Posted on 03/03/2017 2:32:11 AM PST by knarf
A couple of months ago, my card was hacked, not my account, so I waited for a new one to re-submit my FR donation.
Your connection is not secure
The owner of secure.freerepublic.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
Learn more…
Report errors like this to help Mozilla identify and block malicious sites.
.
After the hack, I was having trouble with CHROME (I started a thread about it) and decided to download FIREFOX>
FIREFOX sometimes sounds like a geiger counter (desktop PC) when there is no activity and it has frozen up three or four times a day in the last two days.
So once again I appeal to my FReeper FRiends.
Is the FBI on to me and I'm screwed, or is Firefox not as good as I thought, or what ?
I e-mailed JimRob but it's too early for him and I'm anxious about this.
?Anyone ?
Thanx.
Chrome still gives me the message that I'm not secure but I just tried Firefox and it showed secure.
Are you logged in?
Is your beeber stuned?
Sorry to make light of your trouble. In lots of pain & in a bitchy mood.
“As if she needs a reason,” mutters my better half.
Wait a minute ... I need to re-new my tinfoil
Seriously though ... THAT is weird.
Check out trebb above .... same thing only different
I have no problem with donating beyond the popup (especially after you said you got a Chrome one but now your Firefox is secure) ... I just think it's weird and if there IS something out there ... we should know about it.
FReepers use the net every day all over the place and we could be spreading disease or something
The problem is likely that FR’s using a compromised security certificate. A lot of sites got hit by this problem.
Additional details of the problem:
“secure.freerepublic.com uses an invalid security certificate. The certificate is not trusted because it was signed using a signature algorithm that was disabled because that algorithm is not secure. Error code: SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED”
“https://secure.freerepublic.com/donate/
The certificate was signed using a signature algorithm that is disabled because it is not secure.
HTTP Strict Transport Security: false
HTTP Public Key Pinning: false”
I deleted the certificate chain as it wasn’t needed.
This is related to the SHA-1 vulnerability; several years ago, the phaseout of that algorithm began, but it was only recently that it began being enforced by browsers like Chrome, Firefox, etc.
More info here: https://www.godaddy.com/garage/webpro/security/google-chrome-phasing-ssl-certs-using-sha-1/
Modern browsers like Chrome (since 2015) and now Firefox and others will by default now block (not just warn!) any SSL/security certificate that meets the following criteria:
1. The cert uses the SHA1 hashing algorithm
2. The cert expires on or after 2017-01-01
If both these are met, the site is blocked by default.
Need to go back to the authority issuing the certificate and get them to issue a new one.
So even if I tried to donate, Firefox would black it anyway ?
Follow-up with more information - yes, SHA1 *has* been broken.
http://www.theverge.com/2017/2/23/14712118/google-sha1-collision-broken-web-encryption-shattered
“As a result, most sites have already dropped SHA-1. As recently as 2014 it was being used for as much as 90 percent of the encryption on the web, but it’s been mostly abandoned in the years since. As of January 1st, every major browser will show you a big red warning when you visit a site secured by SHA-1. It’s hard to say how many of those sites are left, but anyone with a halfway decent certificate provider is already safe.”
Firefox and most recently updated browsers will either block you or will force you to manually override the security measure to proceed. You can in fact tell Firefox to proceed anyway (it’s under the Advanced button that pops up in the warning dialog) but that’s not a good idea. Conceptually, you would only be slightly less secure if you wrote your credit card and personal information on the outside of a package and sent it through the US Postal Service to a public mail room.
Thanx ... I’ll wait for the left coast to awaken.
The FR donation website is secure by DoD IT standards.
"....sa sa some fox has a disease?"
Laz is a web genius. He is a pro, I think. Maybe he’s feeling generous and can give some free assistance.
Laz?
Talks in this thread about SHA-1 are overblown. Google Chrome is taking a super cautious, preemptive step because it is now shown a code can be broken if you have thousands of years of computer time available.
I’m using Firefox and I do not get that message, however, with chrome I do get the following warning: Your connection is not private.
"....sa sa some fox has a disease?"
NOooooooooooo
I use Chrome with no ill effects.
I have had credit cards hacked several times with no ill effects. One time I missed FR payment and another time I made a double payment. Both hacks were attributed to medical payments
Chrome is Google. Google is censorship. Don’t use Google. Delete all Chrome software from your computer. I did.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.