[HTTPS-E Rulesets] Untrusted certificate on pcworld.com
Claudio Moretti
flyingstar16 at gmail.com
Tue Mar 11 14:42:43 PDT 2014
Hey Brian,
I can't even reach PCWorld over HTTPS:
Unable to connect
>
> Iceweasel can't establish a connection to the server at www.pcworld.com.
>
> The site could be temporarily unavailable or too busy. Try again in a
> few moments.
> If you are unable to load any pages, check your computer's network
> connection.
> If your computer or network is protected by a firewall or proxy, make
> sure that Iceweasel is permitted to access the Web.
>
This probably means that (at least for now) they've taken down their HTTPS
website. It's not a matter of updating the ruleset, but disabling it by
default.
This, though, requires an update to the extension, and I'm not sure what
the policies for that are.
Yan, could you help? :)
Thanks,
Claudio
claudio at Chuck:~$ nmap -p443 pcworld.com www.pcworld.com
Starting Nmap 6.41SVN ( http://nmap.org ) at 2014-03-11 21:42 GMT
Nmap scan report for pcworld.com (70.42.185.10)
Host is up (0.17s latency).
rDNS record for 70.42.185.10: www.pcworld.com
PORT STATE SERVICE
443/tcp closed https
Nmap scan report for www.pcworld.com (70.42.185.10)
Host is up (0.17s latency).
PORT STATE SERVICE
443/tcp closed https
Nmap done: 2 IP addresses (2 hosts up) scanned in 0.52 seconds
On Tue, Mar 11, 2014 at 8:00 PM, Brian Carpenter
<brian.carpenter at gmail.com>wrote:
> While visiting pcworld.com (
> https://www.pcworld.com/article/2091801/5-alternatives-to-logmein-free-for-remote-pc-access.html)
> with HTTPS Everywhere enabled in the latest Chrome stable build, I received
> this notice from Chrome:
>
> You attempted to reach *www.pcworld.com <http://www.pcworld.com>*, but
> the server presented a certificate issued by an entity that is not trusted
> by your computer's operating system. This may mean that the server has
> generated its own security credentials, which Chrome cannot rely on for
> identity information, or an attacker may be trying to intercept your
> communications.
>
> The certificate is for localhost.localdomain and may indicate a
> misconfiguration on the part of pcworld.com, but I don't have contact
> information for them, at least not contact info for someone who would know
> what I'm talking about. ;)
>
> Might need to push out an update for the pcworld.com rules. Thanks!
>
> Regards,
>
> Brian 'geeknik' Carpenter
> https://twitter.com/geeknik
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/https-everywhere-rules/attachments/20140311/f654f9af/attachment.html>
More information about the HTTPS-Everywhere-Rules
mailing list