Sunday, August 6, 2017

"Your connection is not secure"

A user asks …
« From time to time I update my notebook, Windows 10, with the usual Windows random updates and some others like Firefox and now I seem to be locked out of accessing most of my favorite sites by Firefox. I can get to them through Internet Explorer and Edge, but I don’t know how to move my favorites file over to either of those two browsers. Anyway, I want to correct my Firefox if I can. I have attached a print screen file to show you what I am getting. »


--- Techy alert – How we know a connection is secure ---
First, some background. More and more websites are available with https secure connections. This is good. At its most basic level it prevents anyone (such as your ISP or the government) between you and the website from seeing what you send out (a search on a touchy topic) or getting back (the newest unreleased tune or TV episode). This is desirable because it protects the privacy of good people as well as bad. It’s even better because when you’re communicating with financial, shopping, medical, legal, and other sites; the enhanced version of https verifies not only that no one can eavesdrop on your conversation, but that the owner of the website is who they claim to be.

Some browsers have announced that they will soon flag any non-https website as potentially risky. They also will scare you if some component, such as a picture, of a truly secure site is not delivered by https. This is a nuisance for many websites, such as my blog, that are not dealing in money matters or confidential information. Fortunately most servers are now able to install basic https with no cost and minimal skill.

When you connect to an https site, you receive a certificate from the site that is validated by a Certificate Authority. If the CA is not built in to your browser from when the browser was installed, you will get a message that the certificate is not recognized. The certificate also has to match specifics to the web page and have appropriate valid dates. For example, if the certificate is issued to website.com and you browsed to www.website.com, it may not be accepted. Similarly, if it expired yesterday, it may be appropriate but not valid.

Certificates also could be counterfeited, giving you confidence in your session while it’s being managed by a Man In The Middle. The MITM would typically involve malicious action starting at the first connection between you and the internet. For example, an ISP, a business, or a bogus “free WiFi” connection could be reading your session while the lock on your screen is for their own certificate. Protect against this potential privacy leakage by checking the certificate fingerprint you get against a known unspoofable fingerprint from GRC at https://www.grc.com/fingerprints.htm.

--- end Techy Alert – Back to your question ---

Funny thing about that. Welcome to nanny computing. Software from Windows to Notepad to my new car all want to tell you what to do and protect you from skinning your knees. Of course, the first thing they’re going to do is put squirrel guards up so you can’t climb any trees.

I had no problems getting into the website with Firefox 54.0.1 (32-bit) by typing the exact address you had. I also got to their secure (https) homepage by typing website.com in the address bar and hitting Enter. Try starting from that point and working your way to the signin screen. You may need to re-save your bookmark to the screen before signin because for many sites that is not a real web destination, but created on-the-fly for your environment.

By the way, if you click Advanced on the blocked page, you may be able to see why Firefox thinks this site is not good and decide to override their restriction. You want to override only if it shows a trivial error. I consider “trivial” to be something like a recently expired certificate if you trusted it previously or a slightly different domain name such as connecting to www.website.com and the cert is for website.com. Do not trust it if you’re looking for website.com and the cert is for a different extension like website.cn!

You can also double-check the cert fingerprint to protect from a Man In The Middle. Go to https://www.grc.com/fingerprints.htm and enter the exact address between “https://” and the next “/”. Read the details on the page to learn how to find the fingerprint from your session. Sadly Edge does not have an interface to show details of the certificate. Microsoft’s “solution” is to view the cert with Internet Explorer on the same computer. (Opera and Google Chrome use the same certificate store as Edge/IE so, if they say it’s OK, it’s OK in Edge.)

1a) All browsers have some means to export and import bookmarks (favorites), and possibly history and cookies, to and from a file. When you first install them, most browsers will also grab bookmarks directly from another browser in the same session without your needing to export them. Check your browser’s Help pages or your favorite search engine for instructions (always start at the publisher’s site before you go to third-party advisors).

However, most browser settings are user specific. If you’re moving to another computer or a different user on the same computer, you will have to go through the export to file process. Some browsers will sync their settings to other devices – if you’re willing to give a lot of personal information to the publisher.

1b)    While you’re playing with your browsers’ settings, go on and look through the privacy settings. In particular, enable Do Not Track (many browsers leave it off by default) and disable 3rd party cookies and allowing your browser to save passwords. Tracking and 3rd party cookies are just cowardly ways for browsers and websites to make money off you. Browsers have historically poor control over protecting stored passwords. Instead, opt to use a recommended password manager such as LastPass or PasswordSafe.

Open links:
Fingerprint    https://www.grc.com/fingerprints.htm
Me    https://technologyinterpreter.info
Last Pass    https://s.zaitech.com/SignupForLastPass
PasswordSafe    https://pwsafe.org/

---------

Creative Commons License. This work by Bill Barnes is licensed under a Creative Commons BY-NC-SA 4.0 US License. Permissions beyond the scope of this license may be available at https://zaitech.com/satellite/contacts.htm.
(cc) 2017- Bill Barnes - Disclaimer - Home Page - Blogs Home

No comments:

Pages