SSL Certificate mismatch

Category group and category are irrelevant.  This is a domain issue. The SSL certificates are for a.ssl.fastly.net and ssl.fastly.net, neither of which even seem to exist other than being registered to an "Eric Gould", who owns at least 111 domains (that I saw). This is problematic.  Can it be fixed?  Or is someone trying to MITM? Thanks, Sean

Topic by MeanderingCode 7 years ago  |  last reply 6 years ago


Registration and password update accepts a password that cannot be used on the site for logging in later

According to "How to Submit Bug Reports" here come the details: (A) Registration and password update accepts a password that cannot be used on the site for logging in later 1. Acer laptop, T4400 Dual-core CPU, 4GB RAM with Win7 (6.1.7601) Home Premium x64 Service Pack 1 running 2. Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 3. Instructables dot com Signup 4. Screen shots attached 5. Steps to reproduce: go to Signup, enter a valid e-mail address You remember and enter a random password e.g. 34 characters long, containing A-Z, a-z, 0-9, and some special characters, e.g. #%'(*.:?@ (I can send You the exact passwords used upon request) You can repeat this as many times You wish with the useful feature called Forgot Username/Password -> You will get the code, You can enter another password like the above and still cannot login. Another strangeness was to me that the 'restored' account had a totally different username from that I originally entered when signing up. Interesting 'phenomenon'. This does not happen with other types of passwords (weaker passwords) Suggestions & ideas: while I did not check page source, input field checking might need improvement. (Bobby Tables: A guide) Another thing (B) is that SSL on the site 'has its limits' B.1, B.2 Same specs apply B.3 Instructables dot com Signup via HTTPS B.4 I trust Your imagination, maybe there is no need for a screen shot B.5 NET::ERR_CERT_COMMON_NAME_INVALID *.a.ssl.fastly.net certification provided by DigiCert (High Assurance CA-3) Steps to reproduce: - reset or check out certificates in test browser - just open the site via https:// Suggestions & ideas: the website could use StartSSL Free or StartSSL Verified Certificates An issue connected to this one is that the SSL Signup page is useless anyway, since captcha cannot be seen and/or entered the via the HTTPS version... (screen shot attached) Suggestions & ideas: make the captcha work on the https page and redirect signups and logins there by default (and then redirect back to http if the original login request came that way) Best Regards, pc-fan

Topic by pc-fan 4 years ago


It's 2016, and Instructables is owned by a big company now. Why does it still not support HTTPS successfully?

