[Dshield] 0wnlng Windows machines

Cefiar cef at optus.net
Mon Feb 26 04:05:30 GMT 2007


On Monday 26 February 2007 14:05, Tony Earnshaw wrote:
> MaXX wrote, on 26. feb 2007 02:10:
> > I do have the problem
> > Konqueror 3.5.2 - FreeBSD 6.2 : Certificate signing autority unknown or
> > invalid Firefox 2.0.1 - FreeBSD 6.2: Unable to verify if the site is
> > trusted...
> >
> > You probably added yourself as a trusted authority, which is not the case
> > for other people...

Basically it's because the cert is self-signed. IN regards to IE7, it includes 
stuff that complains a lot more about self-signed certs (as, well, anyone can 
make one). It's nothing more than the new IE7 way of showing up what they 
consider "bad certs". The first time you see it, it can seem quite alarming, 
especially for the unknowledgeable.

Just so you know, when I go to the page with IE7, I get a page warning me 
about going to the page in question (titled "Certificate Error: Navigation 
blocked", and without a way to view the details of the certificate it's 
rejecting I might add!). On this page, if I click on the link that has a 
little red shield with an X next to it that says "Continue to this website 
(not recommended).", it takes me to the actual page.

On the page itself, the entire title bar is red/pink and there is a box next 
to the URL bar that has the same little red shield with an X in it and next 
to that it says "Certificate Error". If I click on it, I get the following 
text:

"The security certificate presented by this webpage was not issued by a 
trusted certificate authority.

This problem may indicate an attempt to fool you or intercept any data you 
send to the server.

We recommend that you close this webpage."

Of course, if you check the certificate validity and then decide that you do 
want to trust it, you can click on the "View certificates" link at the bottom 
of the dialog and then click on the button marked "Install Certificate". Of 
course, at this point you've basically done the same as if you'd copied the 
certificate and installed it yourself.

-- 
 Stuart Young - aka Cefiar - cef at optus.net


More information about the list mailing list