Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Frequent (annoying) certificate-related Security Alerts on AskWoody.com?

    Home Forums AskWoody Central Suggestions about improving the Lounge Frequent (annoying) certificate-related Security Alerts on AskWoody.com?

    This topic contains 32 replies, has 9 voices, and was last updated by  anonymous 2 weeks, 2 days ago.

    • Author
      Posts
    • #129243 Reply

      anonymous

      Hi Woody.
      Not really sure where to post this, so…

      Just wanted to let you know that, for some time now, when I visit AskWoody I get repeated Security Alert dialog boxes popping up to inform me that “The identity of this web site or the integrity of this connection cannot be verified” because “The name on the security certificate is invalid or does not match the name of the site”.

      This doesn’t happen on every page, so fwiw seems likely this may have more to do with ads being served than the underlying AskWoody site.

      Also fwiw haven’t seen others posting about this, so certainly possible that issue has something to do with my config (cue jokes about config problem = not using ad-blocker). But figured it wouldn’t hurt, and might help, to mention it.

      Thanks for all you do, and be well.

    • #129273 Reply

      woody
      Da Boss

      Odd.

      It sounds like the problem here, from four years ago:

      https://answers.microsoft.com/en-us/ie/forum/ie10-windows_7/random-security-alert-ie-messages/5b7387c4-9b5e-4711-b640-3d835730e2a4

      Are you using Internet Explorer? Have all the latest updates installed?

      Have you considered using Chrome or Firefox or Safari?

      • #129337 Reply

        anonymous

        Hi again, Woody.

        OP here. Yes, I’m using IE11 (with default-level security settings
        on “Internet” zone) on Win7 x64; Group B, patch level current
        as of July (i.e., July installed, waiting on August).

        Thanks for posting the “Random security alert IE messages” link.
        While certificate-related, the problem described there involves
        apparently random IE security alert popups seen across multiple
        sites. In my case, however, I only see the security alert popups
        on one site that I visit: AskWoody. Weird, huh?

        And it’s about to get weirder–or maybe less weird, you be the
        judge. Yesterday while on AskWoody I was repeatedly seeing the
        same IE security alert (“The identity of this web site or the
        integrity of this connection cannot be verified” because “The
        name on the security certificate is invalid or does not match
        the name of the site”), over and over again, on many (_but
        not all_) pages…

        Today, though, I’ve now been on AskWoody for quite some time,
        intentionally bouncing between pages, opening page after page,
        and I haven’t seen the security alert yet…

        No config changes on my end. Different day, different result.
        Obviously not conclusive, but this observed temporal weirdness
        seems to me to point back in the direction I suggested in my
        initial post: “seems likely this may have more to do with
        ads being served than the underlying AskWoody site.”

        Hope this helps. And, again, thanks for all you do.

    • #129283 Reply

      Volume Z
      AskWoody Lounger

      I have encountered the same in Opera 12.18. Disposed of questionable domains at hosts file. Web-ads.10sq.net?

    • #129297 Reply

      Pepsiboy
      AskWoody Lounger

      Woody,
      This is the problem I e-mailed you about a couple days ago. I’m still having the problem, BUT, not quite as often as the other day. This morning it is acting up again about every 10 to 15 minutes. I’m going to try the suggested solutions above and see what happens. Will post back here with results in a few hours.

      Dave

      • #129300 Reply

        woody
        Da Boss

        Troubling. Yes, please let us know if you figure it out!

    • #129310 Reply

      ch100
      AskWoody MVP

      The site is perfectly legit, quite above average in following the latest security standards.
      Those who encounter issues locked themselves out either with third-party security suites, not updating Windows in full, editing hosts files etc.
      https://www.ssllabs.com/ssltest/analyze.html?d=askwoody.com&latest

      askwoody_ssllabs

      Attachments:
      You must be logged in to view attached files.
      6 users thanked author for this post.
    • #129342 Reply

      Pepsiboy
      AskWoody Lounger

      Woody,

      As anonymous said above, SO FAR today on my current session there have been no problems. I have not changed anything from when I was having trouble. I have no idea what, if anything, has changed, but there are no problems with the site at this point. I’m just hoping that it stays this way.

      Dave

    • #129412 Reply

      NetDef
      AskWoody Lounger

      For those seeing this problem, it would be helpful to know what cert your browser is pulling.  The next time you get the error, you can check the certificate properties.  Line items that would be helpful in troubleshooting would include the begin and end dates of the cert YOU see, as well as the organization and web domain it’s assigned to, as well as the originator (distributor).

      On a related, perhaps helpful note:  some of my users were seeing this error on random SSL sites when browsing via tethered mobile phones.  In all cases, we were able to determine that a certain mobile data provider was inserting a proxy (the cert on that proxy did not match the cert on our web sites.)  I leave it to reader to decide what that means – just adjust your tin foil hat accordingly.

      For reference, here’s the cert you SHOULD see on this site — you can compare that to the one you see when you get the error, they should be different.  (It will be interesting if we discover they are NOT different . . .)

      woodyscertaug2017

      There are other problems that could also cause this, such as an expired root trust cert on your system, (which should be updated automatically, but sometimes is not) but for now I’ll leave it at this.

      Attachments:
      You must be logged in to view attached files.
      3 users thanked author for this post.
      • #129443 Reply

        anonymous

        Ask & ye shall receive…

        OP here. Pls see below for requested detail on cert currently triggering
        IE security alerts. (And, for the record, the alerts I was seeing yesterday
        were also flagging this same cert.)

        Subject:
        CN = *.btrll.com
        O = Yahoo! Inc.
        L = Sunnyvale
        S = CA
        C = US

        Serial number:
        ‎0f e9 a8 be 6f fe 7d f2 ee 20 7c 13 f1 b1 d6 81

        Issuer:
        CN = DigiCert SHA2 High Assurance Server CA
        OU = http://www.digicert.com
        O = DigiCert Inc
        C = US

        Valid from:
        ‎Tuesday, ‎April ‎25, ‎2017 8:00:00 PM

        Valid to:
        ‎Thursday, ‎October ‎26, ‎2017 8:00:00 AM

        Thumbprint algorithm:
        sha1

        Thumbprint:
        ‎75 e8 09 d6 3e e9 d9 21 81 32 5d ca ec 5d 0c b1 ad a9 70 ea

        2 users thanked author for this post.
        • #129446 Reply

          Kirsty
          AskWoody MVP

          This answers.microsoft.com page might help on the btrll.com certificate.

        • #129447 Reply

          woody
          Da Boss

          @netdef – could that be an advertiser’s cert?

          • #129448 Reply

            anonymous

            Yes, btrll = BrightRoll (see brightroll.com)

            1 user thanked author for this post.
          • #129859 Reply

            NetDef
            AskWoody Lounger

            @netdef – could that be an advertiser’s cert?

            Yes, but I see I am too late in my response.  🙂

            For future reference this error can be caused be some of the following scenarios:

            – embedded SSL content (advertiser)

            – proxy (company or provider)

            -man in the middle attack (wi-fi hotspot for example.)

             

            Cheers!

      • #129454 Reply

        ch100
        AskWoody MVP

        Inserting certs via proxy means that the cert owner intends to decrypt the communication if required. There are grey areas in the law in this matter, but while this may be acceptable for company issued devices, it is certainly not acceptable on public networks as it allows password interception.

    • #129450 Reply

      Noel Carboni
      AskWoody MVP

      I never see any certificate problems here, and not coincidentally I never allow ad traffic.

      With apologies in advance to Woody, who is funding the operation of this site from ad revenue, for bringing this up again but allowing ads is not a good thing if you’re concerned about online security or privacy.

      The fact is that the site admin cannot vet the ad content, even if he had the time and was willing to do so. Thus you’re getting software, scripts, images, etc. downloaded to your computer (not to mention being tracked by several online entities) every time you visit this or most any other web page online today. The web pages are coded to retrieve information from a separate delivery service (e.g., amazon-adsystem.com), and your browser is dutifully following the instructions to do so. It’s almost unbelievable what and how much you’re asking to have your computer do just by clicking on links (and I don’t just mean here on Woody’s site, which is quite tame and legit).

      My DNS server generally blacklists at least half the attempted online contacts when I visit this site, and that doesn’t include all that WOULD be contacted if the ads were allowed, which I suspect would be much, much more – including those with bad certificates (and those that don’t require certificates at all).

      For example:

      www.askwoody.com A resolved from Cache to 96.127.138.242
      ir-na.amazon-adsystem.com A not found --- blacklisted by DNS proxy ---
      z-na.amazon-adsystem.com A not found --- blacklisted by DNS proxy ---
      www.googletagservices.com A not found --- blacklisted by DNS proxy ---
      secure.gravatar.com A resolved from Forwarding Server as 192.0.73.2
      ws-na.amazon-adsystem.com A not found --- blacklisted by DNS proxy ---
      maxcdn.bootstrapcdn.com A resolved from Forwarding Server as 94.31.29.55
      www.paypalobjects.com A resolved from Forwarding Server as 23.32.76.198
      

      I’m not saying I can offer a viable alternative for funding a site like this… But people should know that visiting any ad-supported / tracking-supported website involves risk unless you have a strategy for isolating just the site content and keeping the bad stuff out.

      If you do choose to block ads, please donate occasionally to this site (as I do).

      -Noel

      • #129451 Reply

        woody
        Da Boss

        Man, I wish I could afford to do that. Right now I’m just barely making expenses – and ads outnumber donations by 2 to 1.

    • #129636 Reply

      Pepsiboy
      AskWoody Lounger

      Woody,

      Well the pop up Cert error is back. I am unable to do much of anything quickly on your site this morning. (NOT blaming you or your site) When it comes up again, I’ll try to screen shot it and the details to e-mail to you. Busy day today, so it may take a while to get this done.

      Dave

      • #129662 Reply

        Noel Carboni
        AskWoody MVP

        Depending on what browser you’re using, Dave, it might also be helpful to use the Developer Tools, Network (or equivalent function) to capture and show the network traffic being sent/received by the browser. Seeing what sites are contacted could help identify which site is delivering the offending data.

