It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
General discussion (archive)*Important* Time to change your passwords *important*(115 posts)(115 posts)
(115 posts)
Pages:
1
2
3
4
5
6
7
8
This is my favourite topic
Posted April 18, 2014
Like skeletonbow posted previously, I too am in Canada -- whether that has any bearing -- and seeing that the certificate validity start date has not been changed, and therefore is not revoked that i can see. I also ran a couple of independent tests against secure.gog.com, one through Agilebits Watchtower showing that the certificate was not revoked and the second though the Lastpass checker which indicated that is was reissued recently, so clearly there is a discrepancy here.

Can anyone please verify this, as I will not be buying anything else from GOG until my own tests in combination with third party ones all show the same results, and since I have a gaming addiction to feed that makes me rather sad.
Posted April 18, 2014
avatar
tinyE: Well shit, now I need to come up with something better than "12345".
That's the code for the Oxygen Sphere over Druidia!

"Spaceballs reference yay"
Posted April 18, 2014
avatar
nytewraeth: Like skeletonbow posted previously, I too am in Canada -- whether that has any bearing -- and seeing that the certificate validity start date has not been changed, and therefore is not revoked that i can see. I also ran a couple of independent tests against secure.gog.com, one through Agilebits Watchtower showing that the certificate was not revoked and the second though the Lastpass checker which indicated that is was reissued recently, so clearly there is a discrepancy here.

Can anyone please verify this, as I will not be buying anything else from GOG until my own tests in combination with third party ones all show the same results, and since I have a gaming addiction to feed that makes me rather sad.
If you think there's still a vulnerability, you should contact support. If you're right, they'll really be keen to know.
Posted April 19, 2014
avatar
wpegg: If you think there's still a vulnerability, you should contact support. If you're right, they'll really be keen to know.
avatar
nytewraeth: Like skeletonbow posted previously, I too am in Canada -- whether that has any bearing -- and seeing that the certificate validity start date has not been changed, and therefore is not revoked that i can see.
Look again. The cert has been re-keyed, but it is using the original issue date. You can even check the old, revoked cert.
Posted April 19, 2014
avatar
nytewraeth: Like skeletonbow posted previously, I too am in Canada -- whether that has any bearing -- and seeing that the certificate validity start date has not been changed, and therefore is not revoked that i can see.
avatar
Gydion: Look again. The cert has been re-keyed, but it is using the original issue date. You can even check the old, revoked cert.
Thank you very much for this, I had not seen those specific posts. In addition this conveniently addresses my concerns about another site for which I had seen an old validity date but was reported as fixed. Great to know!
Posted April 19, 2014
avatar
nytewraeth: Thank you very much for this, I had not seen those specific posts. In addition this conveniently addresses my concerns about another site for which I had seen an old validity date but was reported as fixed. Great to know!
No problem. By all accounts DigiCert is one the better CAs, but I would like if by default they updated the issue date on a cert that's been re-keyed.
Posted April 19, 2014
avatar
Gydion: No problem. By all accounts DigiCert is one the better CAs, but I would like if by default they updated the issue date on a cert that's been re-keyed.
Yep, I installed that add-on you suggested and it keeps complaining about the certs on all sites that got them from DigiCert.
Posted April 19, 2014
avatar
HypersomniacLive: Yep, I installed that add-on you suggested and it keeps complaining about the certs on all sites that got them from DigiCert.
I've noticed many sites got a new certificate from DigiCert which Certificate Patrol properly notifies you about. It is a bit noisy. You can turn off a number of the pop-ups in the options. Also, it doesn't work for Google as they are able to mint their own certs and with their CDN setup they are constantly switching them around.
Post edited April 19, 2014 by Gydion
Posted April 19, 2014
avatar
Gydion: I've noticed many sites got a new certificate from DigiCert which Certificate Patrol properly notifies you about. It is a bit noisy. You can turn off a number of the pop-ups in the options. Also, it doesn't work for Google as they are able to mint their own certs and with their CDN setup they are constantly switching around.
That's what I meant, sorry for the poor wording. I don't mind the pop-ups, I'd rather it being noisy than not notifying you at all or incorrectly.
I've checked out the options, but as I said I'd rather get the pop-ups - Certificate Patrol provides a good number of details.

Haven't tested it on Google though, not much of a Google-based <insert service here> user.
Posted April 24, 2014
How the heartbleed exploit works:

http://imgs.xkcd.com/comics/heartbleed_explanation.png
Pages:
1
2
3
4
5
6
7
8
This is my favourite topic
Community
General discussion (archive)*Important* Time to change your passwords *important*(115 posts)(115 posts)
(115 posts)