Download Website Security Issue FIXED

For other topics related to the FreeBASIC project or its community.
datwill310
Posts: 355
Joined: May 29, 2015 20:37

Download Website Security Issue FIXED

Postby datwill310 » Apr 07, 2017 18:12

Hi, so me and a collaborator of my game were wondering if we could support a Linux version. So I told him he'd have to get FB on his system, went to the home page, clicked the downloads link, and got this weird security error:
Your connection is not private

Attackers might be trying to steal your information from sf.net (for example, passwords, messages, or credit cards). NET::ERR_CERT_DATE_INVALID

Automatically report details of possible security incidents to Google. Privacy policy
Back to safety

This server could not prove that it is sf.net; its security certificate expired yesterday. This may be caused by a misconfiguration or an attacker intercepting your connection. Your computer's clock is currently set to Friday, April 7, 2017. Does that look right? If not, you should correct your system's clock and then refresh this page. Learn more.

This is odd because I have not seen this error on this page before! It happens on his and my systems. I am running the latest version of Google Chrome. Idk if that has anything to do with it, but I would like to inform those to whom it matters.

Regards

EDIT: it looks to us like the security certificate is out of date?
Last edited by datwill310 on Apr 09, 2017 15:19, edited 2 times in total.
dkl
Site Admin
Posts: 3210
Joined: Jul 28, 2005 14:45
Location: Germany

Re: ATTENTION TO FB DEV - DOWNLOAD WEBSITE SECURITY ISSUE?

Postby dkl » Apr 07, 2017 18:27

Yea, same here. Looks like https://sourceforge.net/projects/fbc/files/ works (instead of the shorthand sf.net).
jevans4949
Posts: 1148
Joined: May 08, 2006 21:58
Location: Crewe, England

Re: ATTENTION TO FB DEV - DOWNLOAD WEBSITE SECURITY ISSUE?

Postby jevans4949 » Apr 07, 2017 18:49

No problems here. Maybe your ISP?
fxm
Posts: 9310
Joined: Apr 22, 2009 12:46
Location: Paris suburbs, FRANCE

Re: ATTENTION TO FB DEV - DOWNLOAD WEBSITE SECURITY ISSUE?

Postby fxm » Apr 07, 2017 19:03

Same security alarm from sf.net (and not from sourceforge.net).
counting_pine
Site Admin
Posts: 6174
Joined: Jul 05, 2005 17:32
Location: Manchester, Lancs

Re: ATTENTION TO FB DEV - DOWNLOAD WEBSITE SECURITY ISSUE?

Postby counting_pine » Apr 07, 2017 19:18

It sounds like Sourceforge have just forgotten to get their sf.net certificate re-signed.
But apart from that, it's pretty much still just as safe as it was the day before.

It occurs to me we should probably get freebasic.net onto an HTTPS connection. I'm not really comfortable with the way my password gets sent through the Internet in plaintext..
MrSwiss
Posts: 3307
Joined: Jun 02, 2013 9:27
Location: Switzerland

Re: ATTENTION TO FB DEV - DOWNLOAD WEBSITE SECURITY ISSUE?

Postby MrSwiss » Apr 07, 2017 19:25

counting_pine wrote:It occurs to me we should probably get freebasic.net onto an HTTPS connection.
I'm not really comfortable with the way my password gets sent through the Internet in plaintext..
@counting_pine,
I'm 100% with you on this issue, the very same feeling here ...
datwill310
Posts: 355
Joined: May 29, 2015 20:37

Re: ATTENTION TO FB DEV - DOWNLOAD WEBSITE SECURITY ISSUE?

Postby datwill310 » Apr 07, 2017 23:19

counting_pine wrote:It sounds like Sourceforge have just forgotten to get their sf.net certificate re-signed.
But apart from that, it's pretty much still just as safe as it was the day before.

It occurs to me we should probably get freebasic.net onto an HTTPS connection. I'm not really comfortable with the way my password gets sent through the Internet in plaintext..

Maybe it is worth doing 8| luckily we don't have the sorts of nasty people who would steal account details on here, but anybody could theoretically intercept given the knowledge of how to do it.
TeeEmCee
Posts: 262
Joined: Jul 22, 2006 0:54
Location: Auckland

Re: ATTENTION TO FB DEV - DOWNLOAD WEBSITE SECURITY ISSUE?

Postby TeeEmCee » Apr 08, 2017 1:15

freebasic.net already supports https; I'm on it now. The simplest solution may be set a redirect from http to https; probably less work than trying to find all the http links on the site.
counting_pine
Site Admin
Posts: 6174
Joined: Jul 05, 2005 17:32
Location: Manchester, Lancs

Re: ATTENTION TO FB DEV - DOWNLOAD WEBSITE SECURITY ISSUE?

Postby counting_pine » Apr 08, 2017 11:01

TeeEmCee wrote:freebasic.net already supports https; I'm on it now. The simplest solution may be set a redirect from http to https; probably less work than trying to find all the http links on the site.

Cool - you're right! It looks like we have a Let's Encrypt signed certificate now. A redirection would be good long-term though..

There are browser extensions (for Firefox at least) that automatically try HTTPS on HTTP sites. I've decided to give it a try in general, see how often I end up stuck on HTTP..
timberty
Posts: 1
Joined: Apr 08, 2017 9:15

Re: ATTENTION TO FB DEV - DOWNLOAD WEBSITE SECURITY ISSUE?

Postby timberty » Apr 08, 2017 11:37

Use HTTP instead of HTTPS and there's nothing will prevent you from accessing it. Otherwise, add an ignore tag to your Google Chrome shortcut and it will bypass all type of SSL errors.
counting_pine
Site Admin
Posts: 6174
Joined: Jul 05, 2005 17:32
Location: Manchester, Lancs

Re: ATTENTION TO FB DEV - DOWNLOAD WEBSITE SECURITY ISSUE?

Postby counting_pine » Apr 09, 2017 15:03

Just to say, Sourceforge have updated their [www.]sf.net certificate now. It will expire on 8 May next year.
datwill310
Posts: 355
Joined: May 29, 2015 20:37

Re: ATTENTION TO FB DEV - DOWNLOAD WEBSITE SECURITY ISSUE?

Postby datwill310 » Apr 09, 2017 15:04

counting_pine wrote:Just to say, Sourceforge have updated their [www.]sf.net certificate now. It will expire on 8 May next year.

Will update the original topic title.
counting_pine
Site Admin
Posts: 6174
Joined: Jul 05, 2005 17:32
Location: Manchester, Lancs

Re: ATTENTION TO FB DEV - DOWNLOAD WEBSITE SECURITY ISSUE? *FIXED*

Postby counting_pine » Apr 09, 2017 15:17

Just do my eyes a favour, and remove the CAPITALISATION too :)
TeeEmCee
Posts: 262
Joined: Jul 22, 2006 0:54
Location: Auckland

Re: ATTENTION TO FB DEV - DOWNLOAD WEBSITE SECURITY ISSUE?

Postby TeeEmCee » Apr 12, 2017 2:21

counting_pine wrote:There are browser extensions (for Firefox at least) that automatically try HTTPS on HTTP sites. I've decided to give it a try in general, see how often I end up stuck on HTTP..


The most popular is HTTPS Everywhere, but it uses a whitelist, it doesn't arbitrarily try HTTPS. And even with the conservative approach of a whitelist I have seen it break several sites, usually in some subtle way. After putting up with the breakage for months finally I remember I'm using HTTPS Everywhere, and find it's the cause. Aside from that, I recommend it.

Return to “Community Discussion”

Who is online

Users browsing this forum: No registered users and 2 guests