Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Your connection is not secure - am I vulnerable to a MITM attack?


  • Please log in to reply
No replies to this topic

#1 Mutlz

Mutlz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 12 March 2017 - 03:57 AM

Hi all, I'd be grateful for some advice on my situation. 
 
I'm using Mac OSX 10.8.5 (I know I need upgrade as soon as I poss, currently travelling).
 
I starting seeing "connection not secure" browser error dialogue when trying to open facebook, instagram, skype. But opened my bank's portal no problem.

 

rkLZmn.png

 

 

 

Same behaviour in FF, Chrome and Safari. Sometimes it would redirect and display an OpenDNS error page instead. I couldn't pick a pattern for why. Google search started prompting me to verify that I'm human.

 

FRMQyQ.png

 

The problem disappeared when I found and removed OpenDNS addresses from my DNS settings. But prior to that I had taken a bunch of steps (listed below). Subsequently I've removed Spigot adware from my system. 

Now I'm not sure if I'm vulnerable to a MITM attack, or if the problem is resolved. 

In particular, I'm not sure how the OpenDNS addresses got added to my DNS settings. Could it be the Spigot adware?

 

Steps I've taken:

  • Checked that pages that produced the "not secure" error load with my phone and a different computer on the same wifi network. They do. So not a router issue
  • Timezone, date and time are correct
  • Updated Java
  • Disabled all browser plugins
  • Firefox, browser I use every day - cleared cache and offline files
  • scan with clamxav (2016 version, updated definitions, no infection found)
  • scan with knock-knock (current ver, no infection found)
  • At this point found OpenDNS addresses and removed them. 
  • scan with Avast 12.5, found and removed 
    • searchme@mybrowserbar.com.xpi
    • Spigot-O "YahooEngine.xml"
    • Several Spigot files already sitting in Malwarebytes "removals" folder
  • Checked for Avast CA untrusted certificate - not present (but Avast is using MITM, switching in its own trusted certificate)
  • Downgraded anti-malware bytes to 1.2.4 (1.2.5 requires OSX 10.9 or later, apparenty), found and removed "adware.Spigot"

I'd appreciate some help on this! 

 

Many thanks

 

 

 



BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users