Some tidbits about informaction.com SSL
-
- Senior Member
- Posts: 65
- Joined: Mon Apr 20, 2009 4:03 pm
Some tidbits about informaction.com SSL
I offer this (nearly) without comment, because there's already been enough silly controversy over SSL Labs' results. I would, however, at least disable SSLv2 support and any insecure algorithms left over afterward:
https://www.ssllabs.com/ssldb/analyze.h ... action.com
I ended up at https://forums.informaction.com/ via misadventure with GreaseMonkey and discovered that the server(s) in question serve SSL, but the included certificate is not valid for forums.informaction.com. I certainly encourage, support, and appreciate at least the ability to submit credentials securely, but ^https://forums\.informaction\.com/ucp\.php\?mode=login.* seems to end up at a different server or VHOST, and produces a 404. Actually, so does any other phpBB location I tested on forums.informaction.com.
https://www.ssllabs.com/ssldb/analyze.h ... action.com
I ended up at https://forums.informaction.com/ via misadventure with GreaseMonkey and discovered that the server(s) in question serve SSL, but the included certificate is not valid for forums.informaction.com. I certainly encourage, support, and appreciate at least the ability to submit credentials securely, but ^https://forums\.informaction\.com/ucp\.php\?mode=login.* seems to end up at a different server or VHOST, and produces a 404. Actually, so does any other phpBB location I tested on forums.informaction.com.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.4) Gecko/20100527 Firefox/3.6.4
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Some tidbits about informaction.com SSL
In fact forums.informaction.com is not secured.
Only secure.informaction.com (used to serve NoScript's and FlashGot's XPIs) is.
This may change in future, but for the time being this is the (legitimate) setup.
Only secure.informaction.com (used to serve NoScript's and FlashGot's XPIs) is.
This may change in future, but for the time being this is the (legitimate) setup.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6
-
- Senior Member
- Posts: 65
- Joined: Mon Apr 20, 2009 4:03 pm
Re: Some tidbits about informaction.com SSL
Righto. Is SSLv2 left enabled for a reason, though? It's been deprecated and disabled-by-default most everywhere.Giorgio Maone wrote:In fact forums.informaction.com is not secured.
Only secure.informaction.com (used to serve NoScript's and FlashGot's XPIs) is.
This may change in future, but for the time being this is the (legitimate) setup.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Some tidbits about informaction.com SSL
Laziness. The browser will negotiate SSLv3 anyway.aloishammer wrote: Righto. Is SSLv2 left enabled for a reason, though? It's been deprecated and disabled-by-default most everywhere.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6
-
- Posts: 1
- Joined: Fri Jul 30, 2010 3:41 pm
Re: Some tidbits about informaction.com SSL
In laymans terms, could someone please explain what secure.informaction.com is?
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
Re: Some tidbits about informaction.com SSL
I'll guess that it's a (secure) site used to serve two extensions, NoScript & FlashGot, to the public, & as an alternative to https://addons.mozilla.org/ (which may not always be as current). https: being required by the Mozilla Extension Manager.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.11) Gecko/20100701 SeaMonkey/2.0.6
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Some tidbits about informaction.com SSL
Correct, and it's used to implement http://noscript.net/abe/wan as well now.therube wrote:I'll guess that it's a (secure) site used to serve two extensions, NoScript & FlashGot, to the public, & as an alternative to https://addons.mozilla.org/ (which may not always be as current). https: being required by the Mozilla Extension Manager.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Some tidbits about informaction.com SSL
BTW, @aloishammer:
I took the time to tighten up your "tidbits". Please recheck https://www.ssllabs.com/ssldb/analyze.h ... 103.139.52
I took the time to tighten up your "tidbits". Please recheck https://www.ssllabs.com/ssldb/analyze.h ... 103.139.52
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
- GµårÐïåñ
- Lieutenant Colonel
- Posts: 3365
- Joined: Fri Mar 20, 2009 5:19 am
- Location: PST - USA
- Contact:
Re: Some tidbits about informaction.com SSL
You are posting public discussions in a public forum that allow anonymous posting so you don't even need an account. So what's the problem, HTTP is just fine and HTTPS would be unnecessary. Its like putting a 10k sound system in a Yugo. Get over it and move on, its a legitimate setup and works just fine and doesn't need to be any more secure than it already is. Dead horse, stop beating it.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
________________ .: [ Major Mike's ] :. ________________
Mozilla/6.9 (Windows NT 6.9; rv:6.9) Gecko/69696969 Firefox/6.9
-
- Ambassador
- Posts: 1586
- Joined: Fri Mar 20, 2009 4:47 am
- Location: Colorado, USA
Re: Some tidbits about informaction.com SSL
^^ Just a spammer. Locking.
Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2
Re: Some tidbits about informaction.com SSL
Giorgio Maone wrote:In fact forums.informaction.com is not secured.
Only secure.informaction.com (used to serve NoScript's and FlashGot's XPIs) is.
This may change in future, but for the time being this is the (legitimate) setup.
Is it worth revisiting this?GµårÐïåñ wrote:You are posting public discussions in a public forum that allow anonymous posting so you don't even need an account. So what's the problem, HTTP is just fine and HTTPS would be unnecessary. Its like putting a 10k sound system in a Yugo. Get over it and move on, its a legitimate setup and works just fine and doesn't need to be any more secure than it already is. Dead horse, stop beating it.
I for one would be happy to use HTTPS to access the forums, especially since the public transport system where I live offers free WiFi (which is of course insecure).
And I'd be willing to verify a self-signed certificate - or one signed by an Informaction CA - to save Giorgio the expense of buying one.
ETA: Also discussed at http://forums.informaction.com/viewtopi ... 412&p=1489. Giorgio wasn't too concerned, but I tend to agree with Tom's concerns.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Linux i686; rv:12.2) Gecko/20121102 PaleMoon/12.2