Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bogus Security Certificate


  • Please log in to reply
22 replies to this topic

#1 alanem

alanem

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport Merseyside UK
  • Local time:01:39 PM

Posted 08 December 2014 - 06:44 AM

Hi   Whenever I attempt to connect with Google I am told that they have an invalid security certificate and when I look at their details in Certificate Viewer  it says  “Built in object Token: Bogus Google” and the certificate expired 14/3/14.   How can I correct this in Windows 8.1.   Thanks



BC AdBot (Login to Remove)

 


#2 Angoid

Angoid

  • Security Colleague
  • 299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:East Midlands UK
  • Local time:01:39 PM

Posted 08 December 2014 - 07:37 AM

Hi alanem, not quite sure there is enough information in your description but first things first:

 

1) Make sure the date/time is set correctly.  having an incorrect date/time can cause certificate errors

2) What URL are you browsing to?  Is the URL changing when you enter it?  Try https://www.google.com (https:// instead of http://)

3) What about if you point a browser session to https://encrypted.google.com/

4) What browser are you using?

5) Can you try a different browser, and do you get the same results?

6) Are other search engines (such as yahoo) affected, or is it just Google?

7) Have you recently observed untoward behaviour on that computer (that could have installed malware)?


Helping a loved one through a mental health issue?  Remember ALGEE...

Assess the risk | Listen nonjudgementally | Give reassurance and info | Encourage professional help | Encourage self-help and support network

#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 PM

Posted 08 December 2014 - 11:27 AM

Is this with Firefox?

 

Are you on a corporate network?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 PM

Posted 08 December 2014 - 11:32 AM

Was this certificate issued by "UTN-USERFirst-Hardware"?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 alanem

alanem
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport Merseyside UK
  • Local time:01:39 PM

Posted 08 December 2014 - 03:16 PM

Many thanks to all for your interest and I can only apologise for the fact that despite having not done anything suddenly I can now contact Google.  There has been no change to their certificate and it is still as described so it will probably go wrong again as soon as I finish this post.

 

In the meantime here are some answers to the questions

 

1.Time and date in synch

2. I was using google search in Firefox.

3. Can't comment at the moment.

4. Firefox  34.0.5.

5. IE and Yahoo search gave same result...could not contact google

6. This is a new laptop and I have been using google search to clear out bloatware.

 

Not on any network

 

The certificate was issued by  UTN-USERFirst-Hardware and on closer inspection there were some some strange things ...organisation   "Google Ltd Tech Dept" and it expired 14.3.2014.  This doesn't seem right but everything seems to be working at the minute so....

 

Thanks again



#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 PM

Posted 08 December 2014 - 05:27 PM

This is surprising.

 

This is a fraudulent certificate which has been revoked. The attacker that obtained this certificate is believed to have operated from Iran.

https://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html

 

Mozilla blocks this certificate by hard-coding the serial number in a blacklist used by Firefox.

https://blog.mozilla.org/security/2011/03/25/comodo-certificate-issue-follow-up/

 

How are you connecting to the Internet?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 PM

Posted 08 December 2014 - 05:30 PM

In Firefox, if you go to the menu: Tools / Options

Then to the tab Advanced / Certificates

Then button View Certificates

Then tab Servers.

At the bottom of the list you will find the black-listed certificate.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:39 AM

Posted 08 December 2014 - 06:49 PM

And Microsoft Security Advisory 2524375 relating to this issue was released several years ago.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 alanem

alanem
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport Merseyside UK
  • Local time:01:39 PM

Posted 08 December 2014 - 07:20 PM

Well done I checked the serial numbers and they correspond with the certificates I've got listed.  When I was blocked on my laptop I used an old PC then as I say all went back to normal.  I have since found a valid certificate issued to Google Inc by "avast! Web/Mail Shield Root" so I assume this is getting me through.  I've not used any of the other search engines to try for Google so I don't know if they still remain blocked.   What happens now?   Do I just forget it? 



#10 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 PM

Posted 08 December 2014 - 08:32 PM

You have Avast running on this machine?

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#11 alanem

alanem
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport Merseyside UK
  • Local time:01:39 PM

Posted 09 December 2014 - 05:51 AM

Yes and I'm grateful for that.     I downloaded Google from from their website but this is a new laptop and I have been downloading/installing a lot of stuff and I can't point to anything specififc.  Do you have any ideas on how these fake certificates could have arrived?  Can I delete them or somehow stop Firefox referring to them again in the future?  It's really only academic now as I can access Google as normal but..... 

 

Thanks again for your interest



#12 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 PM

Posted 09 December 2014 - 08:21 AM

What do you mean that you downloaded Google crom their website?

And it's not normal that this revoked certificate came from a website you visited.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#13 alanem

alanem
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport Merseyside UK
  • Local time:01:39 PM

Posted 09 December 2014 - 08:33 AM

Sorry as I say I've been doing a lot of stuff lately and I got confused with opening a new Google account.   Any suggestions as to what I can do if it happens again as I fluked my way out of it this time?



#14 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 PM

Posted 09 December 2014 - 01:47 PM

This is confusing, I don't understand what you did exactly.

 

Anyway, if this happens again, view the fraudulent certificate and then export it (you can do this in Details).

And look in your dns cache (with ipconfig) for the IP address of the website you are visiting.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#15 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 PM

Posted 09 December 2014 - 02:22 PM

BTW, you didn't say what you did after you received this certificate warning.

Did you stop browsing?

Or did you continue and typed your credentials?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users