Date   

moderated Re: safari warns groups.io certificate expired, site "may be impersonating" groups.io etc. #misc

 

Ok. I will answer messages like this offlist from hereon in. Thanks.
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: safari warns groups.io certificate expired, site "may be impersonating" groups.io etc. #misc

Donald Hellen
 

J_Catlady . . .

On Sat, 30 May 2020 17:57:38 -0700, "J_Catlady"
<j.olivia.catlady@gmail.com> wrote:

Any advice? Feel free to message me offlist if this is not relevant to most people here.
Are you unable to upgrade the operating system?

If you can't, you're in the same boat as those still Running Windows
XP. You won't have the security updates to keep you safe.

Donald


----------------------------------------------------
Some ham radio groups you may be interested in:
https://groups.io/g/ICOM
https://groups.io/g/Ham-Antennas
https://groups.io/g/HamRadioHelp


moderated Re: safari warns groups.io certificate expired, site "may be impersonating" groups.io etc. #misc

 

Ok. From Mark's link, it seems like the problem may be my old computer etc:

"Devices that received security updates after mid 2015 should have the modern USERTrust RSA Certification Authority root certificate (valid until Jan 2038) in their operating system or browser truststores and should be largely unaffected.

Legacy devices that have not received updates to support newer roots will also likely to be missing other essential security updates and support for standards required by the modern Internet. We strongly encourage decommissioning these devices if their software cannot be upgraded. Non-upgraded, legacy devices should never be exposed to the Internet and special mitigations should be applied to isolate them from neighbor systems."

Any advice? Feel free to message me offlist if this is not relevant to most people here.


--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: safari warns groups.io certificate expired, site "may be impersonating" groups.io etc. #misc

Christopher Warrington
 

On 2020-05-30 at 3:01:17 PM, Mark Fletcher <markf@corp.groups.io> wrote:

I'm unable to duplicate this, and the .groups.io certificate
doesn't expire until September 9th. Is anyone else seeing this?
It looks like the Groups.io cert is cross-signed with the AddTrust
root that expired at 2020-05-30 10:48Z. [1]

Modern TLS clients don't have trouble with this cert because the
USERTRUST root hasn't expired yet.

Time for a newer cert without this root?


openssl s_client -connect groups.io:443
CONNECTED(00000004)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = FR, ST = Paris, L = Paris, O = Gandi, CN = Gandi Standard SSL CA 2
verify return:1
depth=0 OU = Domain Control Validated, OU = Gandi Standard Wildcard SSL, CN = *.groups.io
verify return:1
---
Certificate chain
0 s:OU = Domain Control Validated, OU = Gandi Standard Wildcard SSL, CN = *.groups.io
i:C = FR, ST = Paris, L = Paris, O = Gandi, CN = Gandi Standard SSL CA 2
1 s:C = FR, ST = Paris, L = Paris, O = Gandi, CN = Gandi Standard SSL CA 2
i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
2 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
3 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
---
<SNIP>

[1]: https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020

--
Christopher Warrington <lists@cw.codes>


moderated Re: safari warns groups.io certificate expired, site "may be impersonating" groups.io etc. #misc

 

On Sat, May 30, 2020 at 4:52 PM J_Catlady <j.olivia.catlady@...> wrote:
Duane, could you get the info from the person on GMF about what they're running, etc?

I think this is maybe the issue:



I am away from the computer for the next few hours, so I can't research it any more. When I'm back I will see if there's anything on my end that we can do.


Mark
 


moderated Re: safari warns groups.io certificate expired, site "may be impersonating" groups.io etc. #misc

Joseph Hudson
 

No problems on my Mac running safari.

On May 30, 2020, at 5:01 PM, Mark Fletcher <markf@corp.groups.io> wrote:

I'm unable to duplicate this, and the .groups.io certificate doesn't expire until September 9th. Is anyone else seeing this?

Thanks, Mark


moderated Re: safari warns groups.io certificate expired, site "may be impersonating" groups.io etc. #misc

 

Duane, could you get the info from the person on GMF about what they're running, etc?
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: safari warns groups.io certificate expired, site "may be impersonating" groups.io etc. #misc

 

On Sat, May 30, 2020 at 04:47 PM, Larry Finch wrote:
Your Safari is very old. The current version is 13.1.1, so try updating it.
It seems no updates are available. Maybe because my Mac is very old as well? (Macbook Pro, Retina, 13 inch, early 2015) Or because I'm still running El Capitan (10.18.6)? I was warned not to install Catalina. Maybe that was bad advice?
 
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: safari warns groups.io certificate expired, site "may be impersonating" groups.io etc. #misc

Larry Finch
 

Your Safari is very old. The current version is 13.1.1, so try updating it.

On Sat, May 30, 2020 at 7:29 PM J_Catlady <j.olivia.catlady@...> wrote:
This is my safari: Version 11.1.2 (11605.3.8.1)
Should I worry? It has a little lock symbol and then it says:
This Connection is Not Private. This website may be impersonating "groups.io" to steal your personal or financial information. You should go back to the previous page.

Then you can click on "Go Back" or "Show Details." When I click on Show Details, it says

Safari warns you when a website has an expired certificate. This website's certificate expired 1 day ago. This may happen if the website is misconfigured, an attacker has compromised your connection, or your system clock is incorrect. Your system clock is set to Saturday, May 30, 2020. If this is not right, fixing the clock may address this warning.
To learn more, you can view the certificate. If you understand the risks involved, you can visit this website.
Oddly, I was unable to copy the text to paste it here. I had to type it in verbatim. I didn't click on either link above.
Should I worry???
Thanks.


