|
Korg Forums A forum for Korg product users and musicians around the world. Moderated Independently. Owned by Irish Acts Recording Studio & hosted by KORG USA
|
View previous topic :: View next topic |
Author |
Message |
lmatonement
Joined: 26 May 2021 Posts: 29
|
Posted: Wed Jun 02, 2021 12:38 pm Post subject: Please Enable HTTPS |
|
|
My son just noticed "Not secure" in the address bar, so I realized the site is not using https. !!!??
Please enable HTTPS on this site.
To suggest "the content sent to and from this site is not sensitive" is simply untrue. Even if you don't value your log-on credentials (they're sent in the clear and any observer can get your credentials - for instance if you log in while at my house, my wireless access point and firewall both have access to your credentials unencrypted), other information associated with visiting this site may be sensitive to any particular user (for instance, the fact that they are accessing the website). |
|
Back to top |
|
|
lmatonement
Joined: 26 May 2021 Posts: 29
|
Posted: Wed Jun 02, 2021 12:40 pm Post subject: Re: Please Enable HTTPS |
|
|
I guess I'm not the first to point this out (http://www.korgforums.com/forum/phpBB2/viewtopic.php?t=114406) but it bears repeating nonetheless. |
|
Back to top |
|
|
Koekepan Platinum Member
Joined: 27 Sep 2016 Posts: 617
|
Posted: Wed Jun 02, 2021 1:37 pm Post subject: |
|
|
Please keep an HTTP-only option open for those of us who live on extremely limited systems and extremely limited bandwidth.
Those who choose to use HTTPS are welcome to, in my view. |
|
Back to top |
|
|
alexmu
Joined: 30 Dec 2019 Posts: 6
|
Posted: Sat Nov 06, 2021 9:08 am Post subject: |
|
|
Just checking with a couple of security sites.
Sucuri SiteCheck scanner
https://sitecheck.sucuri.net/
Scan Website:
https://www.korgforums.com/forum/phpBB2/index.php
IP address: 69.74.200.93
Powered by: PHP 5.3.3
Running on: Microsoft-IIS 7.5
Scan Failed
https://www.korgforums.com/forum/phpBB2/index.php
Unable to scan your site. 404 Not Found
Site Issue Detected
https://www.korgforums.com/404javascript.js (More Details)
TLS certificate expired
Site Issue Detected
https://www.korgforums.com/forum/phpBB2/.git/HEAD (More Details)
TLS certificate expired
Site Issue Detected
https://www.korgforums.com/forum/phpBB2/index.php (More Details)
TLS certificate expired
TLS Recommendations
Password input field detected on an unencrypted HTTP page. Please use HTTPS protocol to protect login forms:
http://www.korgforums.com/forum/phpBB2/index.php
No redirect from HTTP to HTTPS found. You should redirect your website visitors to the HTTPS version to avoid the "Not Secure" browser warning.
TLS 1.0 is obsolete. Please upgrade your TLS configuration.
===
SSL Trust Free Website Safety & Security Check
https://www.ssltrust.com/ssl-tools/website-security-check
Domain: https://www.korgforums.com
The SSL Certificate has Expired. You should not trust this website
The SSL Certificate is Not Trusted. You should not trust this website
The SSL Certificate is using an Insecure Signature Algorithm . You should not share any important information with this website.
The SSL Certificate and Server has Critical Security Vulnerabilities. You should not share any important information with this website.
The SSL Certificate and Server has High Risk Security Vulnerabilities. You should not share any important information with this website.
The Server is using Critically Insecure Protocols. You should not share any important information with this website.
The Server is using Insecure Protocols. You should use high caution sharing important information with this website.
Protocols:
SSLv2
CRITICAL
vulnerable with 2 ciphers
SSLv3
HIGH
offered
TLS1
LOW
offered (deprecated)
TLS1_1
CRITICAL
TLSv1.1 is not offered, and downgraded to a weaker protocol
TLS1_2
MEDIUM
not offered and downgraded to a weaker protocol
TLS1_3
INFO
not offered + downgraded to weaker protocol
NPN
INFO
not offered
ALPN
INFO
not offered
Vulnerabilities:
heartbleed
OK
not vulnerable, no heartbeat extension
CCS
OK
not vulnerable
ticketbleed
OK
no session ticket extension
ROBOT
OK
not vulnerable
secure_renego
OK
supported
secure_client_renego
OK
not vulnerable
CRIME_TLS
OK
not vulnerable
BREACH
OK
not vulnerable, no gzip/deflate/compress/br HTTP compression - only supplied '/' tested
POODLE_SSL
HIGH
VULNERABLE, uses SSLv3+CBC
fallback_SCSV
HIGH
NOT supported and vulnerable to POODLE SSL
SWEET32
LOW
uses 64 bit block ciphers for SSLv2 and above
FREAK
OK
not vulnerable
DROWN
CRITICAL
VULNERABLE, SSLv2 offered with 2 ciphers. Make sure you don't use this certificate elsewhere, see https://censys.io/ipv4?q=F0002C20F77CC164F0D26505F2B35248D0AFE2B3AAD9E1F733D1A757E115AEC3
LOGJAM-common_primes
HIGH
RFC2409/Oakley Group 2
LOGJAM
OK
not vulnerable, no DH EXPORT ciphers,
BEAST_CBC_SSL3
MEDIUM
DES-CBC3-SHA
BEAST_CBC_TLS1
MEDIUM
ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA DES-CBC3-SHA
BEAST
MEDIUM
VULNERABLE -- and no higher protocols as mitigation supported
LUCKY13
LOW
potentially vulnerable, uses TLS CBC ciphers
winshock
OK
not vulnerable - doesn't seem to be IIS 8.x
RC4
HIGH
VULNERABLE, Detected ciphers: RC4-SHA RC4-MD5 RC4-MD5
===
From DigiCert:
https://ssltools.digicert.com/checker/views/checkInstallation.jsp
Certificate not issued by DigiCert, Symantec, GeoTrust, Thawte, or RapidSSL
Wrong certificate installed.
The certificate has expired.
===
Also note PHP version 5.3 is EOL
https://www.php.net/eol.php
Microsoft-IIS 7.5 is out of support and also implies a windows server version that might be out of support:
https://docs.microsoft.com/en-us/lifecycle/products/internet-information-services-iis
Also a modern web site running HTTP2 with HTTPS enabled will often perform better than an older HTTP/1.0 or HTTP/1.1 site. |
|
Back to top |
|
|
Pastor-of-Muppets Platinum Member
Joined: 06 Jan 2010 Posts: 774 Location: UK
|
Posted: Mon Feb 21, 2022 6:00 pm Post subject: |
|
|
I would also prefer if using HTTPS here was possible. |
|
Back to top |
|
|
snugsound
Joined: 02 Apr 2022 Posts: 4
|
Posted: Sat Apr 02, 2022 4:30 pm Post subject: |
|
|
+1 for this |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|