<h1 class="title">Your connection is not secure
??
</h1><h1 class="title">"The owner of forums.pepipoo.com has configured their web site improperly. To protect your information from being stolen, Firefox has not connected to this web site."</h1>
<h1 class="title">"How to troubleshoot the error code "SEC_ERROR_UNKNOWN_ISSUER" on secure websites</h1> On websites which are supposed to be secure (the URL begins with "https://"), Firefox must verify that the certificate presented by the website is valid. If the certificate cannot be validated, Firefox will stop the connection to the website and show a "https://support.mozilla.org/en-US/kb/what-does-your-connection-is-not-secure-mean" error message instead. This article explains why you might see the error code "SEC_ERROR_UNKNOWN_ISSUER" on websites and how to troubleshoot it."
Eh?
Suspect they are trying to connect using HTTPS. It seems the "pepipoo.com" SSL certificate expired in 2009!
I don't use Firefox but, out of curiosity, I opened it and accessed Pepipoo there with no difficulty at all.
Came up in the same way as it does on other browsers.
I'm sure Cacert and other free issuing authorities are recognised now as being a valid issuer - so SSL certificates are free.
Chrome and Firefox now explicitly warn that the login page is insecure as username and password are sent in plain text. Any chance of HTTPS guys? It's 2017, and SSL certificates are free and easy to install.
When is pepipoo going to move to HTTPS? I see there is a certificate for pepipoo.com (doesn't cover forums.pepipoo.com) but it expired 8 years ago. The major web browsers now give explicit warnings when web pages are serving form fields over HTTP and Firefox puts a very obtrusive warning underneath login boxes.
It's 2018, all sites should be using HTTPS only. You can do it for free now with Let's Encrypt, but even the commercial CA's don't charge much for a basic multi domain certificate. I am a web host myself and I offer it for free to all my customers.
What exactly would we be securing?
Hi - I've just registered today (thank you for being here...!).
I want to share with you that when clicking on the password field and email field on the registration form a warning appeared in my address bar: "Website Not Secure".
Hello admins,
Just wondered what the status of the cert for Pepipoo.com is?
It's a bit concerning typing login information, knowing it can be seen in the clear by anyone between the user and hosting provider, including the provider themselves.
Perhaps there is something I am missing here.
Obviously I am taking my own precautions when logging in, using different passwords and such. But I wonder if the typical Pepipoo user is taking these precautions.
Might be nice to have a message on signup informing users that their login credentials are not secure to other people on their wifi / network, and therefore to use a unique password, as we all know (hopefully) how bad the problem of re-using passwords is. Not to mention any legal issues(e.g. mass data collection, 5eyes etc), or being able to identify users and their PII.
Interested in any info you may have.
Regards
all of a sudden im getting a "Not secure" warning in the url bar. "your connection to this site is not secure"
not seen that before and displays ob both browsers i use. any one else seeing this??
It's been like this for years.
Here is someone mentioning it in 2017.
http://pepipoo.com/forums/lofiversion/index.php/t113241.html
Ive only noticed this in last couple of days! Both on Edge and google. Ill try IE and see if it does same.
It will do the same, Pepipoo hasn't had a valid SSL certificate for 11 years or so. Site owners don't seem to care.
Its noticable that today a total of 6x threads on this subject have been merged, yet noticable by its absence is any comment from Fredd !
That would be because Fredd has nothing new to add to his previous comments on this subject.
In short, there's little point in encrypting information that has no value to anyone who might have the means, motive and opportunity to intercept it and is publicly accessible once it's been posted anyway.
Touchè
Personally, setting HTTPS up with something like letsencrypt may well help indirectly - Google tends to rank such sites higher up, and most servers only support faster protocols such as HTTP/2 for connections using certificates.
Of course, people shouldn't be reusing passwords across sites, however that is always going to be an issue if you use HTTP or not regardless....
Hi Guys,
I really appreciate what you do here, there's some great advice and a lot of people successfully won against these disgusting parking cowboys. However, I work in cybersecurity and have identified a couple of critical security vulnerabilities with your forum which need addressing as a matter of urgency.
I'm sorry to post this publicly, but I can't find any way to contact the owners. Please let me know how I can get in contact with whoever is responsible for this forum to discuss this, I'd be more than happy to assist.
Thanks
Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)