Larry

--
Larry Finch

N 40° 53' 50"
W 74° 02' 55"


moderated Re: safari warns groups.io certificate expired, site "may be impersonating" groups.io etc. #misc

 

Thanks, Duane. At least I'm not alone, so am less worried that I've been hacked or something.


On Sat, May 30, 2020 at 4:33 PM Duane <txpigeon@...> wrote:
On Sat, May 30, 2020 at 05:01 PM, Mark Fletcher wrote:
Is anyone else seeing this?
Someone reported it on GMF, but didn't specify the browser, https://groups.io/g/GroupManagersForum/message/32051

Duane


--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: safari warns groups.io certificate expired, site "may be impersonating" groups.io etc. #misc

Duane
 

On Sat, May 30, 2020 at 05:01 PM, Mark Fletcher wrote:
Is anyone else seeing this?
Someone reported it on GMF, but didn't specify the browser, https://groups.io/g/GroupManagersForum/message/32051

Duane


moderated Re: safari warns groups.io certificate expired, site "may be impersonating" groups.io etc. #misc

 

This is my safari: Version 11.1.2 (11605.3.8.1)
Should I worry? It has a little lock symbol and then it says:
This Connection is Not Private. This website may be impersonating "groups.io" to steal your personal or financial information. You should go back to the previous page.

Then you can click on "Go Back" or "Show Details." When I click on Show Details, it says

Safari warns you when a website has an expired certificate. This website's certificate expired 1 day ago. This may happen if the website is misconfigured, an attacker has compromised your connection, or your system clock is incorrect. Your system clock is set to Saturday, May 30, 2020. If this is not right, fixing the clock may address this warning.
To learn more, you can view the certificate. If you understand the risks involved, you can visit this website.
Oddly, I was unable to copy the text to paste it here. I had to type it in verbatim. I didn't click on either link above.
Should I worry???
Thanks.

--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: safari warns groups.io certificate expired, site "may be impersonating" groups.io etc. #misc

Glenn Glazer
 

On 5/30/2020 15:01, Mark Fletcher wrote:

I'm unable to duplicate this, and the .groups.io certificate doesn't expire until September 9th. Is anyone else seeing this?

Thanks, Mark


I cannot repro.

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15

Best,

Glenn
"Yes, but does Gecko like KHTML?" -me, at work. I have a colleague whose nickname is Gecko (after the animal).

--
PG&E Delenda Est

Virus-free. www.avast.com


moderated Re: safari warns groups.io certificate expired, site "may be impersonating" groups.io etc. #misc

 

I'm unable to duplicate this, and the .groups.io certificate doesn't expire until September 9th. Is anyone else seeing this?

Thanks, Mark


moderated Re: safari warns groups.io certificate expired, site "may be impersonating" groups.io etc. #misc

 

“Log on” was the wrong term. I meant “visit the site,” whether I log on or not.


On May 30, 2020, at 2:56 PM, J_Catlady via groups.io <j.olivia.catlady@...> wrote:

I can log into groups.io on firefox today but not safari, which warns me that the site "may be impersonating" groups.io and has certificate that "expired 1 day ago." Just a heads up.
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated safari warns groups.io certificate expired, site "may be impersonating" groups.io etc. #misc

 

I can log into groups.io on firefox today but not safari, which warns me that the site "may be impersonating" groups.io and has certificate that "expired 1 day ago." Just a heads up.
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Groups.io upper left graphic should always be clickable #bug #fixed

 

If a user is NOT logged in but is at a group page, such as https://beta.groups.io/g/main, the "Groups.io" logo at the upper left is not clickable. It always seems clickable for logged-in users (at least on the pages I tried), and there are some pages where not-logged-in users can click it, but not all of them. It should link to https://groups.io on every page.

JohnF


moderated Re: Add Phone format to Multiple Choice field in database #suggestion

Bruce Bowman
 

On Sat, May 30, 2020 at 11:30 AM, CoProS Moderator wrote:
Just curious if a phone field and format (###-###-####) could be added to the multiple-choice "type" of the database?

Such a format does not allow for a country code and would generally fail to support international use. 

Ref: https://en.wikipedia.org/wiki/National_conventions_for_writing_telephone_numbers

Regards,
Bruce


moderated Re: #suggestion Need Ability to Post or Reply to Group as Owner #suggestion

 

I agree that this would be really useful. I've hacked around the lack by creating a "group xyz owner" email address and account, but in order to use it to post I have to log out of my regular account, log into the other one, post from it, log out again, and log back into my regular account.
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated #suggestion Need Ability to Post or Reply to Group as Owner #suggestion

Jeremy H
 

It should be possible (actually, I would say it is necessary to be able) to post a message - either as a New Topic or Reply - as and from the Group Owner (Owner e-mail address) (clearly identifiable as such), i.e.  for the message to arrive from 'Group Owner <Group+Owner@groups.io>' .

For any such message - given its likely object - I would want it to be very clear that it is from the Group Owner as such, and not me (who happens to be owner).

At present, while it is possible to post a New Topic using the owner e-mail (but it arrives with my display name), it is not possible to reply 'from' the owner e-mail.

Jeremy

4281 - 4300 of 29204