Technical Tidbits™

Posts Tagged ‘ie’

I have had two separate support questions raised because of the Invalid Server Certificate Warning in both Internet Explorer (IE) and Firefox (FF) this week, so I thought I’d post a brief explanation about this issue.

From time-to-time, you may receive one of the following Server Certificate warnings or error message, as some call it.

The above graphic is what you will see if you are using Internet Explorer.

The above graphic is what you will see if you are using Firefox.

The above graphic is what you will see if you are using Google Chrome.

I have blurred out the clients website I was visiting to get this image.

The above graphic is what you will see if you are using Apple Safari.

I have blurred out the clients website I was visiting to get this image.

Why does this happen?

It happens because the security certificate – the code that makes the HTTP an HTTPS (or secure connection) has been self-signed and has not been issued by a certification authority such as Thawte, Verisign, and so forth.

Where does it happen?

It should only happen when you are logging into your own secure e-mail client on your web hosting site, or when you try to access your control panel on your web hosts site.

When should I NOT see this?

You should NEVER see this when you are logging into:

• Any financial site, as in your bank, trading accounts, insurance, credit card institution or other such sites.
• Any online shopping site.
• Any site where you are required to exchange confidential information such as banks, credit bureaus, stock brokerage, and so on.

Why does my web host do this?

Certificates from a certifying authority is costly especially for hosting companies. Many hosts self sign certificates to allow secure access for their customers who want security when accessing their online email or control panel for their hosting accounts.

If I log in to my e-mail or control panel anyway, am I still secure?

You are secure to the level of security that your web host offers. You need to check with them as to the level of encryption they provide.

Keep in mind that the certificate does not guarantee encryption.  If the certificate was provided by a third party provider, it only guarantees that the site and the site owner has been verified that they are, who they say they are!

Why is this such an issue?

It’s an issue because of the scammers and phishers that have become rampant on the Internet. The browser providers like Google Chrome, IE, FF, and Safari – to name a few – have included this warning to help you spot a phishing or scammer site more easily.

Can I ignore this warning?

Yes, if you know with CERTAINTY that this is the site you want to go to.

If you have clicked on a link in an email, a Twitter DM, or any other web page link and you see this message, do not proceed! Chances are good it’s a phishing or scam site.

If you have typed in the URL to your webmail or control panel account on your web host, or clicked the link from within your web hosts setup information, then you can proceed safely. In the images that follow, you will see that there is also a button in the Firefox message that will allow you to see the actual self-signed certificate to make sure you are at your web hosts server.

How can I stop this error message?

If you are getting this error message when you try to login to your web host control panel or web mail on your web host, you can add a permanent exception by accepting the self-signed certificate.

In most browsers, you can click on a button to see the actual self-signed certificate and verify it’s your web host. The following is an example of a self-signed certificate on a LunarPages server.

In Firefox, it’s a slightly different behavior.  You have to click the arrow next to the second line item to get to view the certificate or accept it.

Remember, this is normal behavior if you are signing in to your web host email or control panel and neither you, nor your web host have purchased a certificate from an issuing authority.

It is NOT normal behavior for any sites that you would do business with like shops, financial and investment institutions, and other such businesses.

I hope this helps clear up the matter of Server Certificate warnings.

This post is dedicated to Mary, one of our blog readers who actually called me and asked me how to block the mal-ads because her TrendMicro RUBotted was continually alerting her. Thank you Mary! It’s so nice to know readers are gaining value from what I write. You truly made my day today!

There are several ways to block the advertising mal-ad sites. I will start with the simplest ways first and work down to the more difficult and list the pros and cons of each method.

Easiest: The first, and easiest method I’ve found to block the malware pushing ads on even the most legitimate sites (tarot.com to name a huge guilty site that’s actually legitimate!), is to install Firefox web browser with the AdBlock Plus Plug-in.

Firefox: http://www.mozilla.com/en-US/
AdBlock Plus: https://addons.mozilla.org/en-US/firefox/addon/1865

Important Notes: If you are new to Firefox, Add-ons do not automatically install like ActiveX controls in Internet Explorer (IE). You have to click the Add To Firefox button, then, after it loads in the small window, click Install Now to complete the installation. This is actually a double security measure which is why Firefox is more secure than IE.

After the add-on installs it will ask you to restart Firefox. Firefox also saves your current tabs or window your browser was open to so reinstall without worries. You’ll open back up to the page you were on.

Once you install AdBlock Plus, you should see a small stop sign in the upper right corner with the letters ABP in the middle.

(Click on the image to see full view)

Clicking on the down arrow of the icon allows you to control ad blocking on the site or page you are on.

