If you see a "security warnings" in Delphi IDE don't worry. The Embarcadero domain SSL certificate expired, was renewed, but not applied to all web properties. Some sites (GetIt and Quality) are affected. Fix coming, apologize. BTRW, we are updating Community and EDN portals

Comments

  1. Did somebody fall asleep at the wheel or not mark the calendar? Not good.

    ReplyDelete
  2. Full professed, just like with Embarcadero forums.

    ReplyDelete
  3. Marco Cantù give a look at xenforo.com if you dont know about it, it's a reliable and professional forums platform

    ReplyDelete
  4. It is so annoying it pops up when i open a project. I can understand you have to connect to your servers for showing upcoming events and other data. But why do you have to CONNECT to EMBARCADEREO server when i open a project. So I disabled bds.exe From Windows Defender Firewall.

    ReplyDelete
  5. What do you mean, "don't worry". Of course people should worry! You can't implement security by saying "don't worry".

    ReplyDelete
  6. Ferhat Alkan I also saw that when opening a project. There are all kinds of thoughts swimming in my mind as to why this is necessary. What gets me is the number of times that popup occurs when you open GetIt or the Platform Manager. In my opinion Embarcadero needs to do some explaining.

    ReplyDelete
  7. Why do you not simply completely disable the welcome page? This is possible via registry

    ReplyDelete
  8. I strongly suggest to provide a simple, functional and complete OFFLINE Welcome Page. As I switched to Daniel Wolfs wuppdi Welcome Page quite a while ago I am not affected by this glitch.
    danielwolf.eu - Meine Vorstellung einer Willkommens-Seite

    ReplyDelete
  9. Uwe Raabe Thanks Uwe for that information. I installed it. Looks good and simple. No more popups.

    ReplyDelete
  10. David Heffernan agree 100%. There's no way for the average user to know if the security warning is because of someone's incompetence, or because the site has been compromised; and so asking then to ignore warnings is just laying the foundation for future problems. My servers use scripts to automate the cert renewals, so I never have to remember to do it myself -- can't embarcadero do something similar?

    ReplyDelete
  11. Scott Pinkham professionalism is not for everyone

    ReplyDelete
  12. BTRW? Acronyms should be banned. People shouldn't be so lazy as to not take the time and effort to express themselves without any ambiguity, especially in a professional setting. Then again, who lets their certs expire?

    allacronyms.com - BTRW abbreviation stands for Brush Tailed Rock Wallaby

    ReplyDelete
  13. More EMBT incompetence. Easy to blame on IT but without competent management anything can happen.

    No apology either. That sends a message.

    ReplyDelete
  14. Jennifer Powell: Re-read the post and you'll notice that Marco Cantù actually did apologize.

    ReplyDelete
  15. Christian Conrad This group is not the approproate venue for Embaracdero notifications to active users. It is a serious enough matter to be informed by email, none of which has been received.

    ReplyDelete
  16. Jennifer Powell
    I agree that an email to all potentially affected customers would have been warranted.. G+ is only home to a fraction of the Delphi/C++ EMBT customers (< 9850 out of the supposedly over 2 million), so not the appropriate place to notify users of a security issue. It's not the first time EMBT has had security issues, or outages of forums and services. It sounds like they either have no change management /IT department, or they are incompetent. IT should know a server is down before any customers do, and have preventative measures (monitoring, fail-over & redundancy) to prevent that. While I sympathize with Marco as having to answer to the public, EMBT should have some sort of communication guidelines in place that would have prompted a security bulletin email to it's users. All of this reflects poorly on EMBT.

    ReplyDelete
  17. I honestly think Embarcadero would have been sensible to communicate via email to all customers if there was a security breach, a thread to customers, or similar -- unlike the owner of this online forum ;-)
    But this wasn't the case. While it was certainly very bad to have customers see the problem and worry about what's up, the IDE simply stops communicating when the certificate is invalid (as it was, it was expired), and so there was no communication with the GetIt system during that time.
    Also, we have used multiple communication channels on social media to reach customers.

    ReplyDelete
  18. Marco Cantù But we "didn't know" if there was a security breach and realistically still don't. It may be fair to say that there wasn't however.

    But get this: that was a Godaddy cert. Godaddy is one of the best providers to inform you when a product is about to expire. For certs, you will get a notice 3 months in advance of its expiration. Then you will get notice 1 month from expiration. Then you will get a notice 1 week before expiration. The two days before expiration you will get another.

    Finally, you will get an expired notice on the day it expires.

    So, tell me, if you can, just exactly how all that slipped by Embarcadero?

    ReplyDelete
  19. Marco Cantù Never mind. I just sent Randy Jacobs and email to see if he could provide an answer.

    ReplyDelete
  20. Embarcadero IT renewed the certificate in time. They failed to update the certificate on some web properties.

    ReplyDelete

Post a Comment