Technical Tidbits™

Sorry I’ve not been around much posting and such. Dealing with some family “issues” and should have everything back to normal shortly!

That being said, I wanted to briefly comment on the article I read this morning about the HSBC Swiss Data breach.

According to the article:

A former IT employee of Swiss subsidiary HSBC Private Bank (Suisse) SA, identified by French authorities as Herve Falciani, stole the information between late 2006 and early 2007, the bank said.

My concern with this is that the breach took place in late 2006 and early 2007 and we’re just hearing about it now????

We should all be questioning what other data breaches – at other banks or companies – have taken place that affect us and our private data but we haven’t heard about????

To me, that is more frightening than the breach itself!

via HSBC: data on 24,000 Swiss account holders stolen – Yahoo! News.

I have had two separate support questions raised because of the Invalid Server Certificate Warning in both Internet Explorer (IE) and Firefox (FF) this week, so I thought I’d post a brief explanation about this issue.

From time-to-time, you may receive one of the following Server Certificate warnings or error message, as some call it.

The above graphic is what you will see if you are using Internet Explorer.

The above graphic is what you will see if you are using Firefox.

The above graphic is what you will see if you are using Google Chrome.

I have blurred out the clients website I was visiting to get this image.

The above graphic is what you will see if you are using Apple Safari.

I have blurred out the clients website I was visiting to get this image.

Why does this happen?

It happens because the security certificate – the code that makes the HTTP an HTTPS (or secure connection) has been self-signed and has not been issued by a certification authority such as Thawte, Verisign, and so forth.

Where does it happen?

It should only happen when you are logging into your own secure e-mail client on your web hosting site, or when you try to access your control panel on your web hosts site.

When should I NOT see this?

You should NEVER see this when you are logging into:

• Any financial site, as in your bank, trading accounts, insurance, credit card institution or other such sites.
• Any online shopping site.
• Any site where you are required to exchange confidential information such as banks, credit bureaus, stock brokerage, and so on.

Why does my web host do this?

Certificates from a certifying authority is costly especially for hosting companies. Many hosts self sign certificates to allow secure access for their customers who want security when accessing their online email or control panel for their hosting accounts.

If I log in to my e-mail or control panel anyway, am I still secure?

You are secure to the level of security that your web host offers. You need to check with them as to the level of encryption they provide.

Keep in mind that the certificate does not guarantee encryption.  If the certificate was provided by a third party provider, it only guarantees that the site and the site owner has been verified that they are, who they say they are!

Why is this such an issue?

It’s an issue because of the scammers and phishers that have become rampant on the Internet. The browser providers like Google Chrome, IE, FF, and Safari – to name a few – have included this warning to help you spot a phishing or scammer site more easily.

Can I ignore this warning?

Yes, if you know with CERTAINTY that this is the site you want to go to.

If you have clicked on a link in an email, a Twitter DM, or any other web page link and you see this message, do not proceed! Chances are good it’s a phishing or scam site.

If you have typed in the URL to your webmail or control panel account on your web host, or clicked the link from within your web hosts setup information, then you can proceed safely. In the images that follow, you will see that there is also a button in the Firefox message that will allow you to see the actual self-signed certificate to make sure you are at your web hosts server.

How can I stop this error message?

If you are getting this error message when you try to login to your web host control panel or web mail on your web host, you can add a permanent exception by accepting the self-signed certificate.

In most browsers, you can click on a button to see the actual self-signed certificate and verify it’s your web host. The following is an example of a self-signed certificate on a LunarPages server.

In Firefox, it’s a slightly different behavior.  You have to click the arrow next to the second line item to get to view the certificate or accept it.

Remember, this is normal behavior if you are signing in to your web host email or control panel and neither you, nor your web host have purchased a certificate from an issuing authority.

It is NOT normal behavior for any sites that you would do business with like shops, financial and investment institutions, and other such businesses.

I hope this helps clear up the matter of Server Certificate warnings.

Those of you who are my PC security (Introduction to PC Security) students don’t have to worry about this because in the first few lessons of the course you’ve disabled this!

However, many of you have not taken the course so I thought it was wise to post this.

Oh, and by the MAC users, this affects you too if you are using the Microsoft Remote Desktop Connection Client to connect a MAC to a windows PC.

According to Microsoft’s Security Bulletin: MS09-044:

This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection. The vulnerabilities could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious RDP server or if a user visits a specially crafted Web site that exploits this vulnerability. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

via Microsoft Security Bulletin MS09-044 – Critical: Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution 970927.

There is also known issues after installing this update, so you may want to check the bulletin for a list of those.

I’ve been teaching the Introduction to PC Security course for over 5 years and from day 1 I’ve had the students disable this service! I wonder what else you’re missing?