Registration Problems - Security Problems - Might Want To Check This

FWIW, more than a few security flags fired off on registering, specifically verification, for the site. Invalid certificate problems, virus alerts on known unsafe site, redirects, tracker alerts, the works.

I think we all expect a cookie here or there, but this level of problem is not wise. Hopefully its accidental. Hence this post. To be clear, nothing appears overtly wrong on the main site, but all is not well with the verification link/service/provider (whatever).

Hope this helps!

-d

1 Like

Thanks D. We’ve flagged this with our team and are actively looking into it.

NikkiTMU + team

1 Like

Hello dafish,

We apologize that your experience didn’t meet expectations. We’re always working to improve our site so we can deliver a better experience for our users.

That being said would you mind sharing a bit more detail about what happened so we can better understand and address the issue? Specially for this part “Invalid certificate problems, virus alerts on known unsafe site, redirects, tracker alerts, the works.”

Thanks

2 Likes

I’ll PM you some details assuming I stumble into same.

1 Like

Sir, I’m either too junior or access to starting PM’s is restricted. It does appear I can receive same. If you want to/need to send me something off-line I’d be more explicit about what tools and OS’s are in play. In the interim I can share this openly:

This is explicitly about the link sent during the email verification process. It’s a guess, but I believe same is doing a re-direct to a third party service, and that redirect has a certificate that is either not in the correct name or is expired. Meanwhile at least one of my browsers or their security extensions are complaining that the 3rd party site is not safe (Likely from one of a few secure DNS services), and my AV is reporting unsafe tracking services/tools are being loaded/used by same.

A poorly managed certs not the end of the world,and sometimes sites get undeserved negative DNS reports sufficient to create problems. Combine all that and trigger an alert for tracking tools above and beyond simple cookies? Maybe less desirable, maybe worth a look.

At the same time some of the outer security layers aren’t objecting, so it’s not too likely an exploit is being attempted, and more likely I’m seeing a little sloppiness combined with a little too aggressive tracking/marketing attempts, and again seemingly from whomever is handling the verification link. Re this website proper I’m not getting anything objectionable. Mind you I’m not scanning it for holes/open exploits, so I’m not commenting on how tight it is/isn’t, simply saying I’m not picking up anything overtly objectionable from this website proper. Hopefully I’ve made some sense…

Course wth heck do I know, so…

atb
-d