Page 1 of 1

Hauptwerk Forum web site not secure

PostPosted: Tue Sep 25, 2018 9:05 pm
by engrssc
Getting a notice from Chrome that the website is not secure. Using 7 cookies. Should not enter any sensitive information, etc. Upper left corner. Possibly H/W doesn't have a security certificate. I think this came up once before. Only right right, I'm getting a full page notice.

Google ChromeHelp Forum
Check if a site's connection is secure
To see whether a website is safe to visit, you can check for security info about the site. Chrome will alert you if you can’t visit the site safely or privately.

In Chrome, open a page.
To check a site's security, to the left of the web address, look at the security status:
Image Lock Secure

Image Information Info or Not secure

(Red triangle) Dangerous Not secure or Dangerous

To see the site's details and permissions, select the icon. You'll see a summary of how private Chrome thinks the connection is.

What each security symbol means

These symbols let you know how safe it is to visit and use a site. They tell you if a site has a security certificate, if Chrome trusts that certificate, and if Chrome has a private connection with a site.

Fix "Your connection is not private" error

If you see a full-page error message saying "Your connection is not private," then there's a problem with the site, the network, or your device. Learn how to troubleshoot "Your connection is not private" errors.

What a security certificate is
When you go to a site that uses HTTPS (connection security), the website's server uses a certificate to prove the website's identity to browsers, like Chrome. Anyone can create a certificate claiming to be whatever website they want.

To help you stay on safe on the web, Chrome requires websites to use certificates from trusted organizations.

Anyone else getting that notice? AVG is ok with it so far.

Rgds,
Ed

Re: Hauptwerk web site not secure

PostPosted: Wed Sep 26, 2018 1:16 am
by Erzahler
Yes, I have this on Firefox.
It is a bit alarming to know this in this day and age.

Re: Hauptwerk Forum web site not secure

PostPosted: Wed Sep 26, 2018 1:29 am
by engrssc
The Organ Forum

https://organforum.com/forums/

as well as the MidiTzer Forum

https://miditzer.org/forum/

(both of which I frequent) are listed as being secure.

Rgds,
Ed

Re: Hauptwerk Forum web site not secure

PostPosted: Wed Sep 26, 2018 4:58 am
by evertjan
https tells you that the connection between your PC and the web server or the forum is encrypted.
It doesn't tell you that the web server of forum himself is secure. The site can be hacked etc.
So, the title of this topic is not the right one.

Other point is the use of Chrome.
The latest version Google cookies keep alive after cleaning all your browser cookies and let the browser automatically sign-in to Google sites when you have visit the site earlier and sign-in there.
That's not secure. When another person uses your PC, he/she has automatically access to all your Google related sites. They all are https connections.
See https://www.blog.google/products/chrome ... -feedback/ for info that they will make both selectable in a future version (but nobody will look to these settings and the fault remains).

Re: Hauptwerk Forum web site not secure

PostPosted: Wed Sep 26, 2018 7:48 am
by RaymondList
And, with the wrong settings by the user, Google Chrome uploads your entire browsing history to Google. If you use Google, YOU are their 'product' they sell to make money.

Re: Hauptwerk Forum web site not secure

PostPosted: Wed Sep 26, 2018 9:21 am
by jbittner
For security, the https: protocol encrypts data between the server and client browser. It also relies on a certificate on the server to authenticate the server in order to make sure you're talking to whom you think you are.

There are two problems with the Hauptwerk site in this regard. First, if you navigate to https://hauptwerk.com you'll see that the site is protected and secure, but if you click on the Forum link in the navigation bar, it takes you to http://forum.hauptwerk.com. Since this link uses the http:// protocol it is not secure.

if you enter https://forum.hauptwerk.com in your browser address bar, you'll get a different, more severe warning from your browser stating that the certificate is bad or invalid, which, as mentioned, means that your browser cannot be sure that it is really connected to the Hauptwerk server. The error occurs because even though there is a valid certificate for the domain https://hauptwerk.com, there is not a valid certificate for the subdomain https://forum.hauptwerk.com.

Re: Hauptwerk Forum web site not secure

PostPosted: Wed Sep 26, 2018 8:26 pm
by organtechnology
The reason there are https://hauptwerk.com sites and http://forum.hauptwerk.com sites is that no money or data is exchanged on the forum site. On the secure sites there is e-commerce going on. So there is no reason for the forum to be secure, so just make an exception for the forum and don't worry about it. Also I do not think the forum is even on the e-commerce server.

Thomas

Re: Hauptwerk Forum web site not secure

PostPosted: Wed Sep 26, 2018 8:34 pm
by engrssc
So in effect, The Organ Forum and MidiTzer sites don't need to be secure as no e-commerce takes place on them either.

Rgds,
Ed

Re: Hauptwerk Forum web site not secure

PostPosted: Wed Sep 26, 2018 9:16 pm
by Erzahler
Surely if it is straight forward and not a cost to make http://forum.hauptwerk.com protected and secure then this should be done even though there is not commerce conducted here.

Re: Hauptwerk Forum web site not secure

PostPosted: Thu Sep 27, 2018 9:06 am
by jbittner
organtechnology wrote:The reason there are https://hauptwerk.com sites and http://forum.hauptwerk.com sites is that no money or data is exchanged on the forum site. On the secure sites there is e-commerce going on. So there is no reason for the forum to be secure, so just make an exception for the forum and don't worry about it. Also I do not think the forum is even on the e-commerce server.

Thomas

There is some reason to be concerned as the log-in to the forum is not secure potentially exposing your username and password. Also information in your forum profile is at risk. Although mining financial data is a primary concern of unsecure connections, hackers can also more easily alter data between traveling between client and server with a non-secure connection, injecting malware or redirecting to malicious sites.

Should you be losing sleep over this? Probably not here, but there is a move amongst the tech giants and browser providers to phase out the http: protocol due to hacker vulnerabilities. Chrome, Firefox, Edge, and Opera browsers will be getting more in your face when you connect via http: in upcoming iterations. In anticipation, many sites now redirect http: to secure https:// protocol. For example, if you enter http://organforum.com/forums in your browser, the site will redirect you and open in https://organforum.com/forums

Re: Hauptwerk Forum web site not secure

PostPosted: Thu Sep 27, 2018 10:07 am
by RaymondList
A very real problem with unsecured sites (assuming no financial data at the unsecured site) is that many people use the same password everywhere. So if a hacker intercepts the password here, that hacker can try the same password or many similar variations of it, on financially important sites. People should consider using password management software, and create complex passwords which are totally different at each site. With the exception of my main password used to access my password management software (1password), all my passwords are completely different and look like this - 6Je#oq7MC5%yW8Io They are also as long as the password field will allow. If one does not use password management software, the next best thing is to use a series of four or five letter words that have no relationship to each other and are random, but can be remembered.