(I thought there was a forum for topics about the Instructables website itself, but apparently not, so I'm putting this in Square Pegs.) Posting this publicly poses no risk to the security of the Instructables website or any user's account. Any attacker who would use this information (which is pretty much all of them) would be able to figure it out on their own more easily than finding and reading this post. It is extremely obvious to anyone who simply looks at the address bar while visiting the website. (I would be very surprised to learn that no one has taken advantage of it already, if that can even be proven.) Instructables appears to be severely behind the times when it comes to keeping its users' accounts safe from hacking, and their communications secure from eavesdropping and tampering. Just about everyone who runs a website or is very active online these days knows the importance of having a secure HTTPS connection between your computer and the website's server. (For anyone who hasn't been paying attention for the past ten years or so, here's a Wikipedia article about it.) Like any security-conscious Web user, I'm reluctant to log into any website that doesn't use HTTPS, especially when I'm on an Internet connection that's not my own. (Just look up Firesheep to see why.) In the early years of the Web, HTTPS didn't exist, and every webpage was loaded and every form was submitted insecurely. Then HTTPS was developed. For years, many websites used HTTPS just for their login pages, and used HTTP (i.e. insecure communication) for the rest of the site, once you logged in. This was better than only HTTP because it kept man-in-the-middle attackers from seeing your password, but they could still manipulate the content you saw or the actions you took after logging in, or take over your session using Firesheep. At that time, website operators didn't want to use HTTPS for their entire sites because it would slow down page loading. These days, however, most websites that you can log into use HTTPS for everything, because it's more secure and there's no longer any reason not to. HTTPS is now much faster than HTTP, because it allows more optimization and compression. The only websites I can think of other than Instructables that let you log in insecurely are those that don't support HTTPS at all, mostly small-time forums operated by people without much website administration expertise. It appears that Instructables has made some attempts to support HTTPS, as evidenced by this forum topic from 4 years ago. That was a complaint that the certificate (from Fastly, the CDN Instructables uses) wasn't valid for Instructables and was therefore rejected by the user's Web browser, preventing a secure connection. One of the replies mentioned that a secure login page was available at https://ssl.instructables.com/account/login, and that login page is actually still available. However, it is not linked to from any other page that I can find, meaning that everyone who doesn't know about it (i.e. the vast majority of users) is logging in insecurely, meaning that the sentence "When sensitive personal information is transferred over the Internet, we encrypt it using Transfer [sic] Layer Security (TLS) encryption technology or similar technology." in the Autodesk Privacy Statement is factually incorrect about Instructables. Furthermore, working HTTPS doesn't seem to be available at all for the user account settings, meaning that when a user changes their password, both the old password and the new password are transmitted insecurely, which also makes that sentence incorrect. Additionally, when I try to use HTTPS for any other Instructables page, it doesn't work. https://ssl.instructables.com redirects to https://www.instructables.com, while https://www.instructables.com results in the above mentioned certificate error because the certificate Fastly is using doesn't include Instructables on the list of (many) sites that it's valid for. (I can bypass the certificate error and load Instructables over HTTPS anyway, but this is a bad security practice, and the connection does not stay on HTTPS as I browse, making it pointless.) In summary, Instructables seems five to ten years behind the rest of the Web when it comes to user account security. However, I think this could probably all be solved pretty easily, by asking Fastly to enable (or fix, if it's supposed to be enabled already) HTTPS for the domain [www.]instructables.com, and either changing all links to point to HTTPS URLs or (preferably) enabling HSTS, which will cause all users to use HTTPS regardless of the URLs they type or the links or old bookmarks they click. This would likely have the side benefit of speeding up page loading for all users. --- P.S. The lack of HTTPS has also caused me to worry about another aspect of Instructables account security. The Privacy Statement says nothing about how users' credentials are stored on the server(s) to prevent breaches of sensitive information by malicious attackers, negligence, disgruntled employees, etc. (It only says that employees are only allowed to access users' information if they need to to perform their duties, and that data is securely destroyed when no longer needed.) Does Instructables use industry-standard salted hashing (SHA-1 or better) to keep users' passwords secure on the server(s)?

Topic by PointyOintment 3 years ago  |  last reply 2 years ago


how do i configure incredimail with windows live, I cant send email from my incredimail.?

I get an error server does not suport ssl connection

Question by mepp 8 years ago  |  last reply 8 years ago


[GUIDE] Raspberry Pi 3g Internet Wifi Access Point (Optional script to sniff login details)

Wasn't sure where to put this, thought it might be of interest to someone in here :) As a project, I set up my Raspberry Pi as a 3g internet Wireless AP to strip SSL from secure websites and harvest the login details. I wanted to show how easy it would be for someone to set up wireless AP providing free internet, with the equipment hidden - maybe in a backpack - and sit in a public place grabbing login details without anyone suspecting a thing. In the future I would like to do this while running the Pi from a battery bank. Guide to set up Raspberry Pi as a 3g Wireless AP Tutorial on writing BASH script to harvest login details

Topic by BigCowPi 6 years ago  |  last reply 6 years ago


Quick rundown various Linux and BSD operating systems:

