[HTTPS-E Rulesets] Untrusted certificate on pcworld.com
Yan Zhu
yan at eff.org
Fri Apr 4 12:10:43 PDT 2014
On 03/11/2014 02:42 PM, Claudio Moretti wrote:
> Hey Brian,
>
> I can't even reach PCWorld over HTTPS:
>
> Unable to connect
>
> Iceweasel can't establish a connection to the server at
> www.pcworld.com <http://www.pcworld.com>.
>
> The site could be temporarily unavailable or too busy. Try
> again in a few moments.
> If you are unable to load any pages, check your computer's
> network connection.
> If your computer or network is protected by a firewall or
> proxy, make sure that Iceweasel is permitted to access the Web.
>
>
> This probably means that (at least for now) they've taken down their
> HTTPS website. It's not a matter of updating the ruleset, but disabling
> it by default.
>
> This, though, requires an update to the extension, and I'm not sure what
> the policies for that are.
Nope, it just requires setting the "default_off" attribute in the ruleset.
BTW, this was a serious bug report that probably broke the site for a
lot of users! In the future it would be great if someone could cc me
directly or put [URGENT] in the subject line.
-Yan
>
> Yan, could you help? :)
>
> Thanks,
>
> Claudio
>
> claudio at Chuck:~$ nmap -p443 pcworld.com <http://pcworld.com>
> www.pcworld.com <http://www.pcworld.com>
>
> Starting Nmap 6.41SVN ( http://nmap.org ) at 2014-03-11 21:42 GMT
> Nmap scan report for pcworld.com <http://pcworld.com> (70.42.185.10)
> Host is up (0.17s latency).
> rDNS record for 70.42.185.10 <http://70.42.185.10>: www.pcworld.com
> <http://www.pcworld.com>
> PORT STATE SERVICE
> 443/tcp closed https
>
> Nmap scan report for www.pcworld.com <http://www.pcworld.com> (70.42.185.10)
> Host is up (0.17s latency).
> PORT STATE SERVICE
> 443/tcp closed https
>
> Nmap done: 2 IP addresses (2 hosts up) scanned in 0.52 seconds
>
>
>
> On Tue, Mar 11, 2014 at 8:00 PM, Brian Carpenter
> <brian.carpenter at gmail.com <mailto:brian.carpenter at gmail.com>> wrote:
>
> While visiting pcworld.com <http://pcworld.com>
> (https://www.pcworld.com/article/2091801/5-alternatives-to-logmein-free-for-remote-pc-access.html)
> with HTTPS Everywhere enabled in the latest Chrome stable build, I
> received this notice from Chrome:
>
> You attempted to reach *www.pcworld.com <http://www.pcworld.com>*,
> but the server presented a certificate issued by an entity that is
> not trusted by your computer's operating system. This may mean that
> the server has generated its own security credentials, which Chrome
> cannot rely on for identity information, or an attacker may be
> trying to intercept your communications.
>
> The certificate is for localhost.localdomain and may indicate a
> misconfiguration on the part of pcworld.com <http://pcworld.com>,
> but I don't have contact information for them, at least not contact
> info for someone who would know what I'm talking about. ;)
>
> Might need to push out an update for the pcworld.com
> <http://pcworld.com> rules. Thanks!
>
> Regards,
>
> Brian 'geeknik' Carpenter
> https://twitter.com/geeknik
>
>
>
--
Yan Zhu <yan at eff.org>
Staff Technologist
Electronic Frontier Foundation https://www.eff.org
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x134
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <https://lists.eff.org/pipermail/https-everywhere-rules/attachments/20140404/6cfd2fe7/attachment.sig>
More information about the HTTPS-Everywhere-Rules
mailing list