GirlChat #456350

Start A New Topic!  Date Index  Thread Index

Re: v12

Posted by NFiH on 2008-December-03 22:33:00 EST, Wednesday
In reply to v12 posted by Audubon on 2008-December-03 05:37:53 EST, Wednesday
  Views: 1    Likes: 0     

Can anyone here explain the reason why my browser is flipping out on this?
Yes; we use a self-signed certificate ("real" certificates, issued by recognized certificate authorities, are expensive), and we use the same certificate for a number of different domains: browsers these days don't like this; but you can always tell your browser to permanently accept our certificate.

Just to make sure you have the right certificate and not a fake GC (this is entirely possible if you are using TOR or any other proxy that supports SSL), if you inspect the certificate, you should see the following information:

Issued To
Common Name (CN) vs12
Organization (O) Humanity
Organizational Unit (OU) Chief Information Office
Serial Number 00:C8:B7:35:D0:EB:D7:5D:B6

Issued By
Common Name (CN) vs12
Organization (O) Humanity
Organizational Unit (OU) Chief Information Office


Fingerprints
SHA1 Fingerprint DE 41 CD 84 B5 7F E5 75 07 44 B5 62 C6 40 75 86 F4 16 FE 53
MD5 Fingerprint 28 8D 4B 55 DD 00 9A D6 9B E7 85 69 77 E7 10 2C

The fingerprints are important; everything else can be easily faked.

If you see any other info, please contact me immediately; this may be legitimate (because we created for whatever reason a new certificate), but it may be that someone is abusing a TOR exit node to reroute traffic to a fake GC and this way harvest posting passwords.

Never access GC via TOR using simple unencrypted http connections; always use an encrypted https connection: that is the only way you can be reasonably sure that you are not being redirected to a fake GC and that noone is stealing your password.

Another important security issue: I strongly recommend everyone to install PGP or GnuPG (if you are running Windows, use GnuPG for Windows ⚠️ ↗); my public key is linked on the contact page (this is a new key; if anyone who reads this still has my old key, please get this one; there were compatibility issues with the old key). I plan to post the information identifying our current SSL certificate as a separate, PGP-signed text file so everyone can always check that they are getting the correct certificate.



Surf safe;)
NFiH

NFiH

This post is archived, preventing any new replies.

Responses
0 Responses