Hello everyone,

Some Sangha members have reported getting security warnings from Chrome when trying to log into the forum.

1. The server and our software has had a full security review in the past week (both by the Treeleaf engineers and the security team at our host). To the best of everyone's knowledge, the server and forum software are fine.

2. What we believe is happening is Google is implementing a plan to require SSL encryption for all web pages that include either credit card information (NOT us) or a username and password (us).

3. This change is a Good Thing(tm) as it will eventually result in a more private and secure web. At this time we do not have SSL encryption for Treeleaf, but we will be making the necessary purchases and upgrades in the very near future!

4. For the time being, if you see messages like the ones below, it does not mean that Treeleaf has been hacked. It does mean that your browser letting you know that a username and password will be transmitted without encryption and could thus potentially be intercepted via a so-called "man in the middle attack". So do not log in to Treeleaf on a public network like wifi at your local coffeeshop!

Screenshot from 2017-09-18 23:04:36-treeleaf-ssl-warning-1.jpg

Screenshot from 2017-09-18 23:11:21-treeleaf-ssl-warning-2.jpg

I'll make further announcements on this topic here.

Gassho,
Sekishi #sat #lah