• The TUGBBS forums are completely free and open to the public and exist as the absolute best place for owners to get help and advice about their timeshares for more than 27 years!

    Join tens of thousands of other owners just like you here to get any and all Timeshare questions answered!
  • TUG is asking for recent reviews of older resorts, earn a free year membership!

    Read more here
  • TUG has now saved timeshare owners more than $18,000,000 dollars just by finding us in time to rescind a new Timeshare purchase! A truly incredible milestone!

    Read more here: TUG saves owners more than $18 Million dollars
  • Follow the TUG Member Banner as it travels the world on vacation with Timeshare owners! Also sign up to get the banner sent to you so you can submit a photo of your vacation with the banner to share with TUG! Banner Thread
  • Sign up to get the TUG Newsletter for free! Join tens of thousands of other owners who get this every week! Latest resort reviews and the most important topics discussed by owners during the week!
  • Our official "end my sales presentation early" T-shirts are available again! Also come with the option for a free membership extension with purchase to offset the cost!

    Read more Here
  • A few of the most common links here on the forums for newbies and guests!

"Connection is not Secure" - message some of you may see in some web browsers

TUGBrian

Administrator
Joined
Mar 24, 2006
Messages
19,310
Reaction score
4,601
Points
899
Location
Florida
Just a quick FYI on this, some recent updates to both firefox and chrome will now pop up a small warning either in the address bar or near the top of the page that say something like "page not secure" or "connection not secure".

Rest assured, nothing on the TUG side has changed and TUG pages are no less (or no more) secure than they have always been.

This is merely a new implementation for some web browsers to further inform end users when a connection is secure or not.

We have gotten a few emails from members questioning the new warnings when they browse the site (specifically the login pages for the forum and the member only section) and I simply wanted to post a note so that folks dont fear their computers/browsers...or the TUG website was somehow compromised.

This is just the beginning of the move away from HTTP to a more secure web...and we will make plans to upgrade both the member only site and the forums to utilize a secure connection and thus eliminating the warnings and improving security altogether.

Thanks for taking the time to read my ramblings! hope it answers any questions members might have if they are seeing the messages when visiting the forums or the member only page!
 

buildsmart

TUG Member
Joined
Mar 30, 2015
Messages
35
Reaction score
0
Points
116
Location
Rockville Maryland
I had a pop up window say that I was infected by Malware from Microsoft. The computer froze and asked that I click a link to get the virus removed. Its a scam. I just ahrd restarted my computer and when it started up again I ran a virus scan and nothing was there.
 

Makai Guy

Administrator
Joined
Jun 3, 2004
Messages
4,376
Reaction score
1,122
Points
649
Location
Aiken, SC, USA
Resorts Owned
Spicebush (Hilton Head Island)
I had a pop up window say that I was infected by Malware from Microsoft. The computer froze and asked that I click a link to get the virus removed. Its a scam. I just ahrd restarted my computer and when it started up again I ran a virus scan and nothing was there.
Yes, this is a well-known scam. But it has nothing to do with the "insecure login" browser alerts Brian is talking about.

Did this happen while you were visiting TUG?
 

Larry M

TUG Member
Joined
Jan 23, 2012
Messages
256
Reaction score
99
Points
138
Location
Raleigh, NC
Just a quick FYI on this, some recent updates to both firefox and chrome will now pop up a small warning either in the address bar or near the top of the page that say something like "page not secure" or "connection not secure".!
Kind of a nuisance to have to get an SSL certificate for a couple of hundred bucks every two years even though you don't handle money or have personally identifiable information on the site. I've got that issue on a few websites I maintain.

Fortunately, there are some new certificate authorities, like Let's Encrypt, that provide this as a free service.

Good luck!
 

TUGBrian

Administrator
Joined
Mar 24, 2006
Messages
19,310
Reaction score
4,601
Points
899
Location
Florida
yea we are working with the host to try some other alternatives to paying for a full ssl certificate...its going to require an upgrade to our existing server though.

hard to believe we are still running on the same server for the forum since 2008!
 

