S@h_BETA 'faked'? I can't log-in with Firefox


log in

Advanced search

Message boards : Number crunching : S@h_BETA 'faked'? I can't log-in with Firefox

1 · 2 · Next
Author Message
Profile [seti.international] Dirk Sadowski
Volunteer tester
Avatar
Send message
Joined: 6 Apr 07
Posts: 7117
Credit: 61,264,148
RAC: 4,623
Germany
Message 1031207 - Posted: 5 Sep 2010, 19:31:30 UTC
Last modified: 5 Sep 2010, 19:45:26 UTC

Hello community!

I wanted to log-in in my S@h_BETA account.
I go to the website: 'http://setiweb.ssl.berkeley.edu/beta' ..click on 'Your account'..

..the URL in the browser change to 'https://..'
..and my Firefox browser say:

Dieser Verbindung wird nicht vertraut

Sie haben Firefox angewiesen, eine gesicherte Verbindung zu setiweb.ssl.berkeley.edu aufzubauen, es kann aber nicht überprüft werden, ob die Verbindung sicher ist.

Wenn Sie normalerweise eine gesicherte Verbindung aufbauen, weist sich die Website mit einer vertrauenswürdigen Identifikation aus, um zu garantieren, dass Sie die richtige Website besuchen. Die Identifikation dieser Website dagegen kann nicht bestätigt werden.

Was sollte ich tun?

Falls Sie für gewöhnlich keine Probleme mit dieser Website haben, könnte dieser Fehler bedeuten, dass jemand die Website fälscht. Sie sollten in dem Fall nicht fortfahren.



It's like the website is 'faked'.


You see similar things there?


Thanks!
____________
BR

SETI@home Needs your Help ... $10 & U get a Star!

Team seti.international

Das Deutsche Cafe. The German Cafe.

KB7RZF
Volunteer tester
Avatar
Send message
Joined: 15 Aug 99
Posts: 9464
Credit: 3,112,738
RAC: 10
United States
Message 1031211 - Posted: 5 Sep 2010, 19:48:55 UTC

I got a warning as well when I clicked on my account, but it let me long in just fine.
____________

Profile [seti.international] Dirk Sadowski
Volunteer tester
Avatar
Send message
Joined: 6 Apr 07
Posts: 7117
Credit: 61,264,148
RAC: 4,623
Germany
Message 1031214 - Posted: 5 Sep 2010, 19:53:44 UTC - in response to Message 1031211.

I got a warning as well when I clicked on my account, but it let me long in just fine.


You use the Internet Explorer?

IIRC, the URL in the browser don't change to 'https://..'.
You see also the 's'?

Firefox say it could be a fake and I should 'go away'.. ;-)

____________
BR

SETI@home Needs your Help ... $10 & U get a Star!

Team seti.international

Das Deutsche Cafe. The German Cafe.

Profile John Neale
Volunteer tester
Avatar
Send message
Joined: 16 Mar 00
Posts: 519
Credit: 3,235,987
RAC: 1,247
South Africa
Message 1031220 - Posted: 5 Sep 2010, 20:16:52 UTC

I am able to reach the "Your account" page on SETI Beta using MS Internet Explorer, and the url starts with http.

However, when I tried to navigate there with Google Chrome, I received this security warning:

The site's security certificate is not trusted!
You attempted to reach setiweb.ssl.berkeley.edu, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Google Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications. You should not proceed, especially if you have never seen this warning before for this site.


And the url changed to https. (Since I had never been there before via Google Chrome, I was being directed to the login page.)
____________

Profile [seti.international] Dirk Sadowski
Volunteer tester
Avatar
Send message
Joined: 6 Apr 07
Posts: 7117
Credit: 61,264,148
RAC: 4,623
Germany
Message 1031223 - Posted: 5 Sep 2010, 20:24:24 UTC - in response to Message 1031220.

For ~ one month or something (the last time I logged-in there) I could log-in with Firefox.

In the meantime maybe someone changed there something?

Because normally (in past) the URL don't change to 'https://..'.

____________
BR

SETI@home Needs your Help ... $10 & U get a Star!

Team seti.international

Das Deutsche Cafe. The German Cafe.

Profile Fred J. Verster
Volunteer tester
Avatar
Send message
Joined: 21 Apr 04
Posts: 3252
Credit: 31,902,797
RAC: 257
Netherlands
Message 1031228 - Posted: 5 Sep 2010, 21:11:15 UTC - in response to Message 1031223.

SETI Bêta Main Page
Also be able to log-in, normally.

But, only Bêta Forums, are UP, all other servers are Disabled or Not Running, so no work is generated.
AP tasks can only come from SETI@Home ;-)


____________

JohnDKProject donor
Volunteer tester
Avatar
Send message
Joined: 28 May 00
Posts: 876
Credit: 48,318,960
RAC: 19,065
Denmark
Message 1031230 - Posted: 5 Sep 2010, 21:33:46 UTC - in response to Message 1031220.

I am able to reach the "Your account" page on SETI Beta using MS Internet Explorer, and the url starts with http.

However, when I tried to navigate there with Google Chrome, I received this security warning:

The site's security certificate is not trusted!
You attempted to reach setiweb.ssl.berkeley.edu, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Google Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications. You should not proceed, especially if you have never seen this warning before for this site.


And the url changed to https. (Since I had never been there before via Google Chrome, I was being directed to the login page.)

Not sure if you mean there was no warning when using IE, which version do you use? Using IE8 I did get the warning, I clicked anyway and got to the login screen.

I don't think there anything bad/fake going on, I thing either the certificate has run out or Seti have change some URL stuff so the certificate isn't valid anymore.

ClaggyProject donor
Volunteer tester
Send message
Joined: 5 Jul 99
Posts: 4216
Credit: 34,480,775
RAC: 12,281
United Kingdom
Message 1031231 - Posted: 5 Sep 2010, 21:40:40 UTC - in response to Message 1031228.

SETI Bêta Main Page
Also be able to log-in, normally.

But, only Bêta Forums, are UP, all other servers are Disabled or Not Running, so no work is generated.
AP tasks can only come from SETI@Home ;-)


I can also log in O.K with IE and Firefox,

Don't trust what the Server Status page says, it hasn't reflected reality for at least 9 months, the rest of the project is up,

and to prove it here's some fresh work i've just received: All tasks for computer 45274

Claggy

Josef W. SegurProject donor
Volunteer developer
Volunteer tester
Send message
Joined: 30 Oct 99
Posts: 4336
Credit: 1,113,795
RAC: 779
United States
Message 1031238 - Posted: 5 Sep 2010, 22:35:04 UTC

S@H uses self-signed certificates. The browser should allow you to view the certificate and see that, then if you trust the staff you accept the certificate.

It is definitely proper for a browser to get the user's judgement for such cases which are not chained back to one of the big certificate issuers.

Joe

Profile arkaynProject donor
Volunteer tester
Avatar
Send message
Joined: 14 May 99
Posts: 3728
Credit: 48,768,260
RAC: 1,737
United States
Message 1031241 - Posted: 5 Sep 2010, 22:45:59 UTC

If you are logging in, the server should change to https:// as that means the connection is encrypted and less likely to be intercepted.

Once I confirmed the certificate exception I logged in just fine to my account.
____________

Profile [seti.international] Dirk Sadowski
Volunteer tester
Avatar
Send message
Joined: 6 Apr 07
Posts: 7117
Credit: 61,264,148
RAC: 4,623
Germany
Message 1031243 - Posted: 5 Sep 2010, 23:06:01 UTC
Last modified: 6 Sep 2010, 0:00:01 UTC

I never use again the Internet Explorer.. ;-)
I use only Firefox.. :-)


The 'problem' is, that I never got a notification in Firefox that I enter a 'https' (security, encrypted) area, if I log(ged)-in at S@h or S@h_B.
The 'http' stay/ed all the time.

The strange is, for some hours, that the browser say, I will enter a 'https' area after clicking on 'Your account' at S@h_B. This was never before.

I don't want to look to EMails or make homebanking or something similar..

S@h and S@h_B was never a 'https' area.


Maybe an admin changed there something?
Or, what's going on with my browser?


EDIT: BTW. Now I see also only the 'http' in the browser here in the forum..
EDIT#2: You see there 'https'?
____________
BR

SETI@home Needs your Help ... $10 & U get a Star!

Team seti.international

Das Deutsche Cafe. The German Cafe.

KB7RZF
Volunteer tester
Avatar
Send message
Joined: 15 Aug 99
Posts: 9464
Credit: 3,112,738
RAC: 10
United States
Message 1031257 - Posted: 6 Sep 2010, 0:15:06 UTC - in response to Message 1031214.

I got a warning as well when I clicked on my account, but it let me long in just fine.


You use the Internet Explorer?

IIRC, the URL in the browser don't change to 'https://..'.
You see also the 's'?

Firefox say it could be a fake and I should 'go away'.. ;-)

No, I only use Firefox. Once the certificate is accepted, you don't get the warning again, or at least I didn't.
____________

Profile James Sotherden
Avatar
Send message
Joined: 16 May 99
Posts: 9044
Credit: 36,979,785
RAC: 14,177
United States
Message 1031264 - Posted: 6 Sep 2010, 1:14:51 UTC

I see the Http when I use safari or IE8, when Im on the mesaage boards.
____________

Old James

Profile Fred J. Verster
Volunteer tester
Avatar
Send message
Joined: 21 Apr 04
Posts: 3252
Credit: 31,902,797
RAC: 257
Netherlands
Message 1031330 - Posted: 6 Sep 2010, 8:29:42 UTC - in response to Message 1031264.

I really dislike I.E. it's the only browser/program, that crashes too often (!?!)
Or just stops, I'll prefer F.F.
Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.9.2.8) Gecko/20100722 AskTbCPUID/3.8.0.12304 Firefox/3.6.8 ( .NET CLR 3.5.30729)


____________

Profile John Neale
Volunteer tester
Avatar
Send message
Joined: 16 Mar 00
Posts: 519
Credit: 3,235,987
RAC: 1,247
South Africa
Message 1031339 - Posted: 6 Sep 2010, 9:17:57 UTC - in response to Message 1031230.

Not sure if you mean there was no warning when using IE, which version do you use? Using IE8 I did get the warning, I clicked anyway and got to the login screen.


My default browser is IE8, and I'm automatically logged in to my SETI Beta account using that browser. I'm sure that if I logged out and tried to log in again using IE8, I'd get the warning.

The warning appeared when I used Google Chrome for the first time, and was directed to the login page. (Incidentally, this warning did not appear when I logged into my SETI Main account page for the first time using Chrome.)

Since I agree that there isn't a problem with the site, I proceeded with the SETI Beta login anyway. I was not afforded an opportunity to view the security certificate, but once logged in, I remained logged in and was able to access the "Your account" page without any further warnings.
____________

Sirius B
Volunteer tester
Avatar
Send message
Joined: 26 Dec 00
Posts: 11796
Credit: 1,787,786
RAC: 1,688
Syria
Message 1031341 - Posted: 6 Sep 2010, 9:38:46 UTC

Just logged into S@H Beta using IE with no problems. No https & logged out & back in, still no problem.

Profile S@NL - BuddyWolly
Volunteer tester
Avatar
Send message
Joined: 31 May 99
Posts: 19
Credit: 7,194,635
RAC: 433
Netherlands
Message 1031350 - Posted: 6 Sep 2010, 12:18:37 UTC

The login process uses https protocol. It presents a certificate to you browser so your browser knows it is the website it is suposed to be.
The name for which the certificate is issued (setibase.ssl.berkeley.edu) as present on the current certificate does not match the exact address (http://setiweb.ssl.berkeley.edu/beta/) off the website. Also the certificate is a so called self signed certificate. i.e. a certificate created by berkeley itself, as opposed by a certificate provided by a certificate authority (i.e. verisign and the likes).

Modern browsers warn you that this is not in compliance whit how certificats are suposed to be used.
You can check the certificate by looking at its detail, check the address in your browser and if you think everything is OK then add an exception allowing your browser to accept this certificate.


____________

Profile John Neale
Volunteer tester
Avatar
Send message
Joined: 16 Mar 00
Posts: 519
Credit: 3,235,987
RAC: 1,247
South Africa
Message 1031351 - Posted: 6 Sep 2010, 12:22:46 UTC - in response to Message 1031341.

Just logged into S@H Beta using IE with no problems. No https & logged out & back in, still no problem.


I did the same - logged out and in - and IE8 did indeed give a security warning. The login page url is secure/encrypted: https://setiweb.ssl.berkeley.edu/beta/login_form.php?next_url=home.php.

Which version of IE are you using?
____________

Sirius B
Volunteer tester
Avatar
Send message
Joined: 26 Dec 00
Posts: 11796
Credit: 1,787,786
RAC: 1,688
Syria
Message 1031382 - Posted: 6 Sep 2010, 17:08:13 UTC - in response to Message 1031351.

Win 7 & Version 8. Still not getting any warning. logs in ok.

Eric KorpelaProject donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar
Send message
Joined: 3 Apr 99
Posts: 1112
Credit: 10,325,010
RAC: 8,197
United States
Message 1031508 - Posted: 7 Sep 2010, 0:50:26 UTC

David was doing some testing of using https to secure the login pages. He didn't realize that we have a self signed certificate which shows up as a warning in most browsers. He's stopped the testing until we by a certificate signed by a certification authority (CA).
____________

1 · 2 · Next

Message boards : Number crunching : S@h_BETA 'faked'? I can't log-in with Firefox

Copyright © 2014 University of California