On Sun, 4 May 2025 23:10:45 -0700, Tom Brennan wrote: >Clem posted the original link, so we can assume he has control over the >DNS name and the server contents. Do you trust Clem? I do. > I've never met Clem. I don't know what he looks like, Why should I trust someone who claims to be Clem. That's what certificates are for.
>Looks like Clem fixed the cert problem today, as Thomas mentioned. So >that should hopefully eliminate most of your concerns such as redirect >and malware, along with the .org guess. Ready to click yet? :) > Expired certificate? >It could be Clem set it up with a self-signed cert and put that cert in >the trusted store in his browser. That way when he tests himself, it >looks good. I've done that myself for local testing or for a small set >of users. These days I use ZeroSSL certs, even for testing. No more >hassles, no more evil red marks on the browser URL line. > I don't grok "self-signed". On Sun, 4 May 2025 23:23:06 -0700, Tom Brennan wrote: >Since it's still May 4th here in California, here's one that tells you >to go away even after you got there :) (server under my desk) >https://www.mildredbrennan.com/ > "still May 4th here"‽ What brand server are you using that doesn't know it's no longer May 4 inHerstmonceux? Probably Microsoft. Long after it was generally recognized as a Bad Idea they kept system clocks and file timestamps in local time (as does ISPF.) >On 5/4/2025 10:54 PM, David Cole wrote: >> Agreed (with Gil). There's a lot more dangers in bad websites than just >> credentials theft. >> >> If my browser says "don't go there", I won't. >> Three. Firefox, Safari, and curl. The one I tried is better now. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