1.  Debian - one of the older base distributions and currently one of the most popular.  Uses the "apt" package manager for software installation.  Excellent server distribution. 2.  Fedora - the free community edition of Red Hat Linux.  Sponsored by Red Hat Linux.  Uses the "rpm" package manager for software installation. 3.  openSuse - sponsored by Novell, originally developed largely in Europe. 4.  Mageia - fork of an older distribution called Mandriva Linux. 5.  PCLinuxOS - also a fork of Mandriva.  Looks to provide out-of-the-box support for graphics and sound cards. 6.  Red Hat Enterprise Linux (RHEL) - based on Fedora, RHEL includes many enterprise-level enhancements and is supported Red Hat corporation. 7.  CentOS Linux - free enterprise-grade operating system that is built from the same source code as RHEL without the proprietary enhancements or support from Red Hat.  8.  Puppy - very small Linux operating system that boots the OS and applications completely into RAM.  Can operate on older computer equipment.  Excellent for use in emergencies and to recover data from hard drives. 9.  FreeBSD - operating system that is based on BSD code. 10.  Ubuntu Linux - easy to use operating system that is based on Debian Linux.  Supported by the Canonical corporation.  Ubuntu means "humanity to others".  Excellent server distribution. 11.  Linux Mint - currently one of the most popular distributions, based on Ubuntu Linux.  Looks to provides complete experience by including browser plugins and media codecs (ie: Flash) upon installation.  Excellent desktop distribution.  Also comes in lightweight editions for older hardware 12.  NetBSD - based on BSD code.  Can be run on a wide range of hardware.  Currently there are 57 different hardware architectures that can run NetBSD. 13.  OpenBSD - based on BSD code.  Source code built from the ground up with security first and foremost as the goal.  Ships "secure by default", that is, all non-essential services are disabled.  OpenBSD has embedded cryptography throughout the operating system; it utilizes OpenSSH, Pseudo Number Random Generators, cryptographic hash functions, cryptographic transforms and crypto hardware support. 14.  ClearOS - server and network distro designed for small businesses.  Based on Red Hat Linux.  Web-based interface controls anti-virus, anti-spam, VPN, content filtering, bandwidth manager, file services, SMTP services, print services, SSL certification, and web services. 15.  Kali Linux - distro that specializes in penetration testing and security auditing.  Over 300 penetration testing tools.  Based on Debian Linux. 16.  Lubuntu - lightweight version of Ubuntu Linux for older computers and netbooks. 17.  Gentoo - highly customizable distro that uses a package system called portage written in Python.  Mascot is Larry the Cow.

