Bitcoin Forum

When I log into Cryptsy it shows the padlock on the address bar for https for a few seconds, then the padlock disappears. When the padlock is there if I click on the address bar it says "website does provide identity information" ... "Project investors"... "Certificate by Comodo" etc. When the padlock disappears it says "this website does not provide identity information". The address in the bar is always https cryptsy.com.

Padlock doesn't disappear for me, perhaps you just have a misconfiguration. Maybe a browser plugin interfering with something? Have you tried using a different browser to see if you still had the problem?

yup.. looks like a browser problem.. at first look..  8)

Tried to log in in cryptsy. The padlock that you're stating is still in there. Nothing weird happening compared to what you're talking about. May I know what browser are you using and what plugins do you have in that browser? Maybe it's a browser problem because I can login and access cryptsy smoothly.

It happens on several browsers. Here is an image.

http://i60.tinypic.com/2pr7884.jpg
Or
https://i.imgur.com/iXSMTXb.jpg

I should add I live in a country where government surveillance is famously intrusive and the government makes no effort to hide the fact that it monitors my electronic communications. The internet connection I use is not secure at all.

you should upload your pictures here: https://imgur.com instead of what you're using yet..  ;)
Cheers!  ;D

If you feel that your internet browsing is being watched, you could invest in a VPN. Most only cost a few dollars per month, but allow for secure browsing.

are you sure you are not infected in some way? you should do a scan with multiple antivirus/anti-rootkit/anti-malware

usually there are insecure link, when this appear, you could have some insecure connection going on

sha1 fingerprint for cryptsy.com cert should be:


In case of a MITM it would be different.

You could also try to install HTTPS everywhere[1] and enable SSL Observatory[2] in order to let the plugin check whether the SSL cert is valid or not.


[1] https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp
[2] https://www.eff.org/observatory

Nothing shows up on antivirus, Comodo, McAfee, have tried others. Even immediately after reinstalling the operating system Malware bytes warns that its anti root kit driver cannot load. There is quite a bit of other evidence of a problem with my internet connection, I am just asking opinions about the risk with Cryptsy specifically. I use an SMS protected email and phone SMS to log into cryptsy but once I logged in and it went straight to the logged in area before I even entered the SMS. I have a screen grab of the message it showed on another device and will upload that when I can. Is it possible Cryptsy's SMS service was down briefly and it bypassed the SMS authentication because of reasons on the Cryptsy side?

Google has a very bad reputation for me,  as bad as Baidu etc for spying, but your comment did turn out to be helpful. Thanks.

This would be my biggest worry if you are using wifi not your's and they are stripping ssl out. 

Are you using your own wifi or was this done somewhere elese?  Just as a good rule no one should trust AP that are like "Free Wifi" "Free Internet", etc.   It is sad but a rogue ap is getting cheaper and cheaper.

Aren't those web browsers you're using exactly the same? I meant try a totally different browser to test.

try scanning your system with hitman pro. while others may not find anything, hitman pro will if your system contains a virus.

My modem in a rural area. I may be often the only person within many miles using internet. I already know my connection is not trustable.

Regarding web browsers, yes those screenshots are the same. The first image post did not show up so I copied it twice from two sites but the same issue has been on a few browsers both on android and Windows but AFAIK only at Cryptsy.

Why would it be not trustable if you are living in a rural area miles away from others?   It sounds like a good thing to me.

Also I have no idea if you are or not but even living in a rural area I would encrypt your wifi (don't do WEP or any broken systems).

hitmanpro isn't that good lately, in my case is detecting ccminer as a malicious, which ius obviously wrong

malwarebyte is the best, for malware and for virus too

What happens if you use the Tor browser? ....or you can boot up with a Linux OS to test if the OS is compromised. {Ubuntu}

I ussually use a Virtual machine - http://en.wikipedia.org/wiki/Virtual_machine to test things, when I run into funny things with my OS.

Hope this was helpfull.  ;)

Tor is not the greatest as far as security.  You are better off buying a better one if you are going to run though a VPN.  I would go with a professional company.

As far as the virtual machine telling you, chances are not.  You would look for items such as HTTPS being stripped into HTTP version of site.  And web site certificates not being real.

Do you use https everywhere? (the plugin called "HTTPS Everywhere").
I think in certain browser it did that, but I use Firefox and it doesn't do it for me.

Tor doesn't help to increase security, it increases privacy and somewhat decreases security. data transferred to the entry/exit node will not be encrypted. so if a https vulnerability is found, you can get hacked. many occurrence has been reported before. if you are looking for a nice and cheap vpn, go for privateinternetaccess, i like their vpn since they have pretty good speed and a great diversity of servers.

I'm not referring to tor I don't consider tor to be secure.  You are the entry node with tor.  But exit node has always been a problem.

I am referring more to a enterprise option such as a lot of big companies have.  They have their own VPN set up where you can connect from home and you are on their network after.  This encrypts traffic and is much safer then TOR.

You must make sure that the trustable VPN you use is logless or deletes log after some hours.

You can never be paranoid enough when it comes to security

I'm just talking about using where it encrypts over for example public wifi.  A enterprise solution such as many big companies do.  You connect to vpn remotly. 

Deletion is not as important as it's not for anything illegal.  And any reputable site it gets cookies etc, they will not be of much use hours later deleted or not.

Understood. Neither Tor nor VPN is secure enough. However, VPN is better than Tor when we consider many facts.


We don't use VPN & Tor just for security. We also use it for privacy and is better to get a logless VPN than others. If somehow, the log is leaked, IP attacks can be expected. With a logless VPN, we can secure ourselves from it. Even a smallest factor may result in biggest hazard.

I don't debate VPN is better then TOR I agree completely with you on that.

I argue what the use of a VPN can be.  Many buisness use them for security and privacy.  Lets say you have a work laptop connect at starbucks and use your VPN which puts you on your work network.  At starbucks if someone is trying to get data they will just see encrypted assuming it's connected to that work VPN.

Most enterprise VPN have history as companies keep LOTS of logs of what goes on in the network.  I'm talking about fortune 500 companies, not a ma/pa shop.

If your using a logless VPN your goal is to hide your activity.  With a nice work VPN your goal is to encrypt traffic and get you on your work network.

You are just paranoid but if you want to be sure then you may want to download spybot-search and destroy.
It's against spyware etc.