treasurydirect.gov hacked?

[wishicouldgomoreofte]

Indirectly DVC related, as online savings bonds are the source of funding for DVC trips.
I don't know who else to ask!
Was on the treasurydirect.gov website fine on 9/24.
Haven't been able to get back on since. On Google Chrome the https:// part is marked through a warning--" You attempted to reach treasurydirect.gov, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications."

When I try Mozilla Firefox it says-- "This Connection is Untrusted
You have asked Firefox to connect securely to treasurydirect.gov, but we can't confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified."

Does anyone else use treasurydirect.gov for online savings bonds and have similar problem getting on the site since 9/25?
I am referring specifically to the https: part, which is what makes it a secure site. You can proceed without that, but I won't as it is not then secure. I read in August 2013 about some question of hacking and similar happening then. Or it could be them updating IT while getting rid of legacy treasurydirect, and screwing stuff up, just like Disney IT does.

 

[HtomSirveaux]

I don't go there normally, but looking at it now you're probably getting the warning because the name on the certificate is for https://www.treasurydirect.gov and you're trying to go to https://treasurydirect.gov - since they don't match exactly (even though the only difference is the "www" part) the browser on your computer throws up the flag. You can either start going to it with the www. in front or you can click through the warning.

 

[wishicouldgomoreofte]

I don't go there normally, but looking at it now you're probably getting the warning because the name on the certificate is for https://www.treasurydirect.gov and you're trying to go to https://treasurydirect.gov - since they don't match exactly (even though the only difference is the "www" part) the browser on your computer throws up the flag. You can either start going to it with the www. in front or you can click through the warning.

Thank you for replying. I typed in the whole thing correctly when trying to log in. I edited out the www part on the dis, because that made it a clickable link, which I believe the moderators would have objected to.
So were you able to go in through https://www,treasurydirect.gov/ without a warning of it not being secure and the sites security certificate? When I try, it will allow me to proceed without the https: part, but then it is not a secure site, so I don't.

 

[WilsonFlyer]

Currently Domain TREASURYDIRECT.GOV is not available for Registration.
Agency : Department of the Treasury
Organization : Department of the Treasury - BPD
Domain Name : TREASURYDIRECT.GOV
Status : ACTIVE

The site is legit. Since there is nothing on the homepage that needs securing, there's no need for a secure server or certificate there. When it need to go secure, it will do it on the link.

Can't believe I answered this here. Really can't believe this thread lasted all day.

 

[WilsonFlyer]

I browsed around a lot. IT goes secure EVERY time it needs to.

 

[wishicouldgomoreofte]

I browsed around a lot. IT goes secure EVERY time it needs to.

This is what I get as soon as I try to go from Internet Explorer. And in my posts above you see what happened with Google Chrome and Mozilla Firefox.

Shield icon
There is a problem with this website’s security certificate.








The security certificate presented by this website was not issued by a trusted certificate authority.





Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

We recommend that you close this webpage and do not continue to this website.


Recommended Click here to close this webpage.

 

[wishicouldgomoreofte]

This is what displays when I try https://www.treasurydirect.gov from Google Chrome.

Your connection is not private

Attackers might be trying to steal your information from www.treasurydirect.gov (for example, passwords, messages, or credit cards).

Back to safetyHide advanced
You attempted to reach www.treasurydirect.gov, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications.

Proceed to www.treasurydirect.gov (unsafe)

 

[wishicouldgomoreofte]

And this is what I get from Mozilla Firefox.
As you will note, it is not saying my computer is not secure, it is saying the certificate for the site is not secure.

This Connection is Untrusted

You have asked Firefox to connect securely to www.treasurydirect.gov, but we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

Technical Details

www.treasurydirect.gov uses an invalid security certificate. The certificate is not trusted because the issuer certificate is not trusted.

(Error code: sec_error_untrusted_issuer)

 

[WilsonFlyer]

There is NO secure connection to the BASE (www) site. That's the whole point. You don't NEED HTTPS to connect to the "home" page. It goes secure when secure information is destined to be passed. If that's not good enough for you, I don't know what to tell you.

You don't go to https://www.treasurydirect.gov, you go to http://www.treasurydirect.gov

I make my living doing network security. This site IS secure.

Unless I'm missing something. I'm not sure what your point/question is or what you think is wrong because nothing is.