mrk
Posts: 807
Likes: 753
|
Post by mrk on Aug 31, 2019 20:41:53 GMT
The certificate error is still coming up for me but you can still get into the website if you choose to ignore the warning. That's not advice I would give to the general public though. If people start thinking it's ok to ignore security warnings soon enough they'll hand over their password to a phishing website.
|
|
nw99
Posts: 340
Likes: 114
|
Post by nw99 on Aug 31, 2019 21:02:39 GMT
All working well plenty of action on the secondary market
|
|
littleoldlady
Member of DD Central
Running down all platforms due to age
Posts: 3,017
Likes: 1,835
|
Post by littleoldlady on Aug 31, 2019 21:22:08 GMT
All working well plenty of action on the secondary market A lot more sellers than buyers, and buyers want a large discount.
|
|
corto
Member of DD Central
one-syllabistic
Posts: 851
Likes: 356
|
Post by corto on Aug 31, 2019 21:28:34 GMT
The certificate error is still coming up for me but you can still get into the website if you choose to ignore the warning. That's not advice I would give to the general public though. If people start thinking it's ok to ignore security warnings soon enough they'll hand over their password to a phishing website. It's not advised either way for a financial service site. Without SSL the traffic could be recorded, credentials harvested and passwords identified and possibly cracked.
|
|
mrk
Posts: 807
Likes: 753
|
Post by mrk on Aug 31, 2019 21:56:41 GMT
That's not advice I would give to the general public though. If people start thinking it's ok to ignore security warnings soon enough they'll hand over their password to a phishing website. It's not advised either way for a financial service site. Without SSL the traffic could be recorded, credentials harvested and passwords identified and possibly cracked. Indeed. That you can access the login page as plain HTTP is in fact another issue they should fix. The root ablrate.com page does redirect to HTTPS, but not the login page that's under the platform.ablrate.com subdomain. It all looks very amateurish. Edit: I would go as far as saying that it doesn't meet the level of " appropriate technical measures" required by GDPR.
|
|
corto
Member of DD Central
one-syllabistic
Posts: 851
Likes: 356
|
Post by corto on Aug 31, 2019 22:58:41 GMT
good point
|
|
Balder
Member of DD Central
Posts: 641
Likes: 614
|
Post by Balder on Sept 1, 2019 7:24:44 GMT
ablrate schoolboy error in this day and age Ablrate someone in IT needs a severe nudge and I'd expect a complete review of security, written procedures, signatories etc this just shouldn't happen in 2019.
|
|
|
Post by marcusponds on Sept 1, 2019 10:08:08 GMT
All working well plenty of action on the secondary market I’m still experiencing the problem.
|
|
|
Post by ablrate on Sept 1, 2019 10:26:43 GMT
There is an issue with the security certificate. We are on it.
|
|
|
Post by ladywhitenap on Sept 1, 2019 12:45:50 GMT
All working well plenty of action on the secondary market I’m still experiencing the problem. All you have to do is accept an exception rule in your browser or select continue on a phone. LW
|
|
mrk
Posts: 807
Likes: 753
|
Post by mrk on Sept 1, 2019 12:53:45 GMT
I’m still experiencing the problem. All you have to do is accept an exception rule in your browser or select continue on a phone. That's also all you have to do if you want to give your details to some fake website trying to steal your password. Just ignore the warnings and accept whatever invalid certificate they present you.
|
|
|
Post by ladywhitenap on Sept 1, 2019 12:58:09 GMT
OK not something to be done every time but we know ABL have the problem and are on to it but if the OP wants to connect in the meantime then that is the way to do it. Obvious cancel the exception rule when the new certificate is up and running.
LW
|
|
blender
Member of DD Central
Posts: 5,719
Likes: 4,272
|
Post by blender on Sept 1, 2019 15:02:59 GMT
This is what you get on Microsoft Edge (the current recommended browser)
'This site is not secure
This might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately.
[Recommended icon] Close this tab
More information : The website’s security certificate is not yet valid or has expired. Error Code: DLG_FLAGS_SEC_CERT_DATE_INVALID'
OK, I can get round this by using a steam-driven Internet Explorer, but there is no 'ignore and proceed' option in Edge and the person who is not into changing security settings has had a system outage for over 24 hours.
|
|
michaelc
Member of DD Central
Posts: 4,861
Likes: 2,762
|
Post by michaelc on Sept 1, 2019 15:26:39 GMT
That's not advice I would give to the general public though. If people start thinking it's ok to ignore security warnings soon enough they'll hand over their password to a phishing website. It's not advised either way for a financial service site. Without SSL the traffic could be recorded, credentials harvested and passwords identified and possibly cracked. The fact that some or all parts of their site also answer to http on port 80 is a separate issue but I would doubt very much any of the secure parts of the site (i.e. post login) are available like that and if so I would not class the site as being fundamentally insecure although best practice these days is to secure the whole site. An expired certificate means the traffic is encrypted (no typo). The reason they expire other than to give ssl companies business is to ensure a brute force attack could not eventually succeed. Depending on key length, algorthim choice and other factors, typical expirations are many months or years. A day or two over makes no real difference. That said, an average user should most certainly not ignore browser warnings about the security of a site. Many of them are more serious than this. It is also of course commercially embarrassing.
|
|
iRobot
Member of DD Central
Posts: 1,657
Likes: 2,450
|
Post by iRobot on Sept 1, 2019 15:48:33 GMT
OK, I can get round this by using a steam-driven Internet Explorer, but there is no 'ignore and proceed' option in Edge and the person who is not into changing security settings has had a system outage for over 24 hours.
Do you not have a 'Details' link which reveals, errrr, some details but also includes: Go on to the webpage (Not recommended)(Don't know why the 'Not recommended' isn't in red, but there you go... )
|
|