Your connection is not secure
The owner of secure.freerepublic.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
Learn more…
Report errors like this to help Mozilla identify and block malicious sites.
.
After the hack, I was having trouble with CHROME (I started a thread about it) and decided to download FIREFOX>
FIREFOX sometimes sounds like a geiger counter (desktop PC) when there is no activity and it has frozen up three or four times a day in the last two days.
So once again I appeal to my FReeper FRiends.
Is the FBI on to me and I'm screwed, or is Firefox not as good as I thought, or what ?
I e-mailed JimRob but it's too early for him and I'm anxious about this.
?Anyone ?
Thanx.
Chrome still gives me the message that I'm not secure but I just tried Firefox and it showed secure.
Are you logged in?
Is your beeber stuned?
Sorry to make light of your trouble. In lots of pain & in a bitchy mood.
“As if she needs a reason,” mutters my better half.
The problem is likely that FR’s using a compromised security certificate. A lot of sites got hit by this problem.
Additional details of the problem:
“secure.freerepublic.com uses an invalid security certificate. The certificate is not trusted because it was signed using a signature algorithm that was disabled because that algorithm is not secure. Error code: SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED”
“https://secure.freerepublic.com/donate/
The certificate was signed using a signature algorithm that is disabled because it is not secure.
HTTP Strict Transport Security: false
HTTP Public Key Pinning: false”
I deleted the certificate chain as it wasn’t needed.
This is related to the SHA-1 vulnerability; several years ago, the phaseout of that algorithm began, but it was only recently that it began being enforced by browsers like Chrome, Firefox, etc.
More info here: https://www.godaddy.com/garage/webpro/security/google-chrome-phasing-ssl-certs-using-sha-1/
Modern browsers like Chrome (since 2015) and now Firefox and others will by default now block (not just warn!) any SSL/security certificate that meets the following criteria:
1. The cert uses the SHA1 hashing algorithm
2. The cert expires on or after 2017-01-01
If both these are met, the site is blocked by default.
Need to go back to the authority issuing the certificate and get them to issue a new one.
The FR donation website is secure by DoD IT standards.
Laz is a web genius. He is a pro, I think. Maybe he’s feeling generous and can give some free assistance.
Laz?
Talks in this thread about SHA-1 are overblown. Google Chrome is taking a super cautious, preemptive step because it is now shown a code can be broken if you have thousands of years of computer time available.
I’m using Firefox and I do not get that message, however, with chrome I do get the following warning: Your connection is not private.
I use Chrome with no ill effects.
I have had credit cards hacked several times with no ill effects. One time I missed FR payment and another time I made a double payment. Both hacks were attributed to medical payments
A similar (same) issue was brought up yesterday on a Freepathon thread, and Jim had a reply:
http://freerepublic.com/focus/f-news/3530673/posts?page=7#7
The warning that Chrome has is with the certificate type the FR is using. Certificates are used for many different reasons in computing, but in this case, the certificate provides “proof” of the identity of the system, as well as encryption of the data (2 different but related functions.)
FR is still using a SHA-1 certificate, while the “current,” certificate type is SHA-2. It has to do with the length of the key, as well as the encryption algorithms used. In simplest terms, these define the “strength” of security, or theoretically how difficult it is to “break” the security.
Normally, it is just theoretical, however just over a week ago, the first “SHA-1 Collision” was demonstrated - Certificates can be used to prove that a document has not been tampered with, using a check-sum. But just recently, two different files were demonstrated to have the same checksum using SHA-1 certificates.
Using a SHA-1 secured web site does NOT neccessarily put your financial data in jeopardy, but it does go against “best practices.” Microsoft has repeatedly pushed back the dates over the years that they would no longer support SHA-1 certificates. Google (with Chrome) no longer supports it, and throws the warning.
Some systems are a breeze to upgrade, others require a complete re-write of the system, and I’m guessing that since FR isn’t using SHA-2, that they’re in the later camp. I’m sure that JimRob and his crew are working hard to upgrade the system.
Again, this warning DOES NOT MEAN your information is necessarily vulnerable! It just means that it’s not currently at “best practices” level.
Here’s a description of the topic, if you’re interested.
https://www.lifewire.com/what-is-sha-1-2626011
Mark
I’ve gotten blocked from FR by Firefox on different computers saying the site is unsafe and to hit the “Get Me Out Of Here” button.
PS: Someone once told me it had to do with certificates or something on FF tools menu somewhere.
Notice that the URL for FR Donate is: https://secure.freerepublic.com/donate/
Note that is HTTPS://
The S indicates that the link is secure — established between your browser and the recipient webpage.
Depending on your browser, in the address bar you should see some kind of indicator that the website is secure. Mine [Comodo IceDragon — a Firefox/Mozilla based browser] shows a green padlock. Some show the entire address in different color. Some show a locked padlock in the information bar.
Opera showed a certificate problem.
==
You might consider installing the add-on HTTPS ://EVERYWHERE. It automatically tries to connect your browser to other websites via the HTTPS secure, if the website does have an HTTPS website version.
https://www.eff.org/https-everywhere
HTTPS ://EVERYWHERE is available for Firefox and related Mozilla browsers, Crome, Opera, and Firefox for Android.
It is just another tool to try to help make websurfing a bit safer.
I would simply remind folks we’re nearing the end of the FReepathon.
If there were serious security threats, we would have FReepers reporting them after over two months of donating through the FR Donation Site.
I’m not sure what is happening with you, but I trust the FR site.
Yes, the problem is that Google, and now possibly Firefox, are “deprecating” their support for SHA-1 certificates:
https://security.googleblog.com/2016/11/sha-1-certificates-in-chrome.html
John will eventually install a new certificate after he works out a couple other pressing issues, meanwhile, our SHA-1 certificate is current and is still valid (despite Google’s warning message) and our secure server continues to encrypt our transactions as before.
As you’ve already learned, you can click “Advanced” at the bottom of the warning message and override the message.
Or you can try a browser like Edge (default browser delivered with windows 10) and it works fine without the warning message.
Thank you very much.