Internet security he%%...
-
I typically run multiple browser windows with multiple tabs, like a lot. I need therapy. Anyway, my customer has implemented some sort of weird firewall. About 90% of the websites I frequent - Microsoft, hardware stores, etc all report in flaming letters
Quote:
Your connection is not private Attackers might be trying to steal your information from www.lowes.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID
Now I'm fairly certain Lowes.com is fine. All of my browsers do this - Opera, Firefox, Chrome... is there some setting I missed? The common theme is that I only see this when I am inside my customer's network. If I fire up my VPN, there are no issues. Ideas?
Charlie Gilley <italic>Stuck in a dysfunctional matrix from which I must escape... "Where liberty dwells, there is my country." B. Franklin, 1783 “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
They have implemented SSL inspection on their Firewall (or Proxy). Basically the connection is secure between the website you're visiting and their edge device but they failed to provide you with a copy of the root certificate used by their edge device. Once you have the root certificate (and you actually trust the customers IT) then you'll cease getting that warning. At the same time however they have effectively man-in-the-middle attacked your connection, so what goes through that connection is a secret between you, the website your visiting, and your customer. Be wary of doing anything you'd actually want security for (eg Internet Banking).
-
I typically run multiple browser windows with multiple tabs, like a lot. I need therapy. Anyway, my customer has implemented some sort of weird firewall. About 90% of the websites I frequent - Microsoft, hardware stores, etc all report in flaming letters
Quote:
Your connection is not private Attackers might be trying to steal your information from www.lowes.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID
Now I'm fairly certain Lowes.com is fine. All of my browsers do this - Opera, Firefox, Chrome... is there some setting I missed? The common theme is that I only see this when I am inside my customer's network. If I fire up my VPN, there are no issues. Ideas?
Charlie Gilley <italic>Stuck in a dysfunctional matrix from which I must escape... "Where liberty dwells, there is my country." B. Franklin, 1783 “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
If I remember correctly in Chrome you can add the site to the HSTS ignore list: How to Disable HSTS in Chrome & Firefox | InfoSec Insights[^]
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
-
I typically run multiple browser windows with multiple tabs, like a lot. I need therapy. Anyway, my customer has implemented some sort of weird firewall. About 90% of the websites I frequent - Microsoft, hardware stores, etc all report in flaming letters
Quote:
Your connection is not private Attackers might be trying to steal your information from www.lowes.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID
Now I'm fairly certain Lowes.com is fine. All of my browsers do this - Opera, Firefox, Chrome... is there some setting I missed? The common theme is that I only see this when I am inside my customer's network. If I fire up my VPN, there are no issues. Ideas?
Charlie Gilley <italic>Stuck in a dysfunctional matrix from which I must escape... "Where liberty dwells, there is my country." B. Franklin, 1783 “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
Kiriander - not sure why your message would be flagged as spam, CP sent me the email notification. I know this customer is undergoing a couple of changes. There is a push to silo *everything* at corporate headquarters, so if you don't work there, you are rarely in the loop. They are also paranoid to the extreme, as someone got into their network a couple of years back. They still refuse to talk about it, no details, etc. Interestingly, the corporate policy is that you must open a ticket to receive IT support. About the only time I get a response on tickets is when I need my account unlocked. Ask a difficult question, and I rarely get a response. My feel is that they are severely overworked or understaffed - same difference. I only know the local folks.
Charlie Gilley <italic>Stuck in a dysfunctional matrix from which I must escape... "Where liberty dwells, there is my country." B. Franklin, 1783 “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
-
I typically run multiple browser windows with multiple tabs, like a lot. I need therapy. Anyway, my customer has implemented some sort of weird firewall. About 90% of the websites I frequent - Microsoft, hardware stores, etc all report in flaming letters
Quote:
Your connection is not private Attackers might be trying to steal your information from www.lowes.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID
Now I'm fairly certain Lowes.com is fine. All of my browsers do this - Opera, Firefox, Chrome... is there some setting I missed? The common theme is that I only see this when I am inside my customer's network. If I fire up my VPN, there are no issues. Ideas?
Charlie Gilley <italic>Stuck in a dysfunctional matrix from which I must escape... "Where liberty dwells, there is my country." B. Franklin, 1783 “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
-
I typically run multiple browser windows with multiple tabs, like a lot. I need therapy. Anyway, my customer has implemented some sort of weird firewall. About 90% of the websites I frequent - Microsoft, hardware stores, etc all report in flaming letters
Quote:
Your connection is not private Attackers might be trying to steal your information from www.lowes.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID
Now I'm fairly certain Lowes.com is fine. All of my browsers do this - Opera, Firefox, Chrome... is there some setting I missed? The common theme is that I only see this when I am inside my customer's network. If I fire up my VPN, there are no issues. Ideas?