(Click the image to see full view)

Since I’ve installed this handy plug-in, I’ve not seen any RUBotted pop-ups and 99% of the ads I used to see are completely gone. Even all the ones at tarot.com!

Pros: Easy to install and use. Updates itself. No further user steps necessary once installed.

Cons: It also blocks some of the forms on web sites – particularly from Internet marketer sites but also some legitimate ones too. If you see something on the page that instructs you to enter your email address below and you don’t find the form, it’s AdBlock Plus blocking it. Just disable AdBlock for that page or site, refresh the page, and you should see your form available.

Next Easiest - If you are a die-hard IE user and you insist on using IE, Install Spybot S&D (Search and Destroy) from safer-networking.org (use a safer-networking mirror to download).

Once you get past running it the first time, open the program and change the MODE at the top menu to Advanced mode. It will prompt you with a message and click yes to that message.

In advanced mode, you will see 3 bars on the lower right pane of the window. Click Tools.

In the right window, check the box next to IE Tweaks and Host Files if they are not already checked. You will notice after checking them, IE Tweaks and Host Files links are available on the left pane. (I know they do not look like links, but they are!)

Click the Host Files in the left pane and you will see a different right window appear. Click the button to Add Host Files and the list will populate.

When the host files are complete, click the IE Tweaks link on the left pane. Check the box to Lock the host files if it is not already checked. Close Spybot.

Now when you go to IE, you should see this available from the Tools menu:

(Click the image for full view)

If you click that link, you will see that Spybot has installed the host files and is silently blocking the bad pages.

(Click the image for full view)

Pros: Easy to install, easy to use, and protects you from spyware with regular scanning. Plays nice with Lavasoft’s Ad-aware. And there are a lot of advanced features you can use if you download my free tutorial PDF from this blog post: Spybot Search & Destroy in Advanced Mode.

Cons: Unless you use the advanced configuration to schedule updates and scan regularly, you have to manually remember to do it. If Spybot is installed on a machine prior to installing Trend Micro, you have to uninstall Spybot first, install Trend and reinstall Spybot.

PLEASE NOTE: You cannot immunize with Spybot if you are using one of the major security vendors software! When you immunize, Spybot takes control of the files to monitor them from alterations. The major security software vendors do the same. What you end up with is a huge struggle between files and vendors and your computer slows to a crawl. If you immunized and are experiencing a crawling computer, undo the immunization. And it make take several tries to get fully cleared out but your computer speed will return to normal. Major security vendors are: TrendMicro, Symantec, Norton, McAfee, AVAST, Eset, Kaspersky, Panda, Webroot, and possibly AVG.

Next Easiest – Another one for the die hard IE users. Go to the following site and run the handy tool called, MVPS.bat

The site is: www.mvps.org and you want the zip file midway down the page.

This is a batch file (Dos file) that installs the most recent host files (bad websites) into the appropriate place. The command window will pop-up and tell you it’s done.

Pros: Very simple to install.

Cons: You have to check back frequently with this site because the host files change and require you to update them manually. For every malware site they find or is shut down, ten more appear. So you have to remember to check back frequently.

More difficult and not free. Install Trend Micro Internet Security.

Trend blocks the major mal-ad providers as I illustrated in a previous blog post:  New Trend in Trend

Pros: Effective against most mal-ads, extremely affected against malware, with added security features of Firewall protection, spam protection (Outlook spam toolbar), and a scan to check your windows installation for missing security patches. Works regardless of the browser of you are using.

Cons: It’s not free, although competitively priced.

Most Difficult. The most difficult and most time consuming is to manually add the list of known ad servers to your IE restricted zone.

There are several sites that list the known host files including a text version of the MVPS.bat file.

I list some of the sites here:
http://www.mvps.org/winhelp2002/hosts.txt
http://www.malwaredomainlist.com/mdl.php
http://www.malware.com.br/lists.shtml

To manually add the host files into your restricted zone, you can add them through the Interent Options settings in your Control Panel, or through the browser (IE) itself under Tools – Internet Options. Click on the Security Tab, and select the Restricted Sites Icon. Click the Sites Button to add whatever sites you wish to restrict.

Pros: You can customize the list to allow you to view specific ads.

Cons: Tedious, time consuming, and still requires manual updating.

Now, there are many other methods for doing this which gets into more complicated explanations. So my geeky readers, don’t be emailing me telling me I left out this and that because I meant this to be a quick tutorial for my not-so-techie readers.

Mary, I hope this helped and again, thank you for the phone call!

And as a reminder to Mary and others reading this blog, we are getting the courses back online and will have a huge announcement soon. The training area is located at: http://training.mice.org

Please feel free to leave a comment if you found this information valuable!

I know.  It’s been awhile since I’ve posted.  My bad! Just finished trying to serve