MP-Pistol Forum banner

1 - 15 of 15 Posts

·
Site Founder
Joined
·
2,889 Posts
Thanks boss, I just found out myself...




And its secure!!!
 

·
Registered
Joined
·
84 Posts
Discussion Starter #5
When you gonna get some stuff for the compacts?

Also, if you are taking a survey for t-shirts, count me in!
 

·
Site Founder
Joined
·
2,889 Posts
I have hats, just gotta get them up.



I'll have compact stuff as soon as I can get it.
 

·
Registered
Joined
·
56 Posts
I placed an order last night and the store links do not correctly reference the HTTPS paths throughout the purchase process. Therefore the submission of information is not secure. All of the links in the store need to be changed to use the new HTTPS paths.
 

·
Site Founder
Joined
·
2,889 Posts
vzontini said:
I placed an order last night and the store links do not correctly reference the HTTPS paths throughout the purchase process. Therefore the submission of information is not secure. All of the links in the store need to be changed to use the new HTTPS paths.


Thanks for the heads up.
 

·
Site Founder
Joined
·
2,889 Posts
eh, Its trusted, It just wasn't bought from MS, thats the problem.
 

·
Registered
Joined
·
1,522 Posts
Jester said:
eh, Its trusted, It just wasn't bought from MS, thats the problem.


MS has nothing to do with it other than they wrote IE7 and thats what the screencap is of. There's a bunch of Certificate authorities that are generally considered trusted. In order to be considered trusted you have to go through a whole big mess, which I highly suspect most webhosts don't bother with, bluehost included (frankly it's damn near impossible to ACTUALLY abide by the process in any large orgnaization, and too time consuming for a small one). Opera warns you as well and I suspect Firefox2.X will too if not earlier versions.



It isn't just MS that complains, anything going along with the anti-phishing and user-friendly security warnings is going to barf on a self-signed certificate and shared certificates.



They are also going to barf on the encryption algorithm as insecure. The thing is it basically does a RSA public key handshake, then swaps 512bit diffie-hellman keys, which process is sort of insecure.



Should anyone care? Well certs do two things verify somethings identity, and enable proper encryption in your web browser (super simplified version.



If you believe jester is jester and he is a good guy looking to sell you M&P related stuff, and that jester hasn't had his account hijacked there or here, and that he says box198.bluehost.com is his cert, then you don't have any issues with who it is. That may sound like a lot of ifs, but it's not like the big certificate authorities haven't let customers like microsoft be spoofed.



Then there is the encryption. The encryption has issues, but it does not apply to monetary transactions on the web as far as I can tell. The weakness is that someone came up with a method where you can fairly trivially spot the occurance of KNOWN information. Basically your risk isn't having your card number snooped so much as having someone who wants to know if you are shopping there being able to figure it out. Given the situation, the primary security concern is elsewhere, and I wouldn't worry about it. Anybody with the smarts to attack the algorith would just attack the server and the shopping cart software first.
 

·
Registered
Joined
·
348 Posts
fwiw, as someone who generates certificates for a living, even mine for my own secure site gives that error. I refuse to play by the micro$oft rules, and if everything is not dotted and crossed, it gives that error.



i aint worried about it....
 
1 - 15 of 15 Posts
Top