"The opinions posted here do not represent those of any company, organization, or group and are those only of the author of the respective post." - From Rontini |
USSVI Page |
Post Reply |
Author | |
Dave595
Old Salt Joined: 04 Jan 2016 Location: Beaverton, Oreg Status: Offline Points: 331 |
Post Options
Thanks(0)
Posted: 07 Nov 2020 at 6:58pm |
I have had some people tell me they get this when they try to open the uSSVI page. Any solution? I don't have any problem with Windows 10 and firefox. Your connection isn't secure This site uses an outdated security configuration that might expose your personal information when it's sent to this site (for example, passwords, messages, or credit cards). NET::ERR_SSL_OBSOLETE_VERSION |
|
EM1(SS)
USS PLUNGER (SSN-595) HOLLAND Club USSVI LIFE Member Blueback Base, Rogue-Umpqua Base, Olympic Peninsula Base |
|
SaltiDawg
Rickover Joined: 03 Jan 2016 Location: Rockville, MD Status: Offline Points: 2865 |
Post Options
Thanks(0)
|
Not a solution nor an answer
but if you remove the s in https and hit return you will see the page displayed. I assume this may expose you to some security risk? |
|
Runner485
BBS Supporter Joined: 16 Dec 2015 Location: Delaware Status: Offline Points: 3199 |
Post Options
Thanks(0)
|
I get the same thing Dave. The url was always HTTPS...I think the site is being updated and is not allowing access. ================================================================ Secure Connection Failed
An error occurred during a connection to www.ussvi.org. Peer using unsupported version of security protocol. Error code: SSL_ERROR_UNSUPPORTED_VERSION The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. Learn moreā¦ This website might not support the TLS 1.2 protocol, which is the minimum version supported by Firefox. Enabling TLS 1.0 and TLS 1.1 might allow this connection to succeed. TLS 1.0 and TLS 1.1 will be permanently disabled in a future release. |
|
DBF
Joe SS485,CVA42 Holland Club Mid-Atlantic Base |
|
gerry
Admin Group Joined: 16 Dec 2015 Status: Offline Points: 634 |
Post Options
Thanks(0)
|
You guys are all correct in that an unsecured (http) connection is higher risk than a secured (https) connection. I'm guessing USSVI's security certificate has either expired or is not configured correctly.
What is the actual risk? Pretty low, in my opinion. Lacking the encrypted connection makes your data going back and forth from the site vulnerable to a "man in the middle" attack, which is still quite difficult to perform without malware. If you are sending credit card numbers, SSNs or banking information, your risk is higher. If you use the same password on an unsecured site in other places, you are at higher risk. Mitigating your risk: - Use a password manager (I use LastPass) so you have a different strong password for every site you need a password on. If a hacker does manage to get your password, the damage they can do is limited. - Understand that "man in the middle" attacks are one of the most rare forms of hacking and are predominantly carried out on financial connections. See Malware below. - Subscribe to Have I Been Pwned (https://haveibeenpwned.com/) to see if you have been compromised i the past. The site will also tell you if your email address shows up in future hacks. - Make sure you are keeping up on Windows updates (or Mac or whatever you use) and that you are using some form of Anti-Malware and Anti-virus. - Malware on your computer can compromise ALL of your accounts. NEVER click on a link or open an attachment in email from someone you don't know of from someone you Do know if you are not expecting a link or attachment. This is called Phishing and can be very sophisticated in fooling people... but one click and you can be compromised. - Keep your browser (Chrome/Firefox/Edge/etc) updated. Most of these self update. Please note, this BBS is not using secure socket connections (no https) as we do not deal in financials and actual trusted certificates are rather expensive. Expense may also be a reason USSVI is not updated. Additionally, a REAL certificate is actually not only expensive but complex to obtain and configure. Certificate Authorities make you PROVE the domain is secure and the applicant is actually the owner or authorized to get the cert. Any of these reasons could be contributors to USSVI's situation - they may not know HOW to get a proper certificate. Source: a) This is what I do and b) I am a "Certified Ethical Hacker" (a fancy way of saying I have been trained like a bad guy but promised to use my powers only for Good, never for Evil). Edit: So this made me curious, so I dug in and investigated. USSVI's certificate is valid, their server is not supporting TLS 1.2, the current protocols for encrypted connections. As Joe points out above, you get a warning, and if you click on the Learn More (or Advanced) button, you are allowed to proceed anyway. Note that your connection IS secured, just not with the most current protocols. In my opinion, this reduces your risk greatly, as in "better than nothing", but TLS 1.0 and 1.1 HAVE been hacked in the past. Another problem I see is they are hosting on GoDaddy, who in my experience, is not exactly cutting-edge with security. Further, USSVI's Certificate was issued BY GoDaddy, who will provide one to anyone with an account and $50. GoDaddy is NOT a "real" Certificate Authority. Not supporting modern security protocols was one of the reasons I moved all my (and my client's) web sites off GoDaddy. So what does all this geekery mean? You can use USSVI without https for little risk. You can use USSVI *with* https (if you dismiss the warning) with even less (but non-zero) risk.
|
|
MT2/SS
USS Simon Bolivar - SSBN 641 (B) USS Henry M. Jackson - SSBN 730 (B) USSVI - Wyoming Base |
|
Post Reply | |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |