Connection unsafe?

[chad878262]

Just about 30 minutes ago I started getting notification that my connection is unsafe when going to bgtscc... The bar says "! Not Secure" and the https has a diagonal slash through it.

[mrm3ntalist]

Me too. Already reported this to the admins and janniez. It looks like a certificate expired and that there is no real issue

[Akroma666]

Super annoying on a mobile.. pops up every time you navigate

[mrm3ntalist]

Zanniej is looking into it. Lets wait and hear from the man.

[Calodan]

Zanniej is looking into it. Lets wait and hear from the man.

Instant gratification world! WE WANTS OUR FIX NOWZ!!!!

[Maecius]

Zanniej thought we'd renewed our security certificate, but we missed a step. He's going to be fixing it for us here soon (probably early tomorrow morning).

It should be safe in the sense that we don't have sensitive banking information or anything like that to steal here, but the warnings will keep showing until it's fixed.

[Omega07]

Just when I got paid from work and was gonna donate too! Haha.

Is Skynet attacking us?

Glad I'm not the only one to see this.

..

[K'yon Oblodra]

The certificate has nothing to do with security really... It only marks the site as secure because they buy the certificate... Making money with this is all that's behind it... After all people get scared of they get the not secure message despite the site not working any different is really just the certificate that run out which does nothing but tell the browser: "this is a secure site"....

[Aspect of Sorrow]

Swing and a miss. The transport layer negotiates the means of encryption the browser and Web server will communicate with a basis of the CA which it hinges on for authorization to ensure it is whom the recipient states it is. Run Wireshark and compare the readability of http POST vs https payloads.

If I were nefarious, a MitM attack would mean that someone on this forum probably uses the same log in password they would've used for their email account, which bypasses the one way hash that phpBB performs for the sake of not containing plaintext. HTTPS mitigates that.

We are still using the HTTPS encryption. The browser is just warning the user that yhe certificate used is not what a reliable third party can confirm.

For what it's worth, you can obtain free SSL CA from places like Let's Encrypt. Can't be a money grabbing scheme there.

[Zanniej]

Sorry guys, it's fixed again.
I messed up the last step of renewing our certificate on tuesday. It should normally just pick up the new cert when the old one expires, which was yesterday, but since I missed a step, it didn't.

No real biggy, just pretty annoying So once again, sorry

[Tsidkenu]

*snip*

[Zanniej]

*snip*

The latter
Though I must admit I must quite often read AoS' remarks (at least) twice to understand, and it's my area of expertise

But, in an effort to perhaps make it a bit more understandable:
The certificate tells you that the website is indeed who it claims to be. The HTTPS encrypts your connection. In short, that means that where you would first log in without HTTPS, you would send your username and password in plain text. This means that if someone manages to intercept your connection (by insecure WiFi for example), they'll be able to read your username and password. This is a Man-in-the-Middle (MitM) attack.
With HTTPS however, you first connect to the website, which creates a secured connection between you and the website. You both get an encryption code with which you can encode and decode your message. That way, the "Man-in-the-Middle" would only see gibberish, which is only readable if you have the key to decode it.

The above is in very short how it works, though I might've given a bit of a too short explanation here and there. So don't go using this information to pretend you know it all, as I don't know it all either
Should you wish to know more in depth about such things, I recommend asking AoS, as he's more knowledgable in it than I am, I think.

[K'yon Oblodra]

And overall the connection would still be safe even without the certificate only that your browser wouldn't be able to tell you if it is or not...