Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

previously secure (https) websites no longer secure


  • Please log in to reply
13 replies to this topic

#1 mrb5162

mrb5162

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:21 PM

Posted 11 September 2015 - 03:01 AM

Let me start by saying that lately my bank website, Norton Safesearch and even your website appear to have replaced their secure certificates with outdated or insufficient security. Usually in these cases the https in the address bar is crossed out or has a yellow          ! triangle. If you click on that triangle or crossed out space you will see a grey box that says "your connection to this site is not private". My connection is a private home network as opposed to public. It used to say "you have not visited this site before today" but that phrase is no longer there. Of course I've gone to these sites before. In the grey box there is a tab titled 'connections'. Click on that and it says '! The identity of this website has not been verified' and '! Your connection to www.xxxxxxx.com is not encrypted'. These sites normally have the green bar in the address bar indicating a secure connection. Clicking on the green bar will give you the same grey box, only this time it says "Your connection to this site is private" and it will tell you 'the identity of this site has been verified by [name of certificate]. Valid Certificate Transparency supplied by the server'. It will say 'your connection is encrypted using an obsolete cipher suite, or [...encrypted using a modern cipher suite]. Both are followed by specific connection and encryption information, i.e. TLS 1.2.

 

Now let me get to the brass tacks. I have been to bleepingcomputer.com at least 3 times trying to get the right information to the right people. Can I please talk to someone who knows what a "man in the middle" vulnerability is??? Because it seems no one knows what it is except some people on computerworld.com and some other tech sites and forums. And me. I've been reading about this for several months but have been having problems for about 2 years. No one seems to know "what's wrong" with my computer. The answer seems to be "nothing". I've seen 2 local computer repair shops who all claim I am cured. I've reset and refreshed several times. I've gone through the battery of scans and cleaners and repairs with your techs, never really understanding what all those logs are telling us. (last month I worked for weeks with a tech on your site, had long logs and reports and was told to do more scans etc. Things got better for 7-10 days before this security issue began again, along with several other recurring problems-now these same scans are generating very short nondescript logs/reports if any). I have sent many screen shots of strange activity. I don't really know if anyone looked at them.

 

Let's stop here and see where this takes us rather than me writing a book on the subject of my computer woes needlessly. I would like to refer you to this website article that I read, the most information like mine that I have seen except my problems did not start out with the programs these did. I've never heard of these. So ask as many questions as you like, I'll give you whatever information I have. I'm soooo tired of this!!! 

 

http://www.computerworld.com/article/2887654/secure-advertising-tool-privdog-compromises-https-security.html

 



BC AdBot (Login to Remove)

 


#2 crisis2k

crisis2k

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 14 September 2015 - 12:06 PM

how are you mrb5162 i have readed you history and symptoms i am not such a good one but if you want it then maybe i can help you

do you really having those symptoms about 2years? i guess it is very painful for everyone 

first i want to know about few points

 

1. which windows version/bits/patch number do you use at this time

 

2. which browser name/version do you using at that you having problems

 

3. do you have ever formatted system and reinstalled windows at once?

 

4. if you have formatted system and then same problem persisting after reinstall windows?


:welcome: My Name is Philip You Can Call Me Phil
Thank You I'll be there anytime you need help :rolleyes:


#3 mrb5162

mrb5162
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:21 PM

Posted 17 September 2015 - 06:18 PM

Hi Crisis2k

 

Yes I have had this problem for approximately 2 years. I have wiped windows and reinstalled twice, most recently 5-6 months ago. I have run a bazillion (sorry-lots of) scans in another topic 'ip_tunnels, vbus and other virtual functions' but I think they're tired of me. I don't think they found much in my logs, they didn't say. But my computer ran really well for about a week, even so I was very nervous about using it. Then I started having trouble getting secure websites again. In fact some sites will refresh by themselves and then will have lost the green bar that indicates a secure site. In place there is a little white square that looks like a piece of paper. If I click on that it tells me my connection to this sight is not private, (my wifi connection is set to private) 'others' may be able to see 'your data'. For example this very page I'm on right now tells me this site is 'not encrypted' and 'the identity of this site has not been verified'. Another tab here lets me see cookies blocked and cookies allowed. This is a shortened version of the message I used to get when clicking here. It used to tell me that I had never visited this site before, or the last time I did was that day's date. This was incorrect. It used to say sometimes that the site was using outdated encryption like tsl[tls?] 1.2.1 or 2.1. Anyway, now in addition my cursor sometimes acts strange-it won't move at all and then just a little bit, then it will shoot across the page in the direction I want it to go, sometimes it will go, but then jump back as soon as I lift my finger from the touch pad, but most of the time it's fine. Oftentimes the page that I'm on will take a long time loading, then lose the connection with the message 'name not resolved'. Then the page will load but on a previous page, like the home page of the site. Sometimes I'll get a message saying I am not connected to the internet, but the icon in the notification area says I am and the Network information in PC Settings shows Connected. I will send a screen shot of this to clarify if you'd like. It is doing this quite often although not together with any other symptom. Today I noticed that some of the "available" networks in my neighborhood are checked to automatically connect. I have been careful to make sure that none of the connections are set to automatically connect, per some previous advice. And even though they are set for automatic connection, they never try to connect as far as I know. They couldn't anyway because the signal is too weak. 

If this isn't too complicated I will note that my computer is a Toshiba, Windows 8.1, 64 bit. I don't see a patch number. I use Chrome exclusively, v 45.0.2454.93 with Gmail. I'm not sure what formatting is exactly. When I say I wipe Windows I go through the Control Panel, Recovery and do a reset, then re-install Windows. After which things are great for about 2 weeks or so.

I recently had our Internet Server company replace our router and re-configure it. When I started having problems after that, I came to Bleeping Computer. There is a lot of information and logs at my other topic ip_tunnels, vbus and other virtual functions. I started out with those because the first unusual thing I noticed when I started having trouble was a virtual network adapter that had never been there before. Then there were virtual settings and remote settings all over. I am sure whatever is wrong has to do with that. I have never used anything virtual, hyper-v or remote, all those settings had been disabled or stopped long before I had trouble. Suddenly they were all active and running. At one time I actually had an "unknown user".Also a new user with my user name + 2 was created and took over admin privileges. It locked me out of most of my files. Much of this has been repaired but I still battle tunnels, hyper-v services, the new user and remote networks. One of the weirdest things ever was when my settings showed I was connected with a wired connection, yet my only access to a wired connection was an ethernet adapter that was disabled. That one is a mystery. The article referenced in my first post describes much of my situation exactly. It seems most people have never heard of a "man-in-the-middle" intrusion. Or won't address it. 

Sorry you replied to my post? I hope not.

 

Thank you!



#4 crisis2k

crisis2k

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 18 September 2015 - 04:20 AM

Thank You for your information

 

1. I'm not sure about windows 8.1 that's why i asked you about windows what you using

 

2. please open c:\windows\system32\drivers\etc\hosts file by notepad and then post contents of notepad

 

3. do you have only using chrome browser? nothing else? try to surf same page with firefox if you can please

    only those problems appears on specific pages or all kind of pages? is that pages using SSL or Simiar Module?

 

4. you said your router resetted twice right? and did you setup router security protocol to WPA2 right?

    and you have changed router access password to diametrically one?

    do you have only using router or any else network devices (like settopbox, modem) 

    if you have settopbox or modem then you have to reset all of these

    

5. and your "wiped windows" means high level format or low level format

     i mean did you formatted disk by just "format c:"

    or did you full erased disk by low level formatter?

 

6. your computer using Bios or Uefi?(forget this asking if you don't know what it is)


Edited by crisis2k, 18 September 2015 - 04:34 AM.

:welcome: My Name is Philip You Can Call Me Phil
Thank You I'll be there anytime you need help :rolleyes:


#5 mrb5162

mrb5162
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:21 PM

Posted 21 September 2015 - 04:28 PM

A lot of questions :)

 

I think this is the file you're looking for:

 # Copyright © 1993-2009 Microsoft Corp.

#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host
 
# localhost name resolution is handled within DNS itself.
# 127.0.0.1       localhost
# ::1             localhost
 
127.0.0.1       localhost
 
 
* I will try Firefox and let you know what happens. I only use Chrome. I don't think I even have Firefox on my computer.
 
* Router is WPA2, yes. I'm sorry I don't know what a diametric password is. We use what the installer told us to use. alpha and numeric. We have no modems, just an extender (I think they call them repeaters sometimes) That is also new and was setup with the new router. 
 
*When I wiped Windows I used the reset function in the control panel under Action Center/Refresh. I didn't "format" it as in Drive C/format. However if you consider "format" to mean "erase", I only "erased" drive c. I did not have a recovery drive set up, or formatted at all. I set up the recovery drive after I reinstalled windows recently. I do not have any other kind of drive. So from what your saying, it sounds like it would be like a low level format. I think. Sorry I'm not familiar enough with the terminology. I hope this description helps.
 
* From what I know it is BIOS (as in boot internal operating system?) I've never heard of Uefi.
 
  
Does that help?


#6 mrb5162

mrb5162
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:21 PM

Posted 21 September 2015 - 04:39 PM

I don't have any other browser. Just IE. Should I download something?



#7 crisis2k

crisis2k

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 21 September 2015 - 06:46 PM

Thank you for your information

 

Ok now let's run Firefox for test

 

1. please download Firefox and then finish install it

 

2. run firefox as adminstrator on desktop and surf that page has symptoms

    and check the still symptoms occurring or not.


:welcome: My Name is Philip You Can Call Me Phil
Thank You I'll be there anytime you need help :rolleyes:


#8 mrb5162

mrb5162
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:21 PM

Posted 21 September 2015 - 07:05 PM

The firefox installation is importing from chrome and it's taking a while. I'll let you know as soon as I have something for you!



#9 mrb5162

mrb5162
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:21 PM

Posted 22 September 2015 - 01:24 AM

The firefox installation is importing from chrome and it's taking a while. I'll let you know as soon as I have something for you!

Finally got firefox installed. What a pain-I will delete it again when I'm done with it. It is really difficult to tell for sure if I'm having the same problem. I almost never get the same page twice. There are pages I know should be secure and are not-even the firefox information in the address bar says bleeping computer is not encrypted and I have not visited it before. There is only one page I can find in the Norton/Symantec group that is encrypted. There are very few pages at all that show the green box for a secure site. I found only two. Mozilla search page and the one Symantec page. Many say https:// but there is no green box with it. Sometimes the https page has the lock symbol in the address and sometimes it doesn't Usually the information does not say if it's encrypted or not, only that the page has been varifed by Verisign. Only bleeping computer page shows anything about cookies. Definitely not a complete list of cookies. And boy does Mozilla let in a lot of cookies! It takes pages forever to load because of all the cookies. I can't say mozilla acts exactly like chrome but I think it's safe to say the problem with secure vs. unsecure is about the same. mozilla as a whole kept going in circles from one search page to the next and if you wanted more information than your current page offered and you clicked a link or something you were back at a search page. Horrible!



#10 crisis2k

crisis2k

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 22 September 2015 - 01:59 AM

please check your windows 8.1 patched most of all patchs and check your windows time is correct or not

don't import settings from chrome i mean you have to run firefox with basical firefox settings

reset all settings of firefox and run firefox for test again please

it almost looks like security module problem like SSL


Edited by crisis2k, 22 September 2015 - 02:40 AM.

:welcome: My Name is Philip You Can Call Me Phil
Thank You I'll be there anytime you need help :rolleyes:


#11 mrb5162

mrb5162
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:21 PM

Posted 22 September 2015 - 11:37 AM

I'm sorry I don't know how to check patches. Is that what we call updates maybe? What am I looking for when I am checking.


Sorry-should I delete the firefox I have and start over with a new download?



#12 crisis2k

crisis2k

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 22 September 2015 - 11:48 AM

Yes delete Firefox completely and install firefox again

dont click "Yes"  on "import settings from chrome" window at first time you run firefox

and yes patchs what i say is your windows updates.

but at this time you don't need to check installed updates anymore.


Edited by crisis2k, 22 September 2015 - 11:51 AM.

:welcome: My Name is Philip You Can Call Me Phil
Thank You I'll be there anytime you need help :rolleyes:


#13 mrb5162

mrb5162
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:21 PM

Posted 22 September 2015 - 11:52 AM

OK



#14 mrb5162

mrb5162
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:21 PM

Posted 22 September 2015 - 09:32 PM

So now what do I do? I need a new helper desperately. My computer seems fine although completely reset to all defaults. That doesn't necessarily mean it's fixed, in my experience. What do I run now to get a clean report and feel safe? It's possible I may have downloaded something I shouldn't have today in my stupidity. Or do I just have to wait to see if things start to go wrong again? Should I trust Adware Cleaner and Ultra Adware Cleaner to have actually fixed everything? It all seemed legit but I was working from a site I'm not familiar with. There's that stupidity factor. Anybody have any words of encouragement that might make me feel a little better? I hope I'm not starting all over with something new. Thanks in advance.  :(






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users