Topic by matt392 5 years ago  |  last reply 5 years ago


NEW 2009 Rocky Mountain Element Team Mountain Bike $2,000

dessy.richard@yahoo.com bikeworld.world@gmail.com.Dear Customer, Rocky Mountain Eleme BilNEW 2008/2009 l Bike world Ltd is one of the leading bike distributors.We are Legitimate registered Company under licensed number(RC43315).We ship via FedEx,UPS or DHL, and your ordered items will get to your door step within 48 hrs(Two Working Day).We sell all kinds Cannondale, Cervelo, Ellsworth, Giant, Jamis, Klein, Kona, Litespeed, Rocky Mountain, Santa Cruz, Specialized, Trek, Gary Fisher bikes Here are some of our price list: NEW Cervelo P2C Ultegra Bicycle - 2008-CRV8P2CU....$2000 NEW 2009 Cannondale Road Tandem Bike....... $1,600 NEW 2009 Cannondale F4000 SL Mountain Bike..... $2,400 NEW 2009 Cannondale Gemini 900 Mountain Bike..... $1,200 NEW 2009 Cannondale Mountain Tandem Bike..... $1,200 NEW 2009 Cannondale Prophet 4000 Mountain Bike..... $2,600 NEW 2009 Cannondale R1000 Road Bike..... $1,000 NEW 2009 Cannondale Scalpel 3000 Mountain Bike.... $2,600 NEW 2009 Cannondale Six13 Team 1 Dura Ace Road Bike..... $2,400 NEW 2009 Cervelo Soloist Carbon Road Bike..... $2,800 NEW 2009 Cervelo P3 Carbon Road Bike..... $3,200 NEW 2009 Cervelo Soloist Team Road Bike..... $1,900 NEW 2009 Ellsworth Epiphany Mountain Bike..... $3,000 NEW 2009 Ellsworth Moment Mountain Bike..... $3,400 NEW 2009 Ellsworth Truth Mountain Bike..... $2,800 NEW 2009 Gary Fisher Cake 1 DLX Mountain Bike..... $1,700 NEW 2009 Giant Anthem 1 Mountain Bike..... $1,200 NEW 2008 Santa Cruz Blur LT Mountain Bike $2,200 NEW 2008 Santa Cruz Nomad Mountain Bike $2,000 NEW 2008 Santa Cruz V 10 Mountain Bike $2,200 NEW 2008 Specialized Demo 8 Mountain Bike $2,000 NEW 2008 Specialized Enduro SL Pro Carbon Mountain Bike $2,100 NEW 2008 Specialized Epic Comp Mountain Bike $1,150 NEW 2008 Specialized Epic Marathon Mountain Bike $1,700 NEW 2008 Specialized Roubaix Pro Road Bike $1,700 NEW 2008 Specialized Ruby Pro Road Bike $1,700 NEW 2008 Specialized S-Works Stumpjumper Fsr Carbon Bike $2,300 NEW 2008 Specialized S-Works Tarmac SL Sram Road Bike $2,300 NEW 2008 Specialized S-Works Roubaix Dura Ace Road Bike $2,300 NEW 2008 Specialized Stumpjumper Comp Mountain Bike $1,000 NEW 2008 Specialized Tarmac Pro Double Road Bike $1,700 NEW 2008 Specialized Transition Pro Road Bike $1,700 NEW 2009 MARIN Juinper Trail Bike $900 NEW 2009 MARIN Wildcat Trail Bike $1,200 NEW 2009 MARIN Alpine Trail Bike $1,300 NEW 2009 MARIN East Peak Bikw $1,550 NEW 2009 MARIN Rock Springs Bike $1,300 NEW 2009 MARIN Rift Zone Bike $1,400 NEW 2009 MARIN Rift Zone SE Bike $ 1,300 NEW 2009 MARIN Wolf Ridge Bike $1,600 NEW 2009 MARIN Mount Vision Bike $1,800 NEW 2009 MARIN Attack Trail Bike $1,810 NEW 2009 MARIN Mount Vision Pro Bike $2,600 NEW 2009 Cannondale Road Tandem Bike $1,100 NEW 2009 Cannondale F4000 SL Mountain Bike $2,300 NEW 2009 Cannondale Gemini 900 Mountain Bike $1,100 NEW 2009 Cannondale Mountain Tandem Bike $1,100 NEW 2009 Cannondale Prophet 4000 Mountain Bike $2,500 NEW 2009 Cannondale R1000 Road Bike $1,000 NEW 2009 Cannondale Scalpel 3000 Mountain Bike $2,500 NEW 2009 Cannondale Six13 Team 1 Dura Ace Road Bike $2,300 NEW 2009 Klein Q-Pro XV Road Bike $1,200 NEW 2009 Kona Dawg Primo Mountain Bike $1,100 NEW 2009 Kona Kula Supreme Mountain Bike $1,800 NEW 2009 Kona Stinky Mountain Bike $1,000 NEW 2009 Kona Kula Lisa Mountain Bike $1,000 NEW 2009 Kona Four Lisa Mountain Bike $1000 NEW 2009 Kona Blast Deluxe - Gold - SRP $900 NEW 2009 Cervelo Soloist Carbon Road Bike $2,200 NEW 2009 Cervelo P3 Carbon Road Bike $2,200 NEW 2009 Cervelo Soloist Team Road Bike $1,100 NEW 2009 Ellsworth Epiphany Mountain Bike $2,400 NEW 2009 Ellsworth Moment Mountain Bike $2,500 NEW 2009 Ellsworth Truth Mountain Bike $2,100 NEW 2009 Gary Fisher Cake 1 DLX Mountain Bike $1,400 NEW 2009 Giant Anthem 1 Mountain Bike $1,100 NEW 2009 Giant Reign X0 Mountain Bike $1,700 NEW 2009 Giant Tcr Composite 1 Road Bike $1,400 NEW 2009 Giant Trance 1 Mountain Bike $1,100 NEW 2009 Jamis Dakar XC Pro Mountain Bike $1,800 NEW 2009 Litespeed Bella Road Bike $1,100 NEW 2009 Litespeed Ghisallo Road Bike $2,500 NEW 2009 Litespeed Niota Ti Mountain Bike $2,700 NEW 2009 Litespeed Tuscany Road Bike $1,700 NEW 2009 Rocky Mountain Element Team Mountain Bike $2,000 NEW 2009 Rocky Mountain Slayer 70 Mountain Bike $1,600 NEW 2009 Trek 5000 Road Bike $1,100 NEW 2009 Trek Pilot SL 5.9 Road Bike $1,800 NEW 2009 Trek Tandem T 2000 Road Bike $1,400 NEW 2009 Trek Madone SSL 6.9 Road Bike $2,800 NEW 2009 Trek Top Fuel SL Mountain Bike $2,800 Get back to me with your full order if you are really interested in buying from us via email regards,sales manager.

Topic by dessy 10 years ago