Security Certificate has expired

[lloydsp]

Well, it's back.  I guess he finally had time to look.

11 days!  Sigh...

Lloyd

[Dragonfly]

Never went deeper into what a certificate is and how it eventually can protect me. Regarded it more as a scheme for someone to make easy money.
Here's a quote from the news:

Elon Musk tweeted that the widespread Starlink outage was caused by an "expired ground station cert." He said, "We’re scrubbing the system for other single-point vulnerabilities."

[pixelmaker]

Hello
A certificate is necessary to encrypt data on the Internet. If I want to transfer access data in a secure way, I have them encrypted. So that the remote terminal can do something with the access data, it must be decrypted again. The certificate from a registered authority only ensures that the participants are who they say they are.

Here on the CamBam website there are only the access data that are encrypted. And it is prevented that someone introduces manipulated data that infect the computer of a user. These are not big dangers. A light certificate is enough, you can get it for free.

By the way, news spreads a lot of nonsense. The people who write and read it have no idea about it themselves.
The certificate from spaceex-starlink was not renewed for a time frame of 105 minutes and therefore failed for that time.
"between 23:45 UTC April 7 to 01:30 UTC April 8."
If a certificate fails, this is not dangerous at first, because all parties involved know that no "secure connection" is established. 
However, professional users who rely on encrypted data cannot work during this time. But they always have redundant connections, so that a failure of one connection does not cause any damage.

ralf

[lloydsp]

Yes, Ralf,
But most of us weren't concerned about Elon Musk's Starlink certificate, only the one here.  And THIS one remained expired for 11 days.

Lloyd

[airnocker]

Encrypted communication between your computer(s) and any Internet connected server, web servers being the most common, is essential for protecting anything transmitted and received between these devices, such as passwords, credit card information, etc.

This is achieved thru the use of a security communication protocol known as SSL (Secure Sockets Layer) and requires the host server to have installed a date and time stamped SSL certificate that is responsible for creating strong, encryption of all data sent between a host (web) server and client (end-user) computer.

Without SSL encrypted communication, as mentioned, everything you type and send (transmit) to a web server is in clear, plain and easy to read text, and is easy for a bad player to eavesdrop on all data (text) transmitted and/or received by your computer.

Overriding secure communication of a web browser is never a good idea and is akin to leaving your wallet full of money and credit cards unguarded when you are out in public, well traffic areas.

[pixelmaker]

That is all correct. But we are on the CamBam website and not in a shop system. Even if someone were to capture my access data, they could only use it to write some nonsense in the forum. David will then have to delete it .
No sensitive data of mine is stored in the CamBam database.
An attack on my computer is also not possible via a stolen access to the CamBam website. I also do not use the access data on other websites.
So, one should not value it more than necessary.

ralf

[airnocker]

The primary take-away in the hazards of interacting with an unsecure website beyond eavesdropping, identity and password theft is that the website itself can also easily be hacked when in this state, and if such occurs the site itself can be compromised in numerous ways that can subvert those who interact with it.  These include redirection to a malicious website that is parading as something else and that well may mirror the appearance of the hacked site, drive-by downloads of malicious software performed without the users knowledge or consent, MITM or man in the middle attacks, identity theft.

Glad to hear you are well protected.