It is currently Fri Mar 29, 2024 1:16 am


Hauptwerk Forum web site not secure

A discussion forum for anything even marginally Hauptwerk-related.
  • Author
  • Message
Offline
User avatar

engrssc

Member

  • Posts: 7283
  • Joined: Mon Aug 22, 2005 10:12 pm
  • Location: Roscoe, IL, USA

Hauptwerk Forum web site not secure

PostTue Sep 25, 2018 9:05 pm

Getting a notice from Chrome that the website is not secure. Using 7 cookies. Should not enter any sensitive information, etc. Upper left corner. Possibly H/W doesn't have a security certificate. I think this came up once before. Only right right, I'm getting a full page notice.

Google ChromeHelp Forum
Check if a site's connection is secure
To see whether a website is safe to visit, you can check for security info about the site. Chrome will alert you if you can’t visit the site safely or privately.

In Chrome, open a page.
To check a site's security, to the left of the web address, look at the security status:
Image Lock Secure

Image Information Info or Not secure

(Red triangle) Dangerous Not secure or Dangerous

To see the site's details and permissions, select the icon. You'll see a summary of how private Chrome thinks the connection is.

What each security symbol means

These symbols let you know how safe it is to visit and use a site. They tell you if a site has a security certificate, if Chrome trusts that certificate, and if Chrome has a private connection with a site.

Fix "Your connection is not private" error

If you see a full-page error message saying "Your connection is not private," then there's a problem with the site, the network, or your device. Learn how to troubleshoot "Your connection is not private" errors.

What a security certificate is
When you go to a site that uses HTTPS (connection security), the website's server uses a certificate to prove the website's identity to browsers, like Chrome. Anyone can create a certificate claiming to be whatever website they want.

To help you stay on safe on the web, Chrome requires websites to use certificates from trusted organizations.

Anyone else getting that notice? AVG is ok with it so far.

Rgds,
Ed
Last edited by engrssc on Wed Sep 26, 2018 2:30 am, edited 1 time in total.
Offline

Erzahler

Member

  • Posts: 281
  • Joined: Mon Nov 14, 2011 8:48 pm

Re: Hauptwerk web site not secure

PostWed Sep 26, 2018 1:16 am

Yes, I have this on Firefox.
It is a bit alarming to know this in this day and age.
Offline
User avatar

engrssc

Member

  • Posts: 7283
  • Joined: Mon Aug 22, 2005 10:12 pm
  • Location: Roscoe, IL, USA

Re: Hauptwerk Forum web site not secure

PostWed Sep 26, 2018 1:29 am

The Organ Forum

https://organforum.com/forums/

as well as the MidiTzer Forum

https://miditzer.org/forum/

(both of which I frequent) are listed as being secure.

Rgds,
Ed
Offline

evertjan

Member

  • Posts: 282
  • Joined: Fri Dec 10, 2010 12:46 pm

Re: Hauptwerk Forum web site not secure

PostWed Sep 26, 2018 4:58 am

https tells you that the connection between your PC and the web server or the forum is encrypted.
It doesn't tell you that the web server of forum himself is secure. The site can be hacked etc.
So, the title of this topic is not the right one.

Other point is the use of Chrome.
The latest version Google cookies keep alive after cleaning all your browser cookies and let the browser automatically sign-in to Google sites when you have visit the site earlier and sign-in there.
That's not secure. When another person uses your PC, he/she has automatically access to all your Google related sites. They all are https connections.
See https://www.blog.google/products/chrome ... -feedback/ for info that they will make both selectable in a future version (but nobody will look to these settings and the fault remains).
Offline

RaymondList

Member

  • Posts: 223
  • Joined: Sun Mar 11, 2018 2:46 pm
  • Location: North Carolina, US

Re: Hauptwerk Forum web site not secure

PostWed Sep 26, 2018 7:48 am

And, with the wrong settings by the user, Google Chrome uploads your entire browsing history to Google. If you use Google, YOU are their 'product' they sell to make money.
Ray
Offline
User avatar

jbittner

Member

  • Posts: 111
  • Joined: Fri Aug 27, 2010 1:34 pm
  • Location: Chandler, Arizona

Re: Hauptwerk Forum web site not secure

PostWed Sep 26, 2018 9:21 am

For security, the https: protocol encrypts data between the server and client browser. It also relies on a certificate on the server to authenticate the server in order to make sure you're talking to whom you think you are.

There are two problems with the Hauptwerk site in this regard. First, if you navigate to https://hauptwerk.com you'll see that the site is protected and secure, but if you click on the Forum link in the navigation bar, it takes you to http://forum.hauptwerk.com. Since this link uses the http:// protocol it is not secure.

if you enter https://forum.hauptwerk.com in your browser address bar, you'll get a different, more severe warning from your browser stating that the certificate is bad or invalid, which, as mentioned, means that your browser cannot be sure that it is really connected to the Hauptwerk server. The error occurs because even though there is a valid certificate for the domain https://hauptwerk.com, there is not a valid certificate for the subdomain https://forum.hauptwerk.com.
John B.
Allen 965 MOS 2
Zuma Group MOS-2 Midi Keyboard Encoder
Zuma Group DM Midi Stop Controller
Hauptwerk 4.2
Major I ACO
Paramount 320
Father Willis Standard 80
Offline
User avatar

organtechnology

Member

  • Posts: 1886
  • Joined: Sun Aug 02, 2009 4:58 pm
  • Location: DFW, TX USA

Re: Hauptwerk Forum web site not secure

PostWed Sep 26, 2018 8:26 pm

The reason there are https://hauptwerk.com sites and http://forum.hauptwerk.com sites is that no money or data is exchanged on the forum site. On the secure sites there is e-commerce going on. So there is no reason for the forum to be secure, so just make an exception for the forum and don't worry about it. Also I do not think the forum is even on the e-commerce server.

Thomas
Complete Hauptwerk™ systems using real wood consoles, PC Sound Engines, Dante Audio for Home or Church. info (at) organtechnology.com http://www.organtechnology.com
Authorized Hauptwerk; Milan Digital Audio and Lavender Audio reseller.
USA and Canada shipments only.
Offline
User avatar

engrssc

Member

  • Posts: 7283
  • Joined: Mon Aug 22, 2005 10:12 pm
  • Location: Roscoe, IL, USA

Re: Hauptwerk Forum web site not secure

PostWed Sep 26, 2018 8:34 pm

So in effect, The Organ Forum and MidiTzer sites don't need to be secure as no e-commerce takes place on them either.

Rgds,
Ed
Offline

Erzahler

Member

  • Posts: 281
  • Joined: Mon Nov 14, 2011 8:48 pm

Re: Hauptwerk Forum web site not secure

PostWed Sep 26, 2018 9:16 pm

Surely if it is straight forward and not a cost to make http://forum.hauptwerk.com protected and secure then this should be done even though there is not commerce conducted here.
Offline
User avatar

jbittner

Member

  • Posts: 111
  • Joined: Fri Aug 27, 2010 1:34 pm
  • Location: Chandler, Arizona

Re: Hauptwerk Forum web site not secure

PostThu Sep 27, 2018 9:06 am

organtechnology wrote:The reason there are https://hauptwerk.com sites and http://forum.hauptwerk.com sites is that no money or data is exchanged on the forum site. On the secure sites there is e-commerce going on. So there is no reason for the forum to be secure, so just make an exception for the forum and don't worry about it. Also I do not think the forum is even on the e-commerce server.

Thomas

There is some reason to be concerned as the log-in to the forum is not secure potentially exposing your username and password. Also information in your forum profile is at risk. Although mining financial data is a primary concern of unsecure connections, hackers can also more easily alter data between traveling between client and server with a non-secure connection, injecting malware or redirecting to malicious sites.

Should you be losing sleep over this? Probably not here, but there is a move amongst the tech giants and browser providers to phase out the http: protocol due to hacker vulnerabilities. Chrome, Firefox, Edge, and Opera browsers will be getting more in your face when you connect via http: in upcoming iterations. In anticipation, many sites now redirect http: to secure https:// protocol. For example, if you enter http://organforum.com/forums in your browser, the site will redirect you and open in https://organforum.com/forums
John B.
Allen 965 MOS 2
Zuma Group MOS-2 Midi Keyboard Encoder
Zuma Group DM Midi Stop Controller
Hauptwerk 4.2
Major I ACO
Paramount 320
Father Willis Standard 80
Offline

RaymondList

Member

  • Posts: 223
  • Joined: Sun Mar 11, 2018 2:46 pm
  • Location: North Carolina, US

Re: Hauptwerk Forum web site not secure

PostThu Sep 27, 2018 10:07 am

A very real problem with unsecured sites (assuming no financial data at the unsecured site) is that many people use the same password everywhere. So if a hacker intercepts the password here, that hacker can try the same password or many similar variations of it, on financially important sites. People should consider using password management software, and create complex passwords which are totally different at each site. With the exception of my main password used to access my password management software (1password), all my passwords are completely different and look like this - 6Je#oq7MC5%yW8Io They are also as long as the password field will allow. If one does not use password management software, the next best thing is to use a series of four or five letter words that have no relationship to each other and are random, but can be remembered.
Ray

Return to General discussion

Who is online

Users browsing this forum: No registered users and 12 guests

cron