Download Website Security Issue FIXED

[datwill310]

Hi, so me and a collaborator of my game were wondering if we could support a Linux version. So I told him he'd have to get FB on his system, went to the home page, clicked the downloads link, and got this weird security error:

Your connection is not private

Attackers might be trying to steal your information from sf.net (for example, passwords, messages, or credit cards). NET::ERR_CERT_DATE_INVALID

Automatically report details of possible security incidents to Google. Privacy policy
Back to safety

This server could not prove that it is sf.net; its security certificate expired yesterday. This may be caused by a misconfiguration or an attacker intercepting your connection. Your computer's clock is currently set to Friday, April 7, 2017. Does that look right? If not, you should correct your system's clock and then refresh this page. Learn more.

This is odd because I have not seen this error on this page before! It happens on his and my systems. I am running the latest version of Google Chrome. Idk if that has anything to do with it, but I would like to inform those to whom it matters.

Regards

EDIT: it looks to us like the security certificate is out of date?

[dkl]

Yea, same here. Looks like https://sourceforge.net/projects/fbc/files/ works (instead of the shorthand sf.net).

[jevans4949]

No problems here. Maybe your ISP?

[fxm]

Same security alarm from sf.net (and not from sourceforge.net).

[counting_pine]

It sounds like Sourceforge have just forgotten to get their sf.net certificate re-signed.
But apart from that, it's pretty much still just as safe as it was the day before.

It occurs to me we should probably get freebasic.net onto an HTTPS connection. I'm not really comfortable with the way my password gets sent through the Internet in plaintext..

[MrSwiss]

It occurs to me we should probably get freebasic.net onto an HTTPS connection.
I'm not really comfortable with the way my password gets sent through the Internet in plaintext..

@counting_pine,
I'm 100% with you on this issue, the very same feeling here ...

[datwill310]

It sounds like Sourceforge have just forgotten to get their sf.net certificate re-signed.
But apart from that, it's pretty much still just as safe as it was the day before.

It occurs to me we should probably get freebasic.net onto an HTTPS connection. I'm not really comfortable with the way my password gets sent through the Internet in plaintext..

Maybe it is worth doing 8| luckily we don't have the sorts of nasty people who would steal account details on here, but anybody could theoretically intercept given the knowledge of how to do it.

[TeeEmCee]

freebasic.net already supports https; I'm on it now. The simplest solution may be set a redirect from http to https; probably less work than trying to find all the http links on the site.

[counting_pine]

freebasic.net already supports https; I'm on it now. The simplest solution may be set a redirect from http to https; probably less work than trying to find all the http links on the site.

Cool - you're right! It looks like we have a Let's Encrypt signed certificate now. A redirection would be good long-term though..

There are browser extensions (for Firefox at least) that automatically try HTTPS on HTTP sites. I've decided to give it a try in general, see how often I end up stuck on HTTP..

[timberty]

Use HTTP instead of HTTPS and there's nothing will prevent you from accessing it. Otherwise, add an ignore tag to your Google Chrome shortcut and it will bypass all type of SSL errors.

[counting_pine]

Just to say, Sourceforge have updated their [www.]sf.net certificate now. It will expire on 8 May next year.

[datwill310]

Just to say, Sourceforge have updated their [www.]sf.net certificate now. It will expire on 8 May next year.

Will update the original topic title.

[counting_pine]

Just do my eyes a favour, and remove the CAPITALISATION too :)

[TeeEmCee]

There are browser extensions (for Firefox at least) that automatically try HTTPS on HTTP sites. I've decided to give it a try in general, see how often I end up stuck on HTTP..

The most popular is HTTPS Everywhere, but it uses a whitelist, it doesn't arbitrarily try HTTPS. And even with the conservative approach of a whitelist I have seen it break several sites, usually in some subtle way. After putting up with the breakage for months finally I remember I'm using HTTPS Everywhere, and find it's the cause. Aside from that, I recommend it.