It’s been fixed now. It was a time-expired certificate.
In Firefox you can create an exception but Chrome doesn’t allow it.
I’m getting issues today (started mid morning)
Showing as “Not secure” on the address bar, and also had the annoying chrome warning a couple of times.
I care because many social engineering attacks are based on impersonation. Social engineering attacks are one of the most important starting points for hacking.
Aren’t those done mostly by email or IM?
Example: you see that somebody is posting pics somewhere whose EXIF reveals they were taken with a Nikon D800 camera, so you email them saying there is a new firmware for their D800 camera, and trick them into downloading a self-extracting installer 
Etc. I once got a Cisco “penetration specialist” to try to hack my peter2000.co.uk website and while he could not he did tell me of a few common social engineering exploits like that.
That is one reason why FB etc strip off EXIF; the other is anti stalking (GPS location etc). Also this strips off copyright messages which is equally important to FB
And with an ADSL router anybody can get the model #, without you having to post pics anywhere.
The new certificate is installed and the site will redirect all requests to HTTPS now. There are a few protocol improvements still to be made, but they require other updates which are still in the pipeline.
Peter wrote:
Sure you can be, but who cares? Hey, somebody could spoof me on EuroGA. Might be an improvement
I care because many social engineering attacks are based on impersonation. Social engineering attacks are one of the most important starting points for hacking.
Is there a plan to update the certificate?
Yes; David posted above on this, in post #6.
A good site for checking how your certificate will be seen and how good the protocol support is for an HTTPS site is, and what browsers will work is:
All of which I accept, but it is a pain having the warnings. Is there a plan to update the certificate?
But the browser can hardly know that, can it?
That’s what I meant by “arrogance” of browser vendors. They behave as if everybody was accessing high-privacy stuff. I don’t mind so long as there is a switch for disabling this, but there probably won’t be.
As I said, there are many little websites all over the web which carry highly informative stuff, and many of them are run by people who are no longer maintaining the website (got a life, died, etc).
Not everybody is accessing just Paypal etc.
You can be intercepted if you use a public WiFi-network.
Sure you can be, but who cares? Hey, somebody could spoof me on EuroGA. Might be an improvement
Peter wrote:
And interception by non-State enemies is nontrivial. Basically somebody needs to hook up into your telephone cable, or be working at your ISP. Or hook into your telephone signal (probably even more nontrivial).
You can be intercepted if you use a public WiFi-network. Also, some attacks don’t need any “direct” access to your connection. On example is the DNS spoofing attack that I mentioned. On the other hand, I agree that a web site such as EuroGA would not a primary target. But the browser can hardly know that, can it?
