Results 1 to 7 of 7
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Derby, United Kingdom
    Posts
    18
    Thanks
    10
    Thanked 0 Times in 0 Posts

    Large number of websites being flagged as insecure!

    This morning my wife found that she was unable to get into a large number of websites (including many she regularly visits such as google.co.uk) using Firefox under Windows 7 due to the error message:

    "Your connection is not secure
    The owner of www.google.co.uk has configured their web site improperly. To protect your information from being stolen, Firefox has not connected to this web site.
    This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate."

    A similar error message is given by IE:

    "There is a problem with this website’s security certificate.
    The security certificate presented by this website was not issued by a trusted certificate authority.
    Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
    We recommend that you close this webpage and do not continue to this website."

    Although most of the websites we've tried give the error, not all do. For instance bbc.co.uk loads without issue.

    I initially thought it was a Windows 7 issue, as both my Windows 10 laptop and desktop were working without problems. However, having just updated to Firefox 63.0.1 on my laptop I'm now getting the same problem on that in Firefox, Chrome and Edge!

    I'm posting this from my desktop, which I think is running an earlier version of Firefox, and is working OK. I can't post it from the laptop as this forum is one of the affected sites!

    I have found an article dated 7 February 2018 in The Register headed "Beware the looming Google Chrome HTTPS certificate apocalypse!" which stated that Chrome and Firefox were to list all Symantec certificates as not being trustworthy from October, but surely major websites will have taken steps to obtain alternative certificates by now?

    Does anyone know what is causing our problems, and whether there is a workround?
    PFV

  2. #2
    Administrator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,952
    Thanks
    491
    Thanked 658 Times in 546 Posts
    I'd reset the router first, it's possible it's been hacked and hijacked.

  3. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    Derby, United Kingdom
    Posts
    18
    Thanks
    10
    Thanked 0 Times in 0 Posts
    I have reset the Virgin Hub (cable modem router), without any effect.
    PFV

  4. #4
    Administrator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    7,041
    Thanks
    125
    Thanked 855 Times in 762 Posts
    See if anything here helps:
    https://support.mozilla.org/en-US/questions/1130326

    Jerry

  5. The Following User Says Thank You to jwitalka For This Useful Post:

    pfvincent (2018-11-01)

  6. #5
    New Lounger
    Join Date
    Dec 2009
    Location
    Derby, United Kingdom
    Posts
    18
    Thanks
    10
    Thanked 0 Times in 0 Posts
    Thanks for that link. The issue seems to be Bitdefender! The article only deals with Bitdefender 2015 and 2016, whereas the current version is 2019.
    However, it lead me to Google how to turn off the Scan SSL in the latest version and that seems to have solved the problem.
    I shall have to raise a support ticket with them, as I don't want to leave it off permanently, and the way it suddently cropped up implies it is a recent update that's caused the problem..
    PFV

  7. #6
    Administrator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,952
    Thanks
    491
    Thanked 658 Times in 546 Posts
    This 'fad' of AVs taking control of browser connection security really isn't a good idea.

  8. The Following 5 Users Say Thank You to satrow For This Useful Post:

    dg1261 (2018-11-02),Lugh (2018-11-02),pfvincent (2018-11-02),Rick Corbett (2018-11-01),wavy (2018-11-04)

  9. #7
    Administrator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    3,615
    Thanks
    160
    Thanked 1,001 Times in 798 Posts
    Quote Originally Posted by satrow View Post
    This 'fad' of AVs taking control of browser connection security really isn't a good idea.
    Good link to an excellent explanation.

  10. The Following User Says Thank You to Rick Corbett For This Useful Post:

    dg1261 (2018-11-02)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •