TLS Cert expired/Broadcastify Issues

[lynchy135]

There is a known workaround, change the date on your computer or your phone to 01/23/2022. This is a known work around until, broadcastify fixes the certificate issues.

This is not something that is recommended by anyone in cyber security. The better thing to do is to temporarily continue with the expired certificate and use that until the new one is replaced.

I am not sure how its done on Firefox, but on Chrome/Edge and Safari should allow you to proceed Chrome and Edge.

 

[K7MFC]

oof, another blight on an already spotty track record for this company. There is a pattern emerging of putting users at risk due to negligence.

 

[pkrawetz]

Seems someone let the site certificate laps and many features are not working. Can someone please fix this ASAP?

 

[w1haf]

Ditto here. The Security Certificate expired 02/25/2022 and none of the mobile apps or windows pages can connect. My feed that was already up an running on one of my computers is still active. I just can't log in with any of the ios apps or my other windows computers. Hopefully they will correct it soon. Thanks 73 Harrison W1HAF

 

[Auburn36801]

Chrome will work not Firefox.

 

[mtindor]

oof, another blight on an already spotty track record for this company. There is a pattern emerging of putting users at risk due to negligence.

Users might put themselves at risk, but the platform isn't. If I browse to www.broadcastify.com, it wants to use SSL and gives the cert mismatch (or worse, CF error). So, nobody gets to log and pass credentials unless they specifically try to circumvent/continue, assuming they can even continue. My Broadcastify Calls feed uploading mechanism will not currently talk with RR, and thus if it were passing my credentials over that (and it isn't) it's not going to anyway sincce it won't establish an SSL connection.

Don't know about anyone else, but I'm perfectly safe as long I don't do anything stupid. Please tell me how I am wrong.

 

[dward42586]

When trying to bring up Broadcastify on my pc, I get "Invalid Certificate" message. When I bypass my security system, the site is corrupted. However. I can listen to it over my phone. Do I need to do something on my pc to get broadcastify back?

 

[Reconrider]

The SSL certificate is invalidated after yesterdays date. Have to wait for somebody to wake up and renew it on the backend.

While you wait, go outside and play in the snow, or mud - or both?

 

[dward42586]

That's what I thought. Just sleet here. Hoping for mud soon. Thanks for reply.

 

[Auburn36801]

Filled a support ticket with Broadcastifity Support as Urgent. Ticket # 38865.

 

[K7MFC]

Users might put themselves at risk, but the platform isn't.

There's another category of risks that are associated with an expired certificate that does affect the platform, and they're not actually directly related to security. When a big website let's a certificate expire, there is a pretty big trust withdrawal from the users. Even if an expired cert on a website doesn't yield any security incidents, the big scary warning browsers present users essentially broadcasts to the internet that security isn't a priority for this site. It's possible that is not an accurate description, but it doesn't matter. Perception is reality, and everyone is seeing the big old security warning attached to their site. This can lead to an immediate drop in sales and/or cut off other revenue-generating things like ads. This effect can be felt short term until the issue is resolved, and can also be long term if the brand's credibility is severely eroded.

Remember how this site was hacked a couple years ago, and minimum of 25% of users' passwords were compromised? That happened because they were knowingly using a weak algorithm to hash the passwords. RadioReference was reactive, not proactive, in ensuring it's users were safe - they only began using more secure password storage because they got caught with their pants down, figuratively. And again here we are, RadioReference is demonstrating that they are still reactive and not proactive with their platform's security.

Use these and other past security incidents here to determine you own level of trust with this website.

 

[ervfc288]

Thank you to the moderates for pointing me over here. Normally a pointer is left behind when a thread is moved or some type of notification is made. I thought my post was just removed.

 

[vagrant]

Mardi Gras > cert renewal. Things can get freaky in the French Quarter. Good times.

 

[fxdscon]

Use these and other past security incidents here to determine you own level of trust with this website.

If this site is such a security risk as you claim and are advising others, why are you still visiting/posting here?

 

[K7MFC]

If this site is such a security risk as you claim and are advising others, why are you still visiting/posting here?

Because I like the content here. I've assessed the risks and I take measures to ensure I'm doing what I can to be secure: strong password not repeated on any other site, usage of tools that block potentially malicious traffic, and I do not click thru to sites that have expired certs if I'm going to log in, make payments, etc. I do this for every site I use heavily, not just this one.

And the claims being made are not opinion based. I'm citing actual security incidents that have occurred here, not theoretical possibilities. I'm critical because I like this site and want it to do better.

 

[Outerdog]

Putting aside the security boogeymen for a moment, here is some technical background on the problem.

TLS certificate lifespan cut short: A win for security, or cause for chaos?

Experts say organizations will need to put in some effort to cope with the change, but web security should benefit

portswigger.net

Also, the problem with Broadcastify is now resolved. We are all still alive.

 

[fxdscon]

Because I like the content here. I've assessed the risks here and I take measures to ensure I'm doing what I can to be secure: strong password not repeated on any other site, usage of tools that block potentially malicious traffic, and do not click thru to sites that have expired certs if I'm going to log in, make payments, etc. I do this for every site I use heavily, not just this one.

Andy claims are not really opinion based, I'm citing actual incidents that have occurred here, not theoretical possibilities.

-
I see.

You must be of the opinion that you are the only one that assesses risks and takes appropriate precautions on this or any other website.

 

[K7MFC]

You must be of the opinion that you are the only one that assesses risks and takes appropriate precautions on this or any other website.

No, of course not. What lead you to that conclusion?

 

[Pezking]

This is pretty amateur for a website that has paid staffers.

 

[K7MFC]

This is pretty amateur for a website that has paid staffers.

Especially when the Certificate Authority they use, DigiCert, offers tools to automatically renew! I know we're all armchair quarterbacking here, but I've been in those IT post-mortem/root cause analysis discussions about service interruptions due to an expired SSL certificate on websites I helped maintain. There's always finger pointing and blame game, but in the end we all agreed that something so simple like remembering a calendar date was an absolutely unacceptable reason to have any level of service interruption to users and so prominently air our dirty laundry.