Korg Forums Forum Index Korg Forums
A forum for Korg product users and musicians around the world.
Moderated Independently.
Owned by Irish Acts Recording Studio & hosted by KORG USA
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Please Enable HTTPS

 
Post new topic   Reply to topic    Korg Forums Forum Index -> Testing This Forum
View previous topic :: View next topic  
Author Message
lmatonement



Joined: 26 May 2021
Posts: 29

PostPosted: Wed Jun 02, 2021 12:38 pm    Post subject: Please Enable HTTPS Reply with quote

My son just noticed "Not secure" in the address bar, so I realized the site is not using https. !!!??

Please enable HTTPS on this site.

To suggest "the content sent to and from this site is not sensitive" is simply untrue. Even if you don't value your log-on credentials (they're sent in the clear and any observer can get your credentials - for instance if you log in while at my house, my wireless access point and firewall both have access to your credentials unencrypted), other information associated with visiting this site may be sensitive to any particular user (for instance, the fact that they are accessing the website).
Back to top
View user's profile Send private message
lmatonement



Joined: 26 May 2021
Posts: 29

PostPosted: Wed Jun 02, 2021 12:40 pm    Post subject: Re: Please Enable HTTPS Reply with quote

I guess I'm not the first to point this out (http://www.korgforums.com/forum/phpBB2/viewtopic.php?t=114406) but it bears repeating nonetheless.
Back to top
View user's profile Send private message
Koekepan
Platinum Member


Joined: 27 Sep 2016
Posts: 616

PostPosted: Wed Jun 02, 2021 1:37 pm    Post subject: Reply with quote

Please keep an HTTP-only option open for those of us who live on extremely limited systems and extremely limited bandwidth.

Those who choose to use HTTPS are welcome to, in my view.
Back to top
View user's profile Send private message
alexmu



Joined: 30 Dec 2019
Posts: 6

PostPosted: Sat Nov 06, 2021 9:08 am    Post subject: Reply with quote

Just checking with a couple of security sites.

Sucuri SiteCheck scanner
https://sitecheck.sucuri.net/

Scan Website:
https://www.korgforums.com/forum/phpBB2/index.php

IP address: 69.74.200.93
Powered by: PHP 5.3.3
Running on: Microsoft-IIS 7.5

Scan Failed
https://www.korgforums.com/forum/phpBB2/index.php

Unable to scan your site. 404 Not Found

Site Issue Detected
https://www.korgforums.com/404javascript.js (More Details)

TLS certificate expired

Site Issue Detected
https://www.korgforums.com/forum/phpBB2/.git/HEAD (More Details)

TLS certificate expired

Site Issue Detected
https://www.korgforums.com/forum/phpBB2/index.php (More Details)

TLS certificate expired


TLS Recommendations
Password input field detected on an unencrypted HTTP page. Please use HTTPS protocol to protect login forms:
http://www.korgforums.com/forum/phpBB2/index.php
No redirect from HTTP to HTTPS found. You should redirect your website visitors to the HTTPS version to avoid the "Not Secure" browser warning.
TLS 1.0 is obsolete. Please upgrade your TLS configuration.

===

SSL Trust Free Website Safety & Security Check
https://www.ssltrust.com/ssl-tools/website-security-check

Domain: https://www.korgforums.com

The SSL Certificate has Expired. You should not trust this website
The SSL Certificate is Not Trusted. You should not trust this website
The SSL Certificate is using an Insecure Signature Algorithm . You should not share any important information with this website.
The SSL Certificate and Server has Critical Security Vulnerabilities. You should not share any important information with this website.
The SSL Certificate and Server has High Risk Security Vulnerabilities. You should not share any important information with this website.
The Server is using Critically Insecure Protocols. You should not share any important information with this website.
The Server is using Insecure Protocols. You should use high caution sharing important information with this website.

Protocols:

SSLv2
CRITICAL
vulnerable with 2 ciphers

SSLv3
HIGH
offered

TLS1
LOW
offered (deprecated)

TLS1_1
CRITICAL
TLSv1.1 is not offered, and downgraded to a weaker protocol

TLS1_2
MEDIUM
not offered and downgraded to a weaker protocol

TLS1_3
INFO
not offered + downgraded to weaker protocol

NPN
INFO
not offered

ALPN
INFO
not offered

Vulnerabilities:

heartbleed
OK
not vulnerable, no heartbeat extension

CCS
OK
not vulnerable

ticketbleed
OK
no session ticket extension

ROBOT
OK
not vulnerable

secure_renego
OK
supported

secure_client_renego
OK
not vulnerable

CRIME_TLS
OK
not vulnerable

BREACH
OK
not vulnerable, no gzip/deflate/compress/br HTTP compression - only supplied '/' tested

POODLE_SSL
HIGH
VULNERABLE, uses SSLv3+CBC

fallback_SCSV
HIGH
NOT supported and vulnerable to POODLE SSL

SWEET32
LOW
uses 64 bit block ciphers for SSLv2 and above

FREAK
OK
not vulnerable

DROWN
CRITICAL
VULNERABLE, SSLv2 offered with 2 ciphers. Make sure you don't use this certificate elsewhere, see https://censys.io/ipv4?q=F0002C20F77CC164F0D26505F2B35248D0AFE2B3AAD9E1F733D1A757E115AEC3

LOGJAM-common_primes
HIGH
RFC2409/Oakley Group 2

LOGJAM
OK
not vulnerable, no DH EXPORT ciphers,

BEAST_CBC_SSL3
MEDIUM
DES-CBC3-SHA

BEAST_CBC_TLS1
MEDIUM
ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA DES-CBC3-SHA

BEAST
MEDIUM
VULNERABLE -- and no higher protocols as mitigation supported

LUCKY13
LOW
potentially vulnerable, uses TLS CBC ciphers

winshock
OK
not vulnerable - doesn't seem to be IIS 8.x

RC4
HIGH
VULNERABLE, Detected ciphers: RC4-SHA RC4-MD5 RC4-MD5

===

From DigiCert:
https://ssltools.digicert.com/checker/views/checkInstallation.jsp

Certificate not issued by DigiCert, Symantec, GeoTrust, Thawte, or RapidSSL
Wrong certificate installed.
The certificate has expired.

===

Also note PHP version 5.3 is EOL
https://www.php.net/eol.php

Microsoft-IIS 7.5 is out of support and also implies a windows server version that might be out of support:
https://docs.microsoft.com/en-us/lifecycle/products/internet-information-services-iis

Also a modern web site running HTTP2 with HTTPS enabled will often perform better than an older HTTP/1.0 or HTTP/1.1 site.
Back to top
View user's profile Send private message
Pastor-of-Muppets
Platinum Member


Joined: 06 Jan 2010
Posts: 774
Location: UK

PostPosted: Mon Feb 21, 2022 6:00 pm    Post subject: Reply with quote

I would also prefer if using HTTPS here was possible.
Back to top
View user's profile Send private message
snugsound



Joined: 02 Apr 2022
Posts: 4

PostPosted: Sat Apr 02, 2022 4:30 pm    Post subject: Reply with quote

+1 for this
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Korg Forums Forum Index -> Testing This Forum All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group