Security Certificate

[Oldddudders]

Today I have on several occasions had a Windows security message saying it had blocked this website from displaying content with security certificate errors. The page has loaded correctly to my mind, and when I opt to accept the page with the suspect content, I regret I cannot see what has changed. Probably not important, but maybe something to do with banner ads?

[gordon s]

Had exactly the same thing Ian. If it will help it was static.ak.facebook.com...I'm on an iMac, but it seems to affect ipads as well...

 

http://www.ipadforums.net/ipad-3-forum/76565-static-ak-facebook-com-help.html

[Kenton]

Nope not seen it - but then facebook is a blocked site for me and anyway such multiple derived domain names are always blocked as suspect.

 

You really should never say yes to anything until you know what it is and where it is from or how it might muck up your PC.

[gordon s]

You're OK Kenton, I would never say yes to anything until I had checked it out first. I cleared it by logging out and shutting down. No sign of it since...

[Derekl]

I have no idea what does this, but I have noticed it consistently on my current firm's intranet, and at the last place I worked. Since these are internal documents, one can assume that they are "safe". I guess it is something that excites Microsoft security for some reason. Makes it fairly useless, as you get used to the false alarms, and then, of course, it is serious, and you ignore it.....

[Gwiwer]

As of 15.30 local time today (05.30 UK time) all pages requested on RMweb produce the alert message shown in my screen capture below. This does not happen with any other site and I only have RMweb and my home Gmail inbox page open. The same message shows when clicking a Gmail message linking to RMweb but not to any other site.

 

FWIW I use Safari 6.0.1 running on OS X 10.8 (Mountain Lion) and have never seen this message before.

 

It does not occur if I open any of my authorised Facebook links or pages.

 

[Gwiwer]

By way of supporting the thought that all may not be well when I posted the above the message came back along with the address copied from the window at the top of the page.

 

https://static.ak.face book.com/connect/xd_arbiter.php?version=11#channel=f52799f4&origin=http%3A%2F%2Fwww.rmweb. co.uk&channel_path=%2Fcommunity%2Findex.php%3F%2Ftopic%2F63301-potential-security-issue%2F%26fb_x d

_fragment%23xd_sig%3Dfa787ab14%26

 

Please remove spaces from the above which are inserted to permit full text to be displayed

[gordon s]

You were not alone, Rick. Thanks for posting additional info.

 

http://www.rmweb.co.uk/community/index.php?/topic/63277-security-certificate/page__fromsearch__1

[Andy Y]

I have not seen anything arise at this end but I will consult with the IT department. I'm not sure what could be triggering it on all pages (I could maybe understand if it were pages on which I'd posted with the facebook link in the signature) and I wondered if it were just Safari related but I don't think you use Safari Ian?

[Gwiwer]

This topic http://www.rmweb.co.uk/community/index.php?/topic/63301-potential-security-issue/#entry821935 belongs here. I had looked first before posting but there seemed to be an issue accessing parts of the Recent and Forum Rules histories as well.

[gordon s]

Just in case you missed it Andy, there's a bit more info here from Rick in Oz...

 

http://www.rmweb.co.uk/community/index.php?/topic/63301-potential-security-issue/page__fromsearch__1

[Andy Y]

Thanks Gordon, I've merged them together now.

[trisonic]

I use Safari and have not seen it over here.

 

Best, Pete.

[Oldddudders]

No, I'm a plain vanilla IE9 (I think?) user. Have not now seen this pop-up since late afternoon yesterday. Am also a Facebook user where no issues noticed.

[shortliner]

I'm on IE8 and haven't seen any security notice appear - however about halfway down the new posts page a banner ad for Arcadia Rail has appeared - just below the USA & Canadian section - and that arrived about the same time that the posts about the security certificate appeared. May be purely a coincidence

[Andy Y]

I'm on IE8 and haven't seen any security notice appear - however about halfway down the new posts page a banner ad for Arcadia Rail has appeared - just below the USA & Canadian section - and that arrived about the same time that the posts about the security certificate appeared. May be purely a coincidence

 

It's definitely a coincidence, there's a banner ad for Arcadia which appears on the index page (not new posts) and above the listings in the Continental section.

