• Sign up or login, and you'll have full access to opportunities of forum.

Certificate of the site changed?

Go to CruxDreams.com
Fantasmo

Fantasmo

Senator
Something "fishy" happened today: When I tried to access the forum, I got a certificate warning by Firefox:
Errorcode: SEC_ERROR_REUSED_ISSUER_AND_SERIAL

An error occurred while connecting to www.cruxforums.com. You are trying to import a certificate with the same issuer/serial number as an existing certificate, but it is not the same certificate.

Was the site certificate changed?
 
The certificate is on auto-renewal (using Let's Encrypt) so it actually changes periodically. But the last one was issued on November 27, and the next renewal is due next February, so it's probably something else (like a misbehaving security program, as you said) that might have caused the issue.

On a side note, there's an image linked using a non-HTTPS link (http://www.cruxforums.com/xf/images/cruxdreams.jpg) which triggers a security warning. Mixing secure and non-secure content on the same page is considered a bad practice, so it'd be nice if the link could be changed.
 
Well, I run avira and I have to turn web protection off to access the page. So it is related to Avira. Not necessarily Avira's fault.
But the fact that the certificate didn't change recently, the problem started only after todays Avira Update, tells me that Avira changed something...
Now I hardly can contact Avira and have them check Cruxforums, can't I ;)
 
Strangely the problem arrises only wit Firefox, MS Edge doesn't care ;) (that much for taking security serious)
 
Eulalia said:
That's the CruxDreams banner? I don't get any warning from Malwarebytes, which is pretty sharp at spotting unwanted stuff. It may just be that it's not https, but if it is showing up as corrupted, please pass the info to ImageMaker.
Click to expand...
Yes, it's that image. Practically, the chance of it being abused is extremely low - at best, you can change that image to something you want or steal the site cookies, provided you somehow managed to hijack the traffic.

That being said, it's still a recognised security vulnerability/bad practice that triggers a warning message in most browsers (you'll see it in the browser console) while being trivial to fix. You can just change "http://" to "https://" of the image link and it'll be fine.

For technical details: Mixed Content
 
fallenmystic said:
Yes, it's that image. Practically, the chance of it being abused is extremely low - at best, you can change that image to something you want or steal the site cookies, provided you somehow managed to hijack the traffic.

That being said, it's still a recognised security vulnerability/bad practice that triggers a warning message in most browsers (you'll see it in the browser console) while being trivial to fix. You can just change "http://" to "https://" of the image link and it'll be fine.

For technical details: Mixed Content
Click to expand...
Thanks, I've alerted @ImageMaker
 
ImageMaker said:
This is a protocol error.
Google is trying to switch all websites to the https protocol.
Unfortunately, I currently do not have the opportunity to transfer the site http://www.cruxdreams.com to the https protocol, but it can and should be trusted.
Click to expand...
Technically speaking, it's not about whether or not the target website could be trusted but about the possibility that the traffic can be hijacked by a 3rd party (i.e. hackers). And using HTTPS is pretty much mandatory for any website nowadays, especially if it requires login. So it's not directly related to Google, although they try to persuade people to migrate like all the major players related to the web standard do.

But as I mentioned above, the possibility of someone exploiting the issue is pretty low. So, I don't find it too much of a problem if it cannot easily be changed at the moment.

I'd be much more concerned that www.cruxdreams.com isn't using HTTPS if I were a member, however. So, I think it'd be better to deal with the issue sooner rather than later if possible.

Thanks for the response!
 
You must log in or register to reply here.
Back
Top Bottom