Author Topic: Security access for DIY  (Read 1833 times)

Security access for DIY
« on: 07 July, 2022, 07:28:04 am »
I've just tried to enter a DIY and when I try to enter details from the AUK Website I get this:

 "Your connection is not private
Attackers might be trying to steal your information from www.aukweb.net (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_DATE_INVALID"

I'm therefore unable to enter, is anybody else experiencing this?

Ian

Re: Security access for DIY
« Reply #1 on: 07 July, 2022, 07:45:41 am »
I've had that with YACF I suspect a certificate from the website has expired

Re: Security access for DIY
« Reply #2 on: 07 July, 2022, 07:45:58 am »
I noticed this when looking at the results pages on https://www.aukweb.net/ yesterday. It means the security certificate for that domain has expired and AUK boffins will need to renew, but you should still be able to proceed, possibly depending on what browser you use (on my iPhone using Safari I can click details from the warning page and then visit this website at the bottom).

bhoot

  • MemSec (ex-Mrs RRtY)
Re: Security access for DIY
« Reply #3 on: 07 July, 2022, 08:41:36 am »
The relevant people are now aware and it's in hand, hopefully fixed soon. It is the aukweb.net certificate only, audax.uk is fine, so all other event entries will be ok, just DIYs and organiser functions that are affected.

bhoot

  • MemSec (ex-Mrs RRtY)
Re: Security access for DIY
« Reply #4 on: 07 July, 2022, 08:50:26 am »
For results you can use Audax.uk, the same data is available there.

bhoot

  • MemSec (ex-Mrs RRtY)
Re: Security access for DIY
« Reply #5 on: 07 July, 2022, 12:09:03 pm »
Should be fixed now

Re: Security access for DIY
« Reply #6 on: 07 July, 2022, 09:29:43 pm »
 :) :) :)

bhoot

  • MemSec (ex-Mrs RRtY)
Re: Security access for DIY
« Reply #7 on: 08 July, 2022, 11:50:41 am »
Sorry spoke too soon! Had a report of it being ok but I guess it was from someone using an http link rather than https.
If your browser allows you can go to the "non secure" version of the URL.
It also seems to have affected the event/medal images and the tracks and route files, these are currently not available in the events detail page.

Re: Security access for DIY
« Reply #8 on: 08 July, 2022, 03:41:23 pm »
I managed this morning despite it still "not working" Chrome let me go the unsecured way after a bit of faffing.

Re: Security access for DIY
« Reply #9 on: 08 July, 2022, 09:07:05 pm »
I also submitted a DIY for tomorrow using the unsecured way and received a copy of the standard email issued to my selected regional organiser.   Fingers crossed, 5am start.

Wycombewheeler

  • PBP-2019 LEL-2022
Re: Security access for DIY
« Reply #10 on: 09 July, 2022, 11:26:50 pm »
I entered one on Wednesday,  just clicked to accept going to the dangerous site.

Didn't get an error message when submitting the track this morning,  so assume it's all fixed.

Although if I was working on the issue and someone referred to me as a "boffin"  it might have added some time to the process.

Eddington  127miles, 170km

Re: Security access for DIY
« Reply #11 on: 10 July, 2022, 11:48:34 am »
For me it seemed to go as well when I entered my DIY on friday

Re: Security access for DIY
« Reply #12 on: 10 July, 2022, 11:52:42 am »
Uploading the track worked fine, the routevalidator doesn't work.

Re: Security access for DIY
« Reply #13 on: 11 July, 2022, 10:03:25 am »
Routevalidator still not working.  However if you want to check if there are any potential issues with the ride: 

- go back to your original entry email, and click on the routevalidator link

- should show a page which gives the option to directly input the original file (as sent on your entry form) and then your track file
Sunshine approaching from the South.

First time in 1,000 years.

Kim

  • Timelord
    • Fediverse
Re: Security access for DIY
« Reply #14 on: 11 July, 2022, 10:22:15 am »
On a related note, what's happened to ECEs?  I'm sure when I entered an ECE by GPS mandatory route back in April, it worked like a DIY - upload the proposed track, it sends you a link to upload the recorded track after you've ridden it, which automagically shows you the routevalidator output.  But when I entered one a couple of weeks back, it didn't really acknowledge the upload, and sent me a generic email saying the type was 'paperless', and that I should email the proof-of-passage to the organiser.

Re: Security access for DIY
« Reply #15 on: 11 July, 2022, 12:54:17 pm »
For ECEs, I've just been emailing the completed ride to the ECE organiser, off the back of the generic email that is sent out.

It's not as slick as it used to be, but it works.

Eddington: 133 miles    Max square: 43x43

Kim

  • Timelord
    • Fediverse
Re: Security access for DIY
« Reply #16 on: 11 July, 2022, 12:56:19 pm »
Yeah, it worked okay, though the lack of confirmation that I'd done the right thing until the organiser got round to validating the ride was unnerving.

Presumably this change is a result of migration to the new site, and DIYs will be going the same way in due course?

Re: Security access for DIY
« Reply #17 on: 11 July, 2022, 06:29:15 pm »
Problem with route validator is same cause as all the other problems. Expired SSL cert for aukweb.net.