[Kenton]

No, I'm a plain vanilla IE9 (I think?) user. Have not now seen this pop-up since late afternoon yesterday. Am also a Facebook user where no issues noticed.

 

That is because you have already accepted it

when I opt to accept the page with the suspect content

 

So if it was malicious (or more likely just a tracker) it is too late, they have already been let in. Microsoft have gone to the trouble of providing a security warning for suspect/corrupted certificates (a critical part of the security gateway) by ignoring their warning you have handed facebook the keys to the gate. (assuming it was genuine facebook, the contrived url doesn't look like it)

 

I would take steps to at least revoke this certificate asap.

[Andy Y]

I've been doing a bit of digging as I didn't want Kenton's alarm bells to make anyone stop and search their postman before they walk up drive without full PPE.

 

From http://revealingerrors.com/akamai_ssl

 

a248.e.akamai.net is the name of a server that belongs to a company called Akamai. Akamai, while unfamiliar to most Internet users, serves between 10 and 20 percent of all web traffic. The company operates a vast network of servers around the world and rents space on these servers to customers who want their websites to work faster. Rather than serving content from their own computers in centralized data centers, Akamai's customers can distribute content from locations close to every user. When a user goes to, say, Whitehouse.gov, their computer is silently redirected to one of Akamai's copies of the Whitehouse website. Often, the user will receive the web page much more quickly than if they had connected directly to the Whitehouse servers. And although Akamai's network delivers more 650 gigabits of data per second around the world, it is almost entirely invisible to the vast majority of its users. Nearly anyone reading this uses Akamai repeatedly throughout the day and never realizes it. Except when Akamai doesn't work.

Akamai is an invisible Internet intermediary on a massive scale. But because SSL is designed to detect and highlight hidden intermediaries, Akamai has struggled to make SSL work with their service. Although Akamai offers a service designed to let their customers use Akamai's service with SSL, many customers do not take advantage of this. The result is that SSL remains one place where, through error messages like the one shown above, Akamai's normally hidden network is thrust into view. An attempt to connect to a popular website over SSL will often reveal Akamai. The White House is hardly the only victim; Microsoft'sBing search engine launched with an identical SSL error revealing Akamai's behind-the-scenes role.

Akamai plays an important role as an intermediary for a large chunk of all activity online. Not unlike Google, Akamai has an enormous power to monitor users' Internet usage and to control or even alter the messages that users send and receive. But while Google is repeatedly --- if not often enough --- held to the fire by privacy and civil liberties advocates, Akamai is mostly ignored.

 

So it appears to be innocuous and a mismatch caused by various routings, normally related to Facebook (as it most commonly seems to crop up in connection with them as seen from other sources) and isn't anything directly related to RMweb or our servers.

[Kenton]

But the problem appears to be facebook related rather than Akamai - though they make be related or indeed one in the same. If Akamai is so big and widespread you would have thought that they would have had the incentive and resource to work with Microsoft to prevent the exposure to the common user who will have no knowledge of such goings on. The vast majority of users place their trust in Microsoft in such a way that they do not expect such warning messages to flag up unless they are important. They also expect (or should do) such messages to be clear and understandable in what action to take. Refusal of broken/corrupted certificates in this case. I know my trust level is pretty low (if existent at all) for the powers that be on the internet, but I trust Microsoft's alert messages way above some publicity statement by a self-admitting 'dark' corporation.

[gordon s]

"Scuse my ignorance, but I'm using a Mac so surely I have no link to Microsoft....or is it much further up the line as it were? Would a Mac still see it even then?

[Kenton]

Gordon my response is to the OP which I believe suggested "Windows" implying Microsoft. I know nothing about how Apple handles internet Certification but I 'guess' that they take similar precautions over security and the issuing and validation of certificates. This would seem to be the case as you saw a similar message on your Mac. I'm not opening the wider debate on Mac vs Windows just trying to emphasise that if the core OS software on a PC is shouting warning messages then something must be wrong and you ignore them at your peril. It is a bit like all those annoying bug fixes issued almost daily to plug leaks in the software, they might be a nuisance and we might wonder at the state of the mess created that allows them in the first place but once identified the fix is usually better than ignoring it.