        I’d also be interested in how many requests go into displaying AskWoody.com (the home page) when a browser with ads enabled is used here. When I browse to it I see 58 requests total. I’m just curious how many more there would be if the ad content is delivered. I suspect a lot more.

        -Noel

        1 user thanked author for this post.
    • #129764 Reply

      Pepsiboy
      AskWoody Lounger

      Depending on what browser you’re using, Dave, it might also be helpful to use the Developer Tools, Network (or equivalent function) to capture and show the network traffic being sent/received by the browser. Seeing what sites are contacted could help identify which site is delivering the offending data.

      I’d also be interested in how many requests go into displaying AskWoody.com (the home page) when a browser with ads enabled is used here. When I browse to it I see 58 requests total. I’m just curious how many more there would be if the ad content is delivered. I suspect a lot more.

      -Noel

      Noel,

      I have had this computer turned off for nearly 24 hours because of the threat of SEVERE thunder storms. IF the pop up shows up again today, I will try to get as much information from it as I can and post back here with results.

      Dave

      • #129782 Reply

        woody
        Da Boss

        It looks like Brightroll is the culprit.

        I have a message in to my ad provider. Haven’t heard back yet.

        2 users thanked author for this post.
        • #129800 Reply

          ch100
          AskWoody MVP

          Woody, it is certainly Brightroll, however it shows only on those computers which have non-standard (read excessively hardened, against the specifications) configurations.

    • #130137 Reply

      Pepsiboy
      AskWoody Lounger

      Woody,

      Well, the cert notice is back again this morning. If I did it correctly, there are screen shots of what shows up this morning. I think that others have nailed it that Brightroll is the problem.

      Hopefully they can get this fixed soon.

      Dave

      MWSnap002-2017-08-21-06_21_12

      MWSnap003-2017-08-21-06_21_28

      MWSnap004-2017-08-21-06_22_55

      MWSnap005-2017-08-21-06_23_13

      MWSnap006-2017-08-21-06_23_27

      MWSnap007-2017-08-21-06_23_43

      MWSnap006-2017-08-21-06_23_27

      MWSnap005-2017-08-21-06_23_13

      • This reply was modified 1 month ago by  Pepsiboy.
      • This reply was modified 1 month ago by  Pepsiboy. Reason: All attachments not showing up
      • This reply was modified 1 month ago by  Pepsiboy.
      Attachments:
      You must be logged in to view attached files.
    • #130146 Reply

      Pepsiboy
      AskWoody Lounger

      I guess only 4 attachments are allowed at a time. Here are the other 2.

      Looks like I got them in reverse order. Sorry.

      Dave

      MWSnap003-2017-08-21-06_21_28

      MWSnap002-2017-08-21-06_21_12

      • This reply was modified 1 month ago by  Pepsiboy.
      • This reply was modified 1 month ago by  Pepsiboy. Reason: Added comment
      Attachments:
      You must be logged in to view attached files.
      1 user thanked author for this post.
    • #130228 Reply

      MrBrian
      AskWoody MVP

      I browsed this site in a virtual machine using Internet Explorer 11. I got a message for an expired certificate (valid from 7/20/2016 to 7/20/2017) issued by Go Daddy to *.vms.cignalio.com.

    • #130229 Reply

      MrBrian
      AskWoody MVP

      See section Browser Hijacking Behavior at https://en.wikipedia.org/wiki/BrightRoll.

      2 users thanked author for this post.
      • #130281 Reply

        MrBrian
        AskWoody MVP

        I believe that users are not getting infected by being exposed to BrightRoll ads in a browser. Rather, the BrightRoll browser hijacker is probably acquired by installing certain software.

        • This reply was modified 4 weeks, 1 day ago by  MrBrian.
        1 user thanked author for this post.
        • #131905 Reply

          ch100
          AskWoody MVP

          This is correct!

          1 user thanked author for this post.
    • #131903 Reply

      Pepsiboy
      AskWoody Lounger

      As of today, I’m not getting the security alerts on this web site. Maybe it has worked itself out like another problem I was having.

      Best of luck to all.

      Dave

    • #131906 Reply

      anonymous

      It seems that the site has been hacked – that’s what I see today:

      Greets

      Günter Born

       

      PS: Didn’t log in, due the hack

       

      • #131919 Reply

        woody
        Da Boss

        Not a hack!

        I was wishing my Muslim friends a happy holiday

        4 users thanked author for this post.
        • #132162 Reply

          anonymous

          Hi Woody,

          Just thinkin’…

          In a couple of weeks you’ll have another opportunity to extend some global goodwill, by wishing both gunter (@borncity) and martin (@ghacks) a Happy Octoberfest! ( Glückliches Oktoberfest!? 🙂
          Many thanks to the deutsche duo for the information and insight they share!

          1 user thanked author for this post.
    • #133023 Reply

      anonymous

      (Awaiting moderation)

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Frequent (annoying) certificate-related Security Alerts on AskWoody.com?

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.