Trombone forum not secure?

Post Reply
ttf_robcat2075
Posts: 0
Joined: Sat Mar 31, 2018 11:58 am

Trombone forum not secure?

Post by ttf_robcat2075 »

When i come to the trombone forum with https at the front of the URL, Firefox stops me and gives me this message...

Image


If I change the URL to http I can get thru to log in but, of course, that is not secure.


I'm guessing the owner of the site is the one who needs to acquire a new security certificate?



ttf_Matt K
Posts: 0
Joined: Sat Mar 31, 2018 11:53 am

Trombone forum not secure?

Post by ttf_Matt K »

That's essentially correct. In laymens terms, the HTTP protocol doesn't make sure that you're connecting to the address you put in the URL bar. The HTTPS protocol does... but if the certificate is self-signed then it means that its basically the tromboneforum.org is self-verifying that it is tromboneforum.org - there is no other verification to make sure that you are actually connecting to tromboneforum.org or of someone is spoofing it.  Which is why you're getting that error. Anybody who has access to the network you're connecting from or your ISP could theoretically change the IP address that tromboneforum.org routes to.

That said, if you're at home it probably isn't a big deal. If your passwords for all of your accounts are unique then all an attacker would be able to gleam from your connection would be your email address and potentially be able to log in to tromboneforum.org as you.  And they'd have to go through a fair amount of trouble for that too.  Would that be bad? Potentially. But is it worth not checking out the forum?  I'm inclined not to think so.
ttf_Matt K
Posts: 0
Joined: Sat Mar 31, 2018 11:53 am

Trombone forum not secure?

Post by ttf_Matt K »

That's essentially correct. In laymens terms, the HTTP protocol doesn't make sure that you're connecting to the address you put in the URL bar. The HTTPS protocol does... but if the certificate is self-signed then it means that its basically the tromboneforum.org is self-verifying that it is tromboneforum.org - there is no other verification to make sure that you are actually connecting to tromboneforum.org or of someone is spoofing it.  Which is why you're getting that error. Anybody who has access to the network you're connecting from or your ISP could theoretically change the IP address that tromboneforum.org routes to.

That said, if you're at home it probably isn't a big deal. If your passwords for all of your accounts are unique then all an attacker would be able to gleam from your connection would be your email address and potentially be able to log in to tromboneforum.org as you.  And they'd have to go through a fair amount of trouble for that too.  Would that be bad? Potentially. But is it worth not checking out the forum?  I'm inclined not to think so.
Post Reply

Return to “Technology”