Steve Jackson Games - Site Navigation
Home General Info Follow Us Search Illuminator Store Forums What's New Other Games Ogre GURPS Munchkin Our Games: Home

Go Back   Steve Jackson Games Forums > Illuminati Headquarters > Forum Feedback and Help

Reply
 
Thread Tools Display Modes
Old 10-24-2021, 06:09 AM   #1
beetle496
 
beetle496's Avatar
 
Join Date: Nov 2011
Location: Frederick, MD
Default SSL Certificate out of date?

On the forums, I am getting the “Not Secure” warning. This usually happens when a website serve httpS (instead of plain http) without an up-to-date SSL certificate/credential.

Any timeframe for getting this fixed?

I ask mostly because (1) the “remember me” is not working (at least not for the browser/settings I am using) so I have to keep entering my id/pw. But also, (2) one should not be entering pw without https. If the “Not Secure” warning is only due to your certificate being expired, then pw are still being encrypted, so (2) is not a concern.

Thanks!
beetle496 is offline   Reply With Quote
Old 10-24-2021, 06:18 AM   #2
ericbsmith
 
ericbsmith's Avatar
 
Join Date: Aug 2004
Location: Binghamton, NY, USA. Near the river Styx in the 5th Circle.
Default Re: SSL Certificate out of date?

It looks like they had a TLS certificate expire on Oct 24, which is what's causing the issues. I expect they'll be able to address it on Monday.
__________________
Eric B. Smith GURPS Data File Coordinator
GURPSLand
The future keeps telling us what the past was about. You make the past mean different things by what you do with the time that comes after.
ericbsmith is offline   Reply With Quote
Old 10-24-2021, 08:57 AM   #3
ericbsmith
 
ericbsmith's Avatar
 
Join Date: Aug 2004
Location: Binghamton, NY, USA. Near the river Styx in the 5th Circle.
Default Re: SSL Certificate out of date?

I dropped a line to webmaster@sjgames.com and they sent a note back letting me know the issue has been fixed.
__________________
Eric B. Smith GURPS Data File Coordinator
GURPSLand
The future keeps telling us what the past was about. You make the past mean different things by what you do with the time that comes after.
ericbsmith is offline   Reply With Quote
Old 10-25-2021, 05:05 AM   #4
beetle496
 
beetle496's Avatar
 
Join Date: Nov 2011
Location: Frederick, MD
Default Re: SSL Certificate out of date?

I was experiencing the poor behavior at least a few days before the 24th, and now still. The “not secure” messages comes up on different computer, so I do not think it is only my browser.
beetle496 is offline   Reply With Quote
Old 10-25-2021, 11:05 AM   #5
Anthony
 
Join Date: Feb 2005
Location: Berkeley, CA
Default Re: SSL Certificate out of date?

Quote:
Originally Posted by beetle496 View Post
I was experiencing the poor behavior at least a few days before the 24th, and now still. The “not secure” messages comes up on different computer, so I do not think it is only my browser.
There's two long-standing security issues that you might be running across:
  1. The forums do not automatically redirect to https on a login attempt, though you can go there manually if you want.
  2. The banner image is served via http whether or not you connect via https.
Neither is likely to be fixed any time soon. In general I would just treat it as an insecure website: don't use a password you use anywhere else, and don't store anything private.
__________________
My GURPS site and Blog.
Anthony is online now   Reply With Quote
Old 10-25-2021, 03:10 PM   #6
Fufu
 
Fufu's Avatar
 
Join Date: Mar 2019
Location: "Made in Hong Kong"
Default Re: SSL Certificate out of date?

Like many fans, I will be ecstatic when they upgrade the forums. SJGames is missing an excellent opportunity in the SEO (Search Engine Optimization) game. SEO would greatly increase their product exposure in cyberspace and become a more competitive game publisher.

Could you copy and paste those unsecure links to the SJGames webmaster?
Fufu is offline   Reply With Quote
Old 10-25-2021, 05:16 PM   #7
Anthony
 
Join Date: Feb 2005
Location: Berkeley, CA
Default Re: SSL Certificate out of date?

Quote:
Originally Posted by Fufu View Post
Could you copy and paste those unsecure links to the SJGames webmaster?
It's not a limited set of links, it's a global thing. Expected behavior for a modern website is to have everything https. In the case of the forums, the main problems are:
  1. Visiting the forums by http: should just immediately redirect you (301/302) to https. In 2021 there is never a legitimate reason to run a comment system by http:
  2. The images are served from http://www.sjgames.com/img/*. They should be served by https.
  3. They are running bulletin software that hasn't been supported in a decade and probably has unpatchable security holes.
Problem 1 is fairly trivial unless their apache server is astonishingly old. Problem 2 is a modest amount of low-risk work.
Problem 3 is a substantial amount of high-risk work.
__________________
My GURPS site and Blog.
Anthony is online now   Reply With Quote
Old 10-27-2021, 04:21 PM   #8
beetle496
 
beetle496's Avatar
 
Join Date: Nov 2011
Location: Frederick, MD
Default Re: SSL Certificate out of date?

Thank you @Anthony!
Quote:
Originally Posted by Anthony View Post
The forums do not automatically redirect to https on a login attempt, though you can go there manually if you want.
Manually entering https seems to have resolved the annoyance of having to manually log in all the time.

I am embarrassed to not have thought of that! Manually adding the “s” was pretty routine, back in the day, and something I should have thought to try. Now that browsers tend not to show the full URL, it is easier to overlook.

Get off my lawn!

Last edited by beetle496; 10-27-2021 at 04:28 PM.
beetle496 is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Fnords are Off
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 04:03 PM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2021, vBulletin Solutions, Inc.