# "Connection is not Secure" - message some of you may see in some web browsers



## TUGBrian

Just a quick FYI on this, some recent updates to both firefox and chrome will now pop up a small warning either in the address bar or near the top of the page that say something like "page not secure" or "connection not secure".

Rest assured, nothing on the TUG side has changed and TUG pages are no less (or no more) secure than they have always been.

This is merely a new implementation for some web browsers to further inform end users when a connection is secure or not.

We have gotten a few emails from members questioning the new warnings when they browse the site (specifically the login pages for the forum and the member only section) and I simply wanted to post a note so that folks dont fear their computers/browsers...or the TUG website was somehow compromised.

This is just the beginning of the move away from HTTP to a more secure web...and we will make plans to upgrade both the member only site and the forums to utilize a secure connection and thus eliminating the warnings and improving security altogether.

Thanks for taking the time to read my ramblings!  hope it answers any questions members might have if they are seeing the messages when visiting the forums or the member only page!


----------



## buildsmart

I had a pop up window say that I was infected by Malware  from Microsoft. The computer froze and asked that I click a link to get the virus removed. Its a scam. I just ahrd restarted my computer and when it started up again I ran a virus scan and nothing was there.


----------



## Makai Guy

buildsmart said:


> I had a pop up window say that I was infected by Malware  from Microsoft. The computer froze and asked that I click a link to get the virus removed. Its a scam. I just ahrd restarted my computer and when it started up again I ran a virus scan and nothing was there.


Yes, this is a well-known scam.  But it has nothing to do with the "insecure login" browser alerts Brian is talking about.

Did this happen while you were visiting TUG?


----------



## Larry M

TUGBrian said:


> Just a quick FYI on this, some recent updates to both firefox and chrome will now pop up a small warning either in the address bar or near the top of the page that say something like "page not secure" or "connection not secure".!



Kind of a nuisance to have to get an SSL certificate for a couple of hundred bucks every two years even though you don't handle money or have personally identifiable information on the site. I've got that issue on a few websites I maintain.

Fortunately, there are some new certificate authorities, like Let's Encrypt, that provide this as a free service.

Good luck!


----------



## TUGBrian

yea we are working with the host to try some other alternatives to paying for a full ssl certificate...its going to require an upgrade to our existing server though.

hard to believe we are still running on the same server for the forum since 2008!


----------



## rmfine

I own an online marketing company.  As of January 2017, if browsing with Chrome - Google is requiring all websites to have a SSL certificate. Those that don't will be identified as being unsafe. 

https://www.searchenginejournal.com/google-is-requiring-https-for-secure-data-in-chrome/183756/


----------



## Larry M

Yup, that's exactly what's happening. Google is bullying everyone into using SSL, whether security is needed or not. However, it is quite ironic that you can do a Google search for free SSL certificate providers and solve the problem neatly.


----------



## Makai Guy

I don't know about Chrome, but if you want FireFox to stop warning you of these "insecure" connections, do this:

Enter _*about:config*_ in the Address/URL bar.
Press the button to agree to be careful (if you haven't done this previously).
Enter _*insecure*_ in the Filter bar to limit display to just options containing 'insecure'.
Double-click on each of the following two options to toggle them between true and false.  Set them to *false*:
_*security.insecure_field_warning.contextual.enabled
security.insecure_password.ui.enabled*_
If you also want to enable autologging in without having to click on your username, while in the about:config editor:

Enter _*autofill*_ in the Search bar.
Double-click on _*signon.autofillForms.http*_ and toggle it to *true*.
NOTE: if any of the above options are not found, you can create them manually.  Right-click (control-click on Apple) an empty space in the option list.  Click New | Boolean.  Enter the option name and appropriate true/false value.


----------



## TUGBrian

we have completed the upgrade of the TUG2.COM members only site to utilize https...so now those of you visiting this site should no longer see this message within your browser.

we are still working on upgrading the forum site, its just taking a bit longer since this is a much older server/hardware/software than the tug2.com side is!


----------



## TUGBrian

also if you see any errors or have any problems navigating the tug2.com site, please email / pm me, or simply reply here so we can address it!


----------



## izzymail

Makai Guy said:


> Yes, this is a well-known scam.  But it has nothing to do with the "insecure login" browser alerts Brian is talking about.
> 
> Did this happen while you were visiting TUG?


Just FYI, a week or so ago I left a TUG forum up on my desktop and got this bogus virus screen as well until I killed the browser. Could be a coincidence but I have not had that happen before on that particular PC.


----------



## TUGBrian

would really have no activity to or from the site if you just left the forum open in a browser.


----------



## rfc0001

It's worth noting all pages on the forum are over http including the login page, which means if you are logging in from a public Wi-Fi your username and password are completely clear text for anyone sniffing the traffic (which is trivial to do).  Bottom line: don't reuse your username and password used on TUG forum on other websites and you should enable Two-Step Authentication to prevent unauthorized access and protect personal information.


----------



## TUGBrian

as mentioned in the other thread, we are in the process of converting the .net and bbs sites to use HTTPS.

but as also mentioned, this is the same level of security that has existed since the forum began...its no more or less secure than it was yesterday.  care should always be taken when browsing the web on public wifi networks...and id never suggest visiting any site that contains personal information for sure!  but if you must, please be sure the login and password as mentioned above is one you dont use for anything else!

browsing TUG from your home, or work, or any other secure/private network is not impacted by this as the chances of someone accessing the traffic between your home/work computer and the sites you are browsing is very very low.


----------



## TUGBrian

http://www.tugbbs.com/forums/index.php?posts/2060389/


----------

