Sidebar

Tobacco Reviews Site Has Been Hacked

Log in

Forgot your password?

SmokingPipes.com Updates

Watch for Updates Twice a Week

PipesMagazine Approved Sponsor

Site Sponsors

Al Pascia
Blue Room Briars
Cigar World
Danish Pipe Shop
LePipe.it
MBSD Pipes
Missouri Meerschaum
Pipes2Smoke.com
PipeStud.com
SmokingPipes.com
Tabaccheria Corti
TinBids.com

PipesMagazine Approved Sponsor

PipesMagazine Approved Sponsor

PipesMagazine Approved Sponsor

PipesMagazine Approved Sponsor

Status
Not open for further replies.
hoosierpipeguy

hoosierpipeguy

Lifer
Jan 28, 2018
13,900
155,204
67
Sarasota, FL
Sonorisis said:
The message I got said their security certificate had expired. Whatever the case may be, I decided not to go there. Hope they get it sorted out.
Click to expand...

That's it, security certificate. It's the difference between the URL starting with http vs https. There's no e-commerce there, I don't see an issue. The site admin just needs to update their certificate with whoever holds the domain.
 
  • Like
Reactions: kg.legat0, CoffeeAndBourbon, anotherbob and 3 others
--dante--

--dante--

Lifer
Jun 11, 2020
1,099
7,751
Pittsburgh, PA USA
I'm a sysadmin for a university, and maintain a number of secure web servers -- that's an expired ssl certificate. Sloppy to allow that to happen, but it basically means the site can no longer be verified as the site it says it is, and the connection to it is unencrypted. You wouldn't want to proceed to an e-commerce site with that warning, but if it's just a forum or something, I wouldn't worry about it if you visit the site as a non-member user. If your browser logs you in automatically, however, be aware that your traffic, including user and password, is being transferred in the clear (unencrypted), and thus could be captured by someone on your network.
 
  • Like
Reactions: chopper, Sloopjohnbee, mawnansmiff and 5 others
mso489

mso489

Lifer
Feb 21, 2013
41,210
60,610
Web sites are like small children, requiring continual care and attention, or things go wrong fast. So many sites, even corporate sites, are set up with fanfare and not maintained. I think it is because web tech talent is hired away, and the sites are left to non-techies who don't know the moves. It is amazing what gets left up on sites ... fired employees and outdated information, just as examples.
 
  • Like
Reactions: CoffeeAndBourbon and BROBS
olkofri

olkofri

Lifer
Sep 9, 2017
8,166
14,976
The Arm of Orion
If you were to go to my website (www.diamantstudios.ca) with Chrome, it will probably won't let you in. Reason: the SSL certificate is expired. It's been so since AD 2017. I don't pay for SSLs: no point in it for a site that basically makes me no money and it's merely informative: I'm not selling anything there other than my services and for that people would need to contact me directly. The only personal info that is 'collected' is whatever is put in the Contact form if you chose to use it and it's nothing I could use to empty your bank account or steal your identity.

Could I use a 'free' SSL certificate? Sure, and I might do so in the near future. Point is, many 'free' certificates are just a means to bend website owners over. A very popular 'free' SSL cert issuer turned out to be a front for the Chinese to steal info.

Now, Firefox lets you add security exceptions to those sites and browse on: that's what I always do. Chrome won't let you do that, though: Chrome is Google, and Google makes money off search ranks and categorisations and other stuff: it's in THEIR interest to try to force every website owner to buy certificates because that fuels the Internet economy from which they profit immensely. It has nothing to do with your protection or security: they couldn't care less if you were hacked, botted, or had your data held for ransom. It's just control on their part with the excuse of 'protecting' you. Have we seen that elsewhere? Of course: many are now following that business model.
 
Last edited:
  • Like
Reactions: CoffeeAndBourbon, briarbuck, Bowie and 1 other person
--dante--

--dante--

Lifer
Jun 11, 2020
1,099
7,751
Pittsburgh, PA USA
olkofri said:
If you were to go to my website (www.diamantstudios.ca) with Chrome, it will probably won't let you in. Reason: the SSL certificate is expired. It's been so since AD 2017. I don't pay for SSLs: no point in it for a site that basically makes me no money and it's merely informative: I'm not selling anything there other than my services and for that people would need to contact me directly. The only personal info that is 'collected' is whatever is put in the Contact form if you chose to use it and it's nothing I could use to empty your bank account or steal your identity.

Could I use a 'free' SSL certificate? Sure, and I might do so in the near future. Point is, many 'free' certificates are just a means to bend website owners over. A very popular 'free' SSL cert issuer turned out to be a front for the Chinese to steal info.

Now, Firefox lets you add security exceptions to those sites and browse on: that's what I always do. Chrome won't let you do that, though: Chrome is Google, and Google makes money off search ranks and categorisations and other stuff: it's in THEIR interest to try to force every website owner to buy certificates because that fuels the Internet economy from which they profit immensely. It has nothing to do with your protection or security: they couldn't care less if you were hacked, botted, or had your data held for ransom. It's just control on their part with the excuse of 'protecting' you. Have we seen that elsewhere? Of course: many are now following that business model.
Click to expand...
If you don't want to have encrypted traffic and a. verifiable site, you would be better off not having SSL to begin with, seeing as you don't manage accounts or anything. Just leave it as a standard http site -- then you wouldn't have that problem to begin with.
 
  • Like
Reactions: CoffeeAndBourbon and sandollars
Status
Not open for further replies.
Top Bottom