Tuesday, April 30, 2019

WHALEOIL

I seldom visit 'Whaleoil' nowadays but I saw on No Minister's sidebar the promo for their latest post predicting a raft of tax increases under the CoL now that the CGT has been kicked into touch ... so I decided to have a read ...

and this notice appeared .... Warning: Potential Security Risk Ahead ....    Firefox detected a potential security threat and did not continue to www.whaleoil.net.nz. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.   What can you do about it?   The issue is most likely with the website, and there is nothing you can do to resolve it. You can notify the website’s administrator about the problem'.

Well, I guess that's one good way to neuter a blog.

15 comments:

Psycho Milt said...

Looks like they neutered themselves by using https without a proper certificate. It'll be safe to continue to the site (well, no safety risk beyond the usual - exposure to shitloads of ads and some very toxic commentary).

David said...

Well, I guess that's one good way to neuter a blog.

Is there no end to your paranoia?

Andrei said...

Don't happen with Chrome

Andrei said...

"Looks like they neutered themselves by using https without a proper certificate"

Nope their certificate is valid until 14/10/2019

The Veteran said...

David ... paranoia!!!!!!!!!!!!! feek orf Noddy. I'll go with Milt ... self inflicted.

David said...

Vet, you are spinning. OK, you accept Milt's theory, and I believe he is right, BUT you finished your original post with the paranoid statement about neutering a blog. want to walk that back?

The Veteran said...

David ... not sure why I indulge you ... perhaps its be kind to animals week. No, not walking back. It appears 'they' did a good job of neutering the blog themselves although Andrei would dispute that.

Suggest you go easy on the paranoia bit ... when you point the finger just remember the other three are pointing back at you.

Psycho Milt said...

Andrei: odd, I get the same security warning in Chrome as I did in Firefox. "NET::ERR_CERT_COMMON_NAME_INVALID." Seems the cloudflare certificate they're using doesn't have whaleoil.net.nz listed among the domains it certifies.

Andrei said...

That is very odd indeed PM - it works fine for me in Chrome and firefox and the certificate seems to be both current and valid

I wonder if it is ISP dependant and you are unable to validate the SSL certificate

Adolf Fiinkensein said...

Just tried with Chrome. No problems.

Anonymous said...

Try using whaleoil.co.nz rather than whaleoil.net.nz

Psycho Milt said...

Oh right, that's it. Our blogs feed was pointing to whaleoil.net.nz. I've changed it to whaleoil.co.nz now.

Lord Egbut Nobacon said...

Why?

Psycho Milt said...

If you want to have secure traffic to your site via https rather than http, you need to obtain a valid SSL certificate for your address via an accredited provider. No Minister's one is taken care of by blogspot.com, but Whaleoil isn't a "chainstore" blog like ours so presumably has to make its own arrangements. Looks like they have a valid certificate for https covering whaleoil.co.nz, but not for whaleoil.net.nz, which was the address in our blogs list on the right. That blogs list has been there a long time, so whaleoil.net.nz is probably an old address that they stopped using. Now that I've updated the blog list to the address that does have a valid certificate, the security warnings have stopped.

And, thank you to anonymous above for the tip - I hadn't figured it out.

Anonymous said...

https://yournz.org/2019/05/01/whale-oil-switches-domains/