Jump to content
Sign in to follow this  
Spazo

When you get this message from firefox...

Recommended Posts

This is on a business computer...My dads credit card actually got phished a few weeks back and the fraud team from the bank called him up to say someone had stolen 2k and bet it on horses via TAB, advising him to get more virus protection. Anyway I'm seeing this warning on another PC, just wondering if you guys think it means anything?

 

Viruscunts.JPG

Edited by Spazo

Share this post


Link to post
Share on other sites

That's the warning you get when a site says it's encrypted, but according to the browser, it's not really.

 

This can be for a few reasons, like the SSL certificate has expired, the SSL certificate has been undersigned too many times, the SSL certificate is self-signed. Do you trust it? It's kind of up to you. Some browsers are naturally more picky than others about SSL, so they will throw errors that other browsers just don't care about. If it's for a big site like Google, have a quick google and see if anyone else is having the problem and if they have reported the problem. Typically big companies don't stuff around with SSL renewals, so typically they overlap the renewals.

 

For a full run-down:

 

SSL (Secure Sockets Layer) is what we use to get the https connection. It's a certificate issued by a trusted source (such as Verisign), or one of the sources that a trusted source has verified (like GeoTrust). A certificate that has been undersigned too many times, is one where the issuer is below too many other issuers. Eg if Verisign verify someone, who verifies someone else, who verifies someone else, etc etc etc, who verifies someone else, there's a good chance the browser will think that that's too many levels down and will report the certificate as un-trusted. The same thing happens with a self-signed certificate. Self signed certificates are normally used in testing, when you have to get an SSL part of a site up, you'll generate your own certificate to test the https layer. You know it's your site because you're sitting on the server looking at it, so it's not a problem in development. Normally once you're happy with everything, you'll buy the actual certificate. Also, when a certificate expires, it doesn't magically disappear, it means that the certifier has said that this certificate lasts for X days/years and then the website owner needs to re-verify (ie, pay money). Once the owner pays his money, he gets a new certificate, ie, the old one isn't re-newed. So technically the owner can use that certificate forever, to make the https side of things "work", but because he's unverified past a certain date, you'll get the message saying that the site is un-trusted or not secure.

Edited by pyro

Share this post


Link to post
Share on other sites

Thanks... so what if someone is genuinely trying to "impersonate the site"?

 

Does that mean they've hacked the wireless connection or are they interfering with us personally by targetting our IP or is it maybe nucular aliens on the information superhighways?..

Share this post


Link to post
Share on other sites

In the case of that address (accounts.google.com), I doubt anyone would be impersonating the site. They would have to either steal the IP, or hack the DNS server and change the IP to their own machine. I think you'd have almost zero chance of pulling that off against Google. They'd notice the dip in traffic instantly and rectify things pretty quickly.

 

Impersonating a site is generally equivalent to a "man in the middle" attack. There was a good one last year iirc, with either Commbank or Westpac. Someone set up an address like commbank.bankinginstitution.com.au (it wasn't that specific domain, but something along those lines), displayed the same login screen for commbank/westpac and then redirect users to the actual banking login page, saying there was an error and to try again. They scored a shyteload of account details. Commbank/westpac (whoever it was) were none the wiser, because they were still getting all of their traffic and the users were none the wiser because they didn't know any better. This will be the most common method of attack from now on.

 

Without hacking the Domain Name Servers (DNS, this is what holds a record of what ip address corresponds to what domain name), the next best thing you can do is go for each person individually, which takes f**king ages and requires a LOT of hacking, unless there's malware ready to go. Basically, each computer has its own internal DNS (on windows it's in C:\Windows\System32\Drivers\etc open "hosts" with notepad). So an attacker who gains entry to your machine can change that to whatever they want, so now www.anz.com.au goes to their own machine. Like I said though, this involves a shyteload of hacking, because you need to compromise every single machine before you can do this.

 

The first of the two situations is far more likely for phishing. Setting up an address that looks like a bank account address, or looks like something which could be plausible, is normally how they get you. Advertising these addresses is mostly popular via spam email with the usual, "We need to verify your username and password". The amount of people who believe these emails is phenomenal. No bank will ever contact you with important stuff via email. It just wont happen. They might start to think about it when the world is using public/private key encryption on email, but that's been around for years and nobody's taken an interest.

 

So at the end of the day, "it depends" is the answer :P If your dad's a multi millionaire, it might have been the latter, but 9.9/10 times it's the former.

Share this post


Link to post
Share on other sites

It turns out someone changed the date on the computer from December to November, so firefox thought the certificate had expired and was waiting for the new one to come in effect.

Share this post


Link to post
Share on other sites

Damnit. Tried to find that gif in the old pics of the day thread, where the guy slides out while drifting, narrowly misses the other car, gets out and goes, "SAFE!" haha

Share this post


Link to post
Share on other sites

Well you'd better find it. Or you'll pay. Listen to what I say.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

×