Invalid SSL Certificate for MacRumors.com

Discussion in 'Site and Forum Feedback' started by ravenvii, Oct 10, 2015.

  1. ravenvii macrumors 604

    ravenvii

    Joined:
    Mar 17, 2004
    Location:
    Melenkurion Skyweir
    #1
  2. leesweet macrumors demi-god

    leesweet

    Joined:
    Feb 1, 2009
    Location:
    Northern Virginia, USA
    #2
    Yeah, looks like wrong cert totally, not the usual someone let it expire.
     
  3. yillbs macrumors 6502

    yillbs

    Joined:
    Oct 2, 2015
    Location:
    Texas
    #3
    Probably doing work.. something like that rarely gets over looked. Not that it matters, their is absolutely no reason to need SSL on a site like this, I think people assume they need it, and sites like this, and everyone else hops on board, wasting money, and configuring the crap because the public doens't really know what it does.
     
  4. leesweet macrumors demi-god

    leesweet

    Joined:
    Feb 1, 2009
    Location:
    Northern Virginia, USA
    #4
    Exactly. *Maybe* the login box should use it. Maybe. Anything else, who cares.
     
  5. yillbs macrumors 6502

    yillbs

    Joined:
    Oct 2, 2015
    Location:
    Texas
    #5
    Thank you! You have NO IDEA how many people go to one of my sites and email us saying " no ssl, i refuse to use your website ", and i'm talking static sites here! Ugh, I hate how uneducated the internet users are becoming with tech that doesn't involve a watch, a phone, or a tablet :p

    haha!
     
  6. ravenvii thread starter macrumors 604

    ravenvii

    Joined:
    Mar 17, 2004
    Location:
    Melenkurion Skyweir
    #6
    Rare as it may be, even with a static site you're leaving yourself open to man-in-the-middle attacks.

    But for MacRumors, we're not exactly talking about static sites, are we?
     
  7. yillbs macrumors 6502

    yillbs

    Joined:
    Oct 2, 2015
    Location:
    Texas
    #7
    MacRumors isn't static, but their is -nothing- here that would even apply to that. it's an open forum, where communication is shared openly. If it's altered, we'd know. Instant messages ( maybe ), but even then not happening, knowing the person sending, timing, etc. Those types of attacks are dated, and really don't even apply.

    So as the last guy said, maybe on the login system, but no offense, i think i'd survive if someone managed to grab my username and password from mac rumors. Even then, it's a stretch, a big one.
     
  8. ravenvii thread starter macrumors 604

    ravenvii

    Joined:
    Mar 17, 2004
    Location:
    Melenkurion Skyweir
    #8
    You, maybe. That person stupid enough to use the same password for MacRumors and a banking account, not so much.

    The truth of it is, SSL is already implemented here. They simply need to get a new certificate, which costs a whopping $9 a year. So why not?
     
  9. leesweet macrumors demi-god

    leesweet

    Joined:
    Feb 1, 2009
    Location:
    Northern Virginia, USA
    #9
    The cert in place has about 30 names on it for all sorts of things; I'm not sure what happens; perhaps the hosting company messed up? Anyone can see all the sites the cert is for, use your browser and look for the 'more info' on the certificate when you come here using SSL. Someone really messed it up, and perhaps no one ever checked it because no one uses SSL with MR. :)
     
  10. SandboxGeneral Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #10
    To the best of my knowledge, MacRumors doesn't use SSL on the site, so you shouldn't use https in the address bar. @arn can verify this of course.
     
  11. leesweet macrumors demi-god

    leesweet

    Joined:
    Feb 1, 2009
    Location:
    Northern Virginia, USA
    #11
    Right, could be things bleeding over from other sites hosted at the same place.
     
  12. gnasher729 macrumors P6

    gnasher729

    Joined:
    Nov 25, 2005
    #12
    Tell that to Apple which in iOS 9 will automatically try to perform any web traffic using https and reject http-only servers (unless the application takes specific action to allow such traffic). The safest method is to use https for everything. Much safer than deciding which sites need https and which sites don't, and getting it wrong.
     
  13. 29er, Oct 19, 2015
    Last edited: Oct 19, 2015

    29er macrumors member

    29er

    Joined:
    Jan 28, 2013
    #13
    @SandboxGeneral is correct. www.macrumors.com is not configured to use SSL certificates so if you try to visit the secure version of the site, you'll get that "error". you will also get that "error" if you try to visit any other site that is not configured/has SSL disabled (ex: cnn.com)
     
  14. jonthanfielding macrumors newbie

    Joined:
    Oct 21, 2015
    #14
    I am a web developer and the entire industry is shifting towards HTTPS for a number of reasons:

    • It prevents man in the middle attacks, you know the website your visiting has the content that you expect. A man in the middle could inject malicious code into the webpage that captures the username and password you enter to login to the forum. They could then try to use the login details on other sites to get access to you amazon account, your itunes account etc.
    • For websites to take advantage of many of the new features in browsers they will have to use HTTPS, a new technology called ServiceWorker for example insist on HTTPS. ServiceWorker is the tech that allows websites to send push notifications, store content offline on your device etc.
    • Even more important, HTTP2, the faster protocol for loading content across the internet requires HTTPS so to load sites faster the website needs to use HTTPS.

    There are so many other reasons to use SSL that i wont list here, but its not about jumping on the bandwagon, its something all websites need to do.

    There is a big initiative at the moment to make all websites use HTTPS, and part of it is a thing called Lets encrypt https://letsencrypt.org/ which allows people to install SSL (HTTPS) on their site for free.
     
  15. lordcris macrumors newbie

    lordcris

    Joined:
    Sep 29, 2015
    #15
    Pretty pathetic for a site with millions visitors per month to not have a valid SSL certificate.
     
  16. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #16
    Perhaps you missed or misunderstood the actual discussion and its findings in this thread?
     
  17. valexa macrumors member

    Joined:
    Nov 3, 2007
    #17

Share This Page