that the cert is the police badge and ID telling you that you are actually interacting with FOFC and not sending your data to the equivalent of the fake cop who is going to murder you and steal all your shit. It’s a lot more complicated than that, and dealing with cert chains and trust sucks balls, but I think that’s a decent example.

sterlingice
10-02-2021, 11:21 AM
As someone who spent a decent part of last week dealing with certs for my servers, it feels needlessly complicated (cert for the server, then for the load balancer, then browsers are still registering the old certs, etc. I'm not great with certs and that's probably some of it. But, I understand why one of our main admins just says "screw it" and never bothers with certs on a bunch of our internal servers so we always just have to click through the warning message.

SI

Toddzilla
10-02-2021, 11:32 AM
Google some years ago forget to renew their domain and some rando registered it and then sold it back for $$$$$

hxxps://www.theverge.com/2016/1/29/10868404/google-reveals-how-much-it-paid-the-guy-who-bought-google-com