Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

site shows up as not secure in Chrome, but secure in firefox


  • Please log in to reply
7 replies to this topic

#1 Glen_S

Glen_S

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 12 January 2017 - 08:15 PM

I moved into an apartment while I am working away on a contract, the apartment has a laundry operated by an outside vendor and uses a smart card system. I registered the card and went to load it with my credit card and noticed just an https:// prefix on the address bar was crossed out and chrome was marking it unsafe. 

 

I emailed the company and said I would not be entering credit card information on an unencrypted site, they answered back and said their site was secure. I was writing them back with a screenshot of the chrome warning while the site was open, when I thought I'd open it in firefox to see what happens. 

 

Well, in firefox the https:// does show up and no warnings show as it being unsafe. 

 

I looked at the code and any references to the site are in https:// xxxxxx in the source, so I'm not sure what's up here. I'm not entering CC information in it until I can be sure. 

 

The https:// prefix also shows up when I open it in windows 10 edge. 

 

 

Any ideas why chrome is showing it as unsafe?

 

 

thanks



BC AdBot (Login to Remove)

 


#2 Xoctane

Xoctane

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 AM

Posted 12 January 2017 - 08:45 PM

Chrome and Firefox have differing opinions on what they call "secure." Google is well known to be pushing the industry to abandon old standards quite aggressively, even though nothing is known to be wrong with them, at the moment at least.

 

Of course, giving us the website's address would be helpful. I'll be able to give you more information then.



#3 shadow_647

shadow_647

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 PM

Posted 12 January 2017 - 09:02 PM

I moved into an apartment while I am working away on a contract, the apartment has a laundry operated by an outside vendor and uses a smart card system. I registered the card and went to load it with my credit card and noticed just an https:// prefix on the address bar was crossed out and chrome was marking it unsafe.

 

Sounds like privacy invasion and i don't see why anyone should have to use a smart RFID card on that topic, should be cash only, my self i wouldn't touch their "smart" laundry machines and would make some noise on the topic along the lines of i need a new RFID card for each time i use the machine once and each time the card is used it gets destroyed and i would never reveal who i am in regards to payment for the cards, their system would have to be setup before i touch it for cash only for a one time use card "defeating the point of what their trying to do" i would guess too their machines are connected to the net.

 

That or id get hacked cards to mess with them ;)

 

Pure corp privacy invasion topic in order to psychologically manipulate & control the population and sell the information that's personally identifiable  they collect about peoples lives to the highest bidder including but not limited to the NSA if your in the US.

 

More then that ya shore post link and ill test it too and see what happens.



#4 Glen_S

Glen_S
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 12 January 2017 - 09:45 PM

I didn't post the site in the OP because you had to register a card to get to it, but the main site itself shows as https;// in FF and Edge. The site is http://smartlaundry.ca/ but I don't think it goes to the secure mode until you register with it.

 

However I think if you go to the register or guest page though, I think it should go to the https:// mode. 


Edited by Glen_S, 12 January 2017 - 09:48 PM.


#5 shadow_647

shadow_647

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 PM

Posted 12 January 2017 - 10:11 PM

No problems going to the site in question and the home page was not in https, did some quick reserch on that site in regards to whos who ip wise when going thier and got this just in case you wanted to know.

 

junk1.jpg

 

junk2.jpg

 

junk3.jpg

 

Vid you might like.

 

https://www.youtube.com/watch?v=lBdgr2SyNkA


Edited by shadow_647, 12 January 2017 - 10:14 PM.


#6 Xoctane

Xoctane

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 AM

Posted 12 January 2017 - 10:32 PM

Use it at your own risk. The fact that the site uses an SHA-1 certificate means that you are susceptible to sophisticated man-in-the-middle attacks, by means of forging a certificate with a matching fingerprint and spoofing the original website. And, of course, hijacking your connection to lead you to their spoofed website. It's all very unlikely, but not impossible.


Edited by Xoctane, 12 January 2017 - 11:04 PM.


#7 Xoctane

Xoctane

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 AM

Posted 12 January 2017 - 11:19 PM

we have timelines from the likes of Apple, Microsoft, Google, and Mozilla as to when their browsers will stop trusting websites that still uses SHA-1 SSL certificates. For those keen on security, the news is good because the end is near:

  • Google Chrome: At the end of January next year, with the release of version 56, Chrome will stop trusting any SHA-1 SSL certificate and will provide a security warning.
  • Mozilla Firefox: With the release of Firefox 51 in January, the browser will show an “untrusted connection” error warning for any site still using SHA-1.
  • Apple Safari: We do not have exact dates on when Apple will officially stop trusting SHA-1 certificates. The latest release notes for MacOS urge sites to drop SHA-1 as soon as possible, and websites loaded in the Sierra version already do not show the green padlock that indicates a trusted site.
  • Microsoft Internet Explorer and Edge: Starting on February 14, websites still using SHA-1 will get a rather unpleasant Valentines Day gift: the browsers will not load their websites whatsoever, though users can still opt to continue to the website after seeing a warning message.

 

Source: https://nakedsecurity.sophos.com/2016/11/23/its-the-final-countdown-for-sha-1-ssl-certificates/

It was written in Nov 2016.

 

You can contact them again and send that link. I'm sure they'll be concerned that no-one will be able to visit their site very soon.



#8 Glen_S

Glen_S
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 12 January 2017 - 11:20 PM

Thanks folks - great stuff! 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users