CyberLink Community Forum
where the experts meet
| Advanced Search >
Cyber-link not a secured site
Reply to this topic
will_s [Avatar]
Member Private Message Joined: Oct 18, 2015 05:43 Messages: 65 Offline
[Post New]
Just put PD16 back on and when I go to update "Chrome" gives me a message that this is not a secured site and people may steal passwords etc.

So is Cyberlink to lazy to get the Security Certificate ?
Reply
will_s [Avatar]
Member Private Message Joined: Oct 18, 2015 05:43 Messages: 65 Offline
[Post New]
Quote Just put PD16 back on and when I go to update "Chrome" gives me a message that this is not a secured site and people may steal passwords etc.

So is Cyberlink to lazy to get the Security Certificate ?



well thing is if they cant be bothered fixing this then how can you trust that the programs wont have security flaws in them ?

Cyberlink, this is not a good look
Reply
ynotfish
Senior Contributor Private Message Location: N.S.W. Australia Joined: May 08, 2009 02:06 Messages: 9921 Offline
[Post New]
Hi will_s -

But the Cyberlink webpage for updates is https://www.cyberlink.com/support/product-update.do?t=update&locale=en_GB&lang=en_GB

https = Hypertext Transfer Protocol Secure

Here's CyberLink's Privacy Policy

My Trend Micro Maximum Security has never raised any alerts with CL webpages. What generated your alert?

Cheers - Tony
Visit PDtoots. PowerDirector Tutorials, tips, free resources & more. Subscribe!
Full linked Tutorial Catalog
PDtoots happily supports fellow PowerDirector users!
Reply
will_s [Avatar]
Member Private Message Joined: Oct 18, 2015 05:43 Messages: 65 Offline
[Post New]
Quote Hi will_s -

But the Cyberlink webpage for updates is https://www.cyberlink.com/support/product-update.do?t=update&locale=en_GB&lang=en_GB

https = Hypertext Transfer Protocol Secure

Here's CyberLink's Privacy Policy

My Trend Micro Maximum Security has never raised any alerts with CL webpages. What generated your alert?

Cheers - Tony




dont have a AV program and just rely on Microsofts included stuff.

and its a new install so not many things installed...actuallyjust put PD 16 back on

This message was edited 2 times. Last update was at Apr 22. 2018 05:05

Reply
will_s [Avatar]
Member Private Message Joined: Oct 18, 2015 05:43 Messages: 65 Offline
[Post New]
Quote
Quote Hi will_s -

But the Cyberlink webpage for updates is https://www.cyberlink.com/support/product-update.do?t=update&locale=en_GB&lang=en_GB

https = Hypertext Transfer Protocol Secure

Here's CyberLink's Privacy Policy

My Trend Micro Maximum Security has never raised any alerts with CL webpages. What generated your alert?

Cheers - Tony




dont have a AV program and just rely on Microsofts included stuff.

and its a new install so not many things installed...actuallyjust put PD 16 back on




What is a HTTPS certificate?
When you request a HTTPS connection to a webpage, the website will initially send its SSL certificate to your browser. This certificate contains the public key needed to begin the secure session. Based on this initial exchange, your browser and the website then initiate the 'SSL handshake'. The SSL handshake involves the generation of shared secrets to establish a uniquely secure connection between yourself and the website.
When a trusted SSL Digital Certificate is used during a HTTPS connection, users will see a padlock icon in the browser address bar. When an Extended Validation Certificate is installed on a web site, the address bar will turn green.
Reply
[Post New]
The URL in your attached picture has a certificate from Symantec.
Google does not trust Symantec certificated any longer. Thats the reason, why you get a security fault.
You dont get it neither with FireFox nor Edge.

https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html

Hatti Win 10 64, i7-4790k, 32GB Ram, 256 GB SSD, SATA 2TB, SATA 4TB, NVidia GTX1080 8GB, LG 34" 4K Wide, AOC 24" 1080
Reply
ynotfish
Senior Contributor Private Message Location: N.S.W. Australia Joined: May 08, 2009 02:06 Messages: 9921 Offline
[Post New]
Hi will_s -

Perhaps this screen capture will put your mind at rest and provide some security. It shows the CL site accessed via Google Chrome, Microsoft Edge & Mozilla Firefox. Each browser shows it as a secure site verified by COMODO CA Limited.



Cheers - Tony
Visit PDtoots. PowerDirector Tutorials, tips, free resources & more. Subscribe!
Full linked Tutorial Catalog
PDtoots happily supports fellow PowerDirector users!
Reply
will_s [Avatar]
Member Private Message Joined: Oct 18, 2015 05:43 Messages: 65 Offline
[Post New]
Quote The URL in your attached picture has a certificate from Symantec.
Google does not trust Symantec certificated any longer. Thats the reason, why you get a security fault.
You dont get it neither with FireFox nor Edge.

https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html

Hatti



I am not worried but just curious as to why one of the biggest software providers dont trust Symantec. One could say that if they dont trust them then why should I ?

Might do a google : and find out why

edit:

interesting as this is from a year ago

Remediation is hard
The good thing about Google's timeline is that it gives administrators time to identify impacted certificates and make plans to replace them. Even so, replacing certificates and keys on a mass scale is time-consuming and arduous, as it's often a manual process. And—if history is any guide—it hasn’t always been very successful. The U.S. federal government gave itself a mandate to switch all federal websites to HTTPS, and did not meet the deadline. Organizations struggled to fully remediate Heartbleed. Enterprises find it hard to issue, replace, and recover from security incidents involving keys and certificates, Bocek said.
Google’s decision “highlights how critical it is for businesses to be able to replace machine identities—keys and certificates used for SSL/TLS quickly,” Bocek said. “The largest global businesses with very sophisticated IT operations struggle to respond to an external event like this.”
Carry a big stick
Google’s Sleevi refers to the new rules as “remedies,” but let’s call them what they really are: punishments. Google has warned Symantec repeatedly about its shoddy practices regarding certificates, and now is using its control over the most widely used web browser as a stick to show Symantec what happens when CAs don’t follow the rules. Under Chrome’s Root Certificate Policy, root certificate authorities are expected to perform a number of critical functions, including properly ensuring that domain control validation is performed for server certificates, frequently auditing logs for evidence of unauthorized issuance, and protecting their infrastructure to minimize the possibility of fraudulent certificates being issued.
“Symantec allowed at least four parties access to their infrastructure in a way to cause certificate issuance, did not sufficiently oversee these capabilities as required and expected, and when presented with evidence of these organizations’ failure to abide to the appropriate standard of care, failed to disclose such information in a timely manner or to identify the significance of the issues reported to them,” Sleevi wrote.
Mis-issued certificates pose a critical threat to pretty much everyone on the internet because the certificate holders can impersonate legitimate sites and monitor communications sent to and from legitimate servers.
Symantec could have possibly salvaged the situation if not for the way the CA handled the investigation. Sleevi accused the CA of not proactively disclosing the issues after it discovered them, not providing timely updates, and not providing details necessary to assess the significance of the problem “until they had been specifically questioned.” The proposed fixes also weren't enough.

This message was edited 1 time. Last update was at Apr 22. 2018 21:09

Reply
Reply to this topic
Powered by JForum 2.1.8 © JForum Team