Is the forum under attack

jbergey22 · 10-02-2021, 01:23 AM

I keep getting a message from Chrome telling me this site can not be proved safe and may be under attack.

SirFozzie · 10-02-2021, 01:44 AM

Probably s omething to do wtih the downtime OS had earlier today.

JonInMiddleGA · 10-02-2021, 06:54 AM

Quote:

Originally Posted by jbergey22

I keep getting a message from Chrome telling me this site can not be proved safe and may be under attack.

Security certificate has/had expired

Drake · 10-02-2021, 07:58 AM

Quote:

Originally Posted by JonInMiddleGA

Security certificate has/had expired

Kind of makes me feel better about the fact that no matter what record keeping system we try to employ at work we seem to end up with a couple of certificates that don't get renewed on time every single year.

JonInMiddleGA · 10-02-2021, 08:02 AM

Quote:

Originally Posted by Drake

Kind of makes me feel better about the fact that no matter what record keeping system we try to employ at work we seem to end up with a couple of certificates that don't get renewed on time every single year.

My streak of not actually knowing wtf those things even do / refer to continues.

bhlloy · 10-02-2021, 12:08 PM

Some customers of ours had issues on Thursday and into the weekend as a cert for a popular free authority (Let’s encrypt) had expired - shouldn’t have been an issue with the way they handle it but there’s a bug in older versions of OpenSSL that meant the cert they added to the trust chain in parallel wasn’t honored all the time. Not sure this is the exact same issue due to timing, but seems suspicious.

For those who don’t know what any of that means, imagine that the cert is the police badge and ID telling you that you are actually interacting with FOFC and not sending your data to the equivalent of the fake cop who is going to murder you and steal all your shit. It’s a lot more complicated than that, and dealing with cert chains and trust sucks balls, but I think that’s a decent example.

sterlingice · 10-02-2021, 12:21 PM

As someone who spent a decent part of last week dealing with certs for my servers, it feels needlessly complicated (cert for the server, then for the load balancer, then browsers are still registering the old certs, etc. I'm not great with certs and that's probably some of it. But, I understand why one of our main admins just says "screw it" and never bothers with certs on a bunch of our internal servers so we always just have to click through the warning message.

SI

Toddzilla · 10-02-2021, 12:32 PM

Google some years ago forget to renew their domain and some rando registered it and then sold it back for $$$$$

hxxps://www.theverge.com/2016/1/29/10868404/google-reveals-how-much-it-paid-the-guy-who-bought-google-com

10-02-2021, 01:44 AM	#2
SirFozzie Hall Of Famer Join Date: Nov 2000 Location: The State of Insanity	Probably s omething to do wtih the downtime OS had earlier today. __________________ Check out Foz's New Video Game Site, An 8-bit Mind in an 8GB world! http://an8bitmind.com

10-02-2021, 12:08 PM	#6
bhlloy Coordinator Join Date: Nov 2003	Some customers of ours had issues on Thursday and into the weekend as a cert for a popular free authority (Let’s encrypt) had expired - shouldn’t have been an issue with the way they handle it but there’s a bug in older versions of OpenSSL that meant the cert they added to the trust chain in parallel wasn’t honored all the time. Not sure this is the exact same issue due to timing, but seems suspicious. For those who don’t know what any of that means, imagine that the cert is the police badge and ID telling you that you are actually interacting with FOFC and not sending your data to the equivalent of the fake cop who is going to murder you and steal all your shit. It’s a lot more complicated than that, and dealing with cert chains and trust sucks balls, but I think that’s a decent example. Last edited by bhlloy : 10-02-2021 at 12:09 PM.

10-02-2021, 12:21 PM	#7
sterlingice Hall Of Famer Join Date: Apr 2002 Location: Back in Houston!	As someone who spent a decent part of last week dealing with certs for my servers, it feels needlessly complicated (cert for the server, then for the load balancer, then browsers are still registering the old certs, etc. I'm not great with certs and that's probably some of it. But, I understand why one of our main admins just says "screw it" and never bothers with certs on a bunch of our internal servers so we always just have to click through the warning message. SI __________________ Houston Hippopotami, III.3: 20th Anniversary Thread - All former HT players are encouraged to check it out! Janos: "Only America could produce an imbecile of your caliber!" Freakazoid: "That's because we make lots of things better than other people!" Last edited by sterlingice : 10-02-2021 at 12:23 PM.

10-02-2021, 12:32 PM	#8
Toddzilla Pro Starter Join Date: Jan 2001 Location: Burke, VA	Google some years ago forget to renew their domain and some rando registered it and then sold it back for $$$$$ hxxps://www.theverge.com/2016/1/29/10868404/google-reveals-how-much-it-paid-the-guy-who-bought-google-com

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)