Charlie Gilley <italic>Stuck in a dysfunctional matrix from which I must escape... "Where liberty dwells, there is my country." B. Franklin, 1783 “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
We have two things that interfere with our internet at my work. One is our network appliance that caches web pages locally for reuse. And the other is our web filter that blocks unwanted websites. Sometimes the SSL certs get screwed up if you're not logged in properly and that results in what I think you're seeing.
-
Just curious as to why you need access to Lowes.com while working for your customer on your customer's system? Perhaps I did not understand your post. Perhaps your customer sees you surfing the internet a lot on their network and has restricted non technical sites? Not sure.
Is there a proxy on the customer's network? I have seen this when a proxy exists, and all browsers send their HTTP and HTTPS connections through - if you do this, you have to install a certificate on the proxy. If that certificate does not exist or it is self-signed, you get those kind of warnings. Which means the "secure" connection is then from local browser to proxy, and the proxy establishes a new secure connection between itself and the actual site. Of course it allows eavesdropping ... anyone with access to the proxy can read all requests/responses in cleartext even if HTTPS. But some companies do this.
-
Is there a proxy on the customer's network? I have seen this when a proxy exists, and all browsers send their HTTP and HTTPS connections through - if you do this, you have to install a certificate on the proxy. If that certificate does not exist or it is self-signed, you get those kind of warnings. Which means the "secure" connection is then from local browser to proxy, and the proxy establishes a new secure connection between itself and the actual site. Of course it allows eavesdropping ... anyone with access to the proxy can read all requests/responses in cleartext even if HTTPS. But some companies do this.
I think you meant to reply to the OP, and not me.
-
That's what I'm thinking too. Old job did the same, and for whatever reason they could never figure out how to push cert updates to Firefox; so every time they fiddled with their MITM box I had to manually add the certs to my browser.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius
-
I typically run multiple browser windows with multiple tabs, like a lot. I need therapy. Anyway, my customer has implemented some sort of weird firewall. About 90% of the websites I frequent - Microsoft, hardware stores, etc all report in flaming letters
Quote:
Your connection is not private Attackers might be trying to steal your information from www.lowes.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID
Now I'm fairly certain Lowes.com is fine. All of my browsers do this - Opera, Firefox, Chrome... is there some setting I missed? The common theme is that I only see this when I am inside my customer's network. If I fire up my VPN, there are no issues. Ideas?
Charlie Gilley <italic>Stuck in a dysfunctional matrix from which I must escape... "Where liberty dwells, there is my country." B. Franklin, 1783 “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
Essentially they are logging/inspecting all traffic in the middle. BROWSER -> Proxy/Firewall -> Internat Website At the Proxy/Firewall side (it could be a IDS, IPS whatever) they are getting the data from the Internet Website, decrypting it, looking at it/storing it/ who knows, then passing the data on. Now, part of SSL (TLS these days) is not just encryption/decryption, but WHO you are/which websites. It is 'impossible', for your customer/Proxy to 'be' Lowes.com, so instead they re-encrypt the data with their own Certificate 'customerCA.com' for example, and say it's for the website 'Lowes.com'. So, the browser knows this, and says, but you went to Lowes.com, but the SSL cert is Signed by CustomerCA.com ... I'm not showing you this website, it's been hacked/broken etc. What everyone here means about 'installing the customer CA' is, that it's possible, to install 'CustomerCA.com' in a way, that makes it all ok for any website, so then when the proxy Generates new SSL Certificates on the fly/as you browse, for each website, your computer goes... yep, I trust CustomerCA.com, its all OK.... just like it does when it goes I trust LetsEncrypt CA, or VerisignCA etc. HOWEVER, that being said, I wouldn't install that thing, don't do anything on that connection. You want to setup your ROUTES on your system, so that only data for the customer's network goes via the VPN, and the rest goes via your 'standard' internet connection. This way, you get to browse Lowes.com all day long, but still be connected to the vpn, and secure. It tells the PC to go to the VPN for some traffic, and to your standard 'internet' for other traffic. The simplest way, it to tell the VPN adapter not to be your default gateway, but there are many ways to do this if you cant change it. https://pasteboard.co/KiKBxAZ.png[^]
-
Is there a proxy on the customer's network? I have seen this when a proxy exists, and all browsers send their HTTP and HTTPS connections through - if you do this, you have to install a certificate on the proxy. If that certificate does not exist or it is self-signed, you get those kind of warnings. Which means the "secure" connection is then from local browser to proxy, and the proxy establishes a new secure connection between itself and the actual site. Of course it allows eavesdropping ... anyone with access to the proxy can read all requests/responses in cleartext even if HTTPS. But some companies do this.
This... the error is essentially exactly what's on the label. Their proxy is re-encrypting the traffic and basically acting like a MITM. While it could just pass traffic back and forth, this means that is not what is happening. Rather, two different certs are being used for the SSL traffic like nepdev2011 described. They have full control over one of them. It doesn't definitely mean they're picking off the details of your Ashley Madison Lowe's use, just that they could be. With all the work from home, I'd guess a bunch more people are seeing this error lately as companies work to shore up their security.
