Right, but what will the attacker gain? You aren’t doing online banking here.
Peter wrote:
Right, but what will the attacker gain? You aren’t doing online banking here.
Hope to re-use the credentials?
Actually, sometimes it is happens for less clandestine reasons – deep packet inspection (Infosec) or injecting the ads into your browsing (Superfish or Thank you, Lenovo!).
Another reason could be some root certs did not get the updates, while the rest of the system is OK – you get confirmation that your updates were installed, but your browser does not recognise some certs.
Or your browser/DNS caching is screwed and it partially shows the old content (from when you’ve authenticated with Wi-Fi hot-spot, for example) – you get some content secure, some – not; annoying like hell.
I think what people have advised OP already is the more than enough – you test the different websites from different devices/different device types/different networks.
After comparing the results it is very easy to see where the problem is.
re-use the credentials?
Sure, but that’s dumb. Practically every PHP-BB forum has been hacked. Open source, PHP, what do you expect?
Anyway, re-using creds doesn’t nowadays enable setting up a new payee.
This doesn’t make sense.
Like I said, this was prob99 an HTTP URL someone posted.
Peter wrote:
Like I said, this was prob99 an HTTP URL someone posted.
I’m sure you’re right, but if was the actual EuroGA site that had an invalid certificate, then you should be wary.
Yes I would be on the case immediately.