For those who saw "Your connection is not private" message today, just want to let you know that it was just a configuration issue. Turns out that every 3 months, websites have to generate a new "key" to keep the pages encrypted (new thing started last year) and uh, I forgot to renew the key... took about 30 minutes to figure out how to do it. Whew! Sorry about the inconvenience. No data was lost/etc.
Chrome actually explained what was up with the advice to try again in a short while as the site would be up again soon.
I saw that too
@btroje Chrome must be mad at me, it didn't explain anything to me.
@buzz13 you had to humble yourself and ask for help. What does that say about you?
Thanks for the clarification. I ran three virus scans, you know, because I was being paranoid.
LOL
I just did one! LOL
Your not alone doing that, I was going buggy about it.
Good to know, I was (temporarily) worried, but I had faith in you! Well, let's not say faith, let's say confidence!!! LOL
Wow. This is incredibly concerning. Do you have anyone at your company who is responsible for your network security? How are you storing our passwords? Has your software ever been security audited?
There is very little to be concerned with, unless someone explicitly goes past the warning their browser shows and then logs in. You would have to have an attacker monitoring your network traffic as well.
@indirect76 I'm worried that agnostic.com's security is weak, and that because they don't invest enough time into managing their security posture, it will put the data they have about us at risk. I do this for a living. I know what I'm talking about.
@egeste Other than our passwords, I would assume any data the site has is publicly available. As long as the passwords are stored as salted hashes, I’m fine. Even if passwords are less secure, I use different passwords for each log in I have. Though I doubt most users are as security minded as you and I.
In my experience, SSL certificates only need to be rekeyed when they expire, which is in intervals of years.
I thought it'd just be an SSL expiry.
Every three months, though? I manage an SSL web server for work, and we renew the certificate on that annually.