Guild Wars 2

I work as an IT Administrator for a municipal government. This afternoon a vendor partner was vetting a new product to my team. My IT Director ran a security check against this providers web servers using Qualys SSL Labs. Needless to say, this vendor scored an F on the security and data integrity check. When the vendor attempted to back their product by saying a lot of “online” service providers scored low using Qualys, I immediately stepped in a put in the server address for the GW2 forums. I’m happy to report Qualys rated Anet with an A-.

So in short, thank you Anet for taking the security of our data seriously!

Here’s what I get using the link to the Support site from the forums:

The owner of en.support.guildwars2.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.

I wish the redirect would be fixed.

Yeah, I don’t know. There are a few posts in the Account or Bugs sub-forum about this, so it affects a few of us.

I haven’t changed anything; it seems to have happened about the time of the new Knowledge Base/Support site. It only affects the en.support redirect from the forums; all other redirects to the support site work fine. /shrug

I just tell others that post about it to use the ‘Support’ link from any other site page.

I’ve tried adding several ‘en’ English languages to the browser. I’m not sure what other options to try.

I tried removing cookies, no go.

I tried it in Chrome (for the first time), I get a security error.

Your connection is not private

Attackers might be trying to steal your information from en.support.guildwars2.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID

I’m not sure what the problem is.

Thanks for sharing AlphaWolf it’s good to know that ArenaNet has very good security.

And with the talk of IT is making me want to go back to school for programing but I got into driving a truck for a living. But hey I can still go back because we are still growing up no matter what age we are.

JustTrogdor.7892:

Are you using any kind of firewall software or free antivirus? It seems like you might have something running that has not caught up with the change Anet made to the support page with their SSL and is showing it as dangerous.

Of course I use firewalls and anti-virus software. But, that would not explain being able to enter the Support site from any other Guild Wars 2 site page. It’s only the forum pages that have issue.

It’s of no real import; as stated, I can just choose any other GW2 site page to be redirected to the Support/KB page.

The cipher suites should be updated to a more modern configuration though. That’s why it only scores A-. All ECDHE and DHE ciphers should be on top of the list, all the TLS_RSA_* to the bottom.

Not all browsers connect with a cipher that supports forward secrecy. Problem here is: if someone collects all the network traffic, even encrypted, he can decrypt it if the private key is somehow stolen. It has happened due to bugs in the past.

I guess that’s due to an older operating system and older OpenSSL which does not support that. We have that problem, too.

I’m more concerned that the server is operated by Quaggans. :p

It’s funny though. Game companies take security seriously while my bank didn’t even change their certificate after heartbleed. Game account is more secure than my bank account.

Good security value gets diminished without proper functionality and accurate objectives.
It is time they fix this forums, their attitude toward post published here and on reddit, and their politics about dev-customer communication.