Query on security certificates (possibly OT)
Roland Perry
lists at internetpolicyagency.com
Fri Jun 15 17:55:38 BST 2012
In article <52a03781f1rl.hird at orpheusmail.co.uk>, Roger Hird
<rl.hird at orpheusmail.co.uk> writes
>On Monday morning I logged on to find myself able to get to my
>account page at https://secure.ANONYMISED.co.uk...etc but with a
>large part of the page obscured by messages from Firefox warning
>me not to trust the site, with the "technical details":
>
> "trading.ANONYMISED.co.uk uses an invalid security
> certificate. This certificate is only valid for
> www.ANONYMISED.co.uk"
>
>Later in the day a notice appeared on the brokers own log-in page
>saying that software updates over the weekend had led to browsers
>giving the warnings I'd quoted but asking customers to ignore
>them.
>
>I queried with the firm whether it was good practice to urge us
>to use a supposedly secure site that could not present a valid
>certificate. I got an email reply which confirmed that there were
>"technical difficulties with the security certificate not
>recognising [their] secure website" but avoiding answering my
>question .
>
>Am I just being pedantic or should I have doubts about using the
>site under such circumstances - or their advising customers to do
>so? The warnings have now disappeared.
This is a pet peeve of my own too.
Earlier this week I received similar "false positive" warnings when
invoking the Sky-subscriber authentication page of an O2/Cloud wifi
hotspot.
yfrog.com/ki2pocp
yfrog.com/g0ue3p
yfrog.com/h0jmbdp
[I don't have a Sky subscription, I pressed it by accident; one of the
perils of having a small Android phone and not taking my reading glasses
with me].
I have a collection of similar Snafus. This one is a favourite:
yfrog.com/nb79ioj
--
Roland Perry
More information about the ukcrypto
mailing list