Larry M

TUG Member
Joined
Jan 23, 2012
Messages
256
Reaction score
99
Points
138
Location
Raleigh, NC
Yup, that's exactly what's happening. Google is bullying everyone into using SSL, whether security is needed or not. However, it is quite ironic that you can do a Google search for free SSL certificate providers and solve the problem neatly.
 

Makai Guy

Administrator
Joined
Jun 3, 2004
Messages
4,376
Reaction score
1,122
Points
649
Location
Aiken, SC, USA
Resorts Owned
Spicebush (Hilton Head Island)
I don't know about Chrome, but if you want FireFox to stop warning you of these "insecure" connections, do this:
  • Enter about:config in the Address/URL bar.
  • Press the button to agree to be careful (if you haven't done this previously).
  • Enter insecure in the Filter bar to limit display to just options containing 'insecure'.
  • Double-click on each of the following two options to toggle them between true and false. Set them to false:
    security.insecure_field_warning.contextual.enabled
    security.insecure_password.ui.enabled
If you also want to enable autologging in without having to click on your username, while in the about:config editor:
  • Enter autofill in the Search bar.
  • Double-click on signon.autofillForms.http and toggle it to true.
NOTE: if any of the above options are not found, you can create them manually. Right-click (control-click on Apple) an empty space in the option list. Click New | Boolean. Enter the option name and appropriate true/false value.
 
Last edited:

TUGBrian

Administrator
Joined
Mar 24, 2006
Messages
19,310
Reaction score
4,601
Points
899
Location
Florida
we have completed the upgrade of the TUG2.COM members only site to utilize https...so now those of you visiting this site should no longer see this message within your browser.

we are still working on upgrading the forum site, its just taking a bit longer since this is a much older server/hardware/software than the tug2.com side is!
 

TUGBrian

Administrator
Joined
Mar 24, 2006
Messages
19,310
Reaction score
4,601
Points
899
Location
Florida
also if you see any errors or have any problems navigating the tug2.com site, please email / pm me, or simply reply here so we can address it!
 

izzymail

Guest
Joined
Sep 14, 2017
Messages
82
Reaction score
62
Points
28
Yes, this is a well-known scam. But it has nothing to do with the "insecure login" browser alerts Brian is talking about.

Did this happen while you were visiting TUG?
Just FYI, a week or so ago I left a TUG forum up on my desktop and got this bogus virus screen as well until I killed the browser. Could be a coincidence but I have not had that happen before on that particular PC.
 

TUGBrian

Administrator
Joined
Mar 24, 2006
Messages
19,310
Reaction score
4,601
Points
899
Location
Florida
would really have no activity to or from the site if you just left the forum open in a browser.
 

rfc0001

TUG Member
Joined
Jul 30, 2013
Messages
1,180
Reaction score
28
Points
158
Resorts Owned
DVC: SSR, PVB
HGVC: Kings' Land, Ocean Tower
It's worth noting all pages on the forum are over http including the login page, which means if you are logging in from a public Wi-Fi your username and password are completely clear text for anyone sniffing the traffic (which is trivial to do). Bottom line: don't reuse your username and password used on TUG forum on other websites and you should enable Two-Step Authentication to prevent unauthorized access and protect personal information.
 

TUGBrian

Administrator
Joined
Mar 24, 2006
Messages
19,310
Reaction score
4,601
Points
899
Location
Florida
as mentioned in the other thread, we are in the process of converting the .net and bbs sites to use HTTPS.

but as also mentioned, this is the same level of security that has existed since the forum began...its no more or less secure than it was yesterday. care should always be taken when browsing the web on public wifi networks...and id never suggest visiting any site that contains personal information for sure! but if you must, please be sure the login and password as mentioned above is one you dont use for anything else!

browsing TUG from your home, or work, or any other secure/private network is not impacted by this as the chances of someone accessing the traffic between your home/work computer and the sites you are browsing is very very low.
 

TUGBrian

Administrator
Joined
Mar 24, 2006
Messages
19,310
Reaction score
4,601
Points
899
Location
Florida
Top