On Wednesday 18 Mar 2015 03:53:57 Fernando Rodriguez wrote: > On Tuesday, March 17, 2015 4:49:54 PM walt wrote: > > I get a certificate verification error when visiting https://www.att.com > > using firefox-36.0, but not when using chrome-41.0.2272.76. > > > > Anyone else see the same with firefox-36? > > > > BTW, I tried the latest firefox in a Win7 virtual machine and I was > > shocked to see that firefox was updating itself when I was logged in > > as an unprivileged user (i.e. *not* an Administrator). Are the idiots > > at M$ *really* that stupid? They've learned nothing, apparently, since > > Win 95 :( > > > > BTW, the Win7 firefox also flagged an error when visiting the web site > > I mentioned above, but the error was displayed so subtly that I would > > have missed it if I hadn't been looking for it specifically. Very bad > > behavior. > > Technically the issue is with att's SSL certificate. It may be that they > got a cheap certificate (meaning it's provides encryption but the CA did > not verificy that ATT is a legit company) or it may be an issue with the > certificate. > > It doesn't give any warning for me, it just shows an exclamation next to > the address and the latest chromium does the same (it shows a triangle) > and it gives you more info: "The identity of this website has been > verified by Verizon Akamai SureSever CA G14-SHA1 but does not have public > audit records." > > If you're concerned about it contact AT&T and let them know.
I also don't see a (pop-up) warning on Firefox 31.5.0 and Chromium 41.0.2272.76, but both browsers complain for two things by means of exclamation marks in their address bar: 1. Some components on the page (pictures) are not secure. It is common practice to load pictures from a picture library on a different server to where the main web page content is served, but they should secure all content with the same keys to avoid confusion. 2. The lack of Audit records for the wildcard certificate the site is using. This is a new security check and relates to certificate transparency, which aims to protect us from rogue or compromised CAs: http://www.certificate-transparency.org/what-is-ct -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
