Not trusted by whom or what? For what reason?
When did you last update your browser?
Do you have any corporate policy that explicitly distrusts the "Entrust Root Certification Authority - G2" or the "Entrust Certification Authority - L1K" which have been valid and trusted since 2009 and 2012 respectively?
Come back and tell us more after you know what those questions mean and can answer them.
Isn't interesting that not only does Maxim make vaporware, their site is NOT a trusted site.
All the more reason to Never Buy Maxim.
-- John Larkin Highland Technology, Inc lunatic fringe electronics
Why use encryption to get public data? The warning will likely go away if you use http: instead of https:.
Jeroen Belleman
Baer always seems to have bizarre problems that _no_one_else_ever_ experiences ;-) ...Jim Thompson
--
| James E.Thompson | mens |
| Analog Innovations | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| San Tan Valley, AZ 85142 Skype: skypeanalog | |
| Voice:(480)460-2350 Fax: Available upon request | Brass Rat |
| E-mail Icon at http://www.analog-innovations.com | 1962 |
I love to cook with wine. Sometimes I even put it in the food.
The point may be in proving the authenticity of the data. The HTTPS protocol also proves that the server is what it claims to be.
With the OP, it failed, as he's failed to keep his browser up to date.
-- -TV
That is a good question. Unfortunately an increasing number of people don't get that. They even broke down the remaining trust in the certificate system to have it their way.
Thanks; will try that.
There was this character in the old ?Abner? cartoon named Bfxqk or something that always had a dark, rainy cloud over his head. For me, there is always something going wrong. One time (do not ask how), my system date got mangled to something like millions (or so) years in the future.
Not true; FireFox 43 is fairly recent.
There's public and then there's public. For instance, last month somebody hacked the public Linux Mint download site and put a backdoored ISO image on it.
HTTP can't go away too soon for my taste.
Cheers
Phil Hobbs
But that has NOTHING to do with the connection being encrypted or not! Hacking a HTTPS server is just as easy (or hard) as a HTTP server.
Of course it doesn't. It's an example of 'public data' that you actually care about arriving intact.
A MITM attack is trivial in HTTP, for a start.
Cheers
Phil Hobbs
No MITM attack is required to attack a bug in a CMS. And it works over HTTPS just fine.
With the decline of the certificate system, MITM attacks will become ever easier with HTTPS as well.
Also note that MITM attacks are a tiny proportion of attacks. They do occur, and sometimes they are part of the more advanced attacks, but they are a minor nuisance for most people.
The trouble with doing a MITM attack is that you need to get in the middle!
If you are trying to do a MITM attack on someone using a home PC to communicate with a web server somewhere, you need to have hacked in to some system along that path - the user's home router, the user's ISP, the backbone providers, the server's ISP, or some system at the server end. If you can attack the server end, you don't need an MITM attack - you are already "in". ISP's usually have pretty tight security, precisely because they can be a target for such attacks. And generally trying to get into home routers is going to be a huge amount of effort for very little possible return.
Where MITM attacks are possible, and where they work, is by setting up fake Wifi hotspots. People can connect to them from their mobiles or laptops, and their traffic passes through your hotspot. So with mobiles, you have to be aware of this - that's why mobile-oriented services like google and facebook are very keen on https.
Since no one downloads a Linux Mint ISO from their mobile, MITM attacks on the Mint website are pretty much irrelevant, as is using https rather than http.
Indeed! MITM via a rogue WiFi spot will easily get you a number of passwords for home users (because people are running plain POP3 to get their mail), but to get the password of a Mint maintainer this way, you would need to MITM exactly HIS connection, not that of a random person. This will be much more difficult to achieve.
Still, I think it is unwise to run an important website on a CMS that allows maintenance by logging in from an "outside" connection. (i.e. via the same path as the visitors use)
Website maintenance should be done from inside, or when there is no inside (e.g. because it is hosted at some internet provider), a VPN or similar should be used, with 2-factor authentication. This makes it really irrelevant if the outside of the site is running https or not.
Furtermore, past experience has shown that it is unwise to use a free PHP-based CMS. They can be built in a secure way, but not by the people who normally take on that job. (and with the features they choose to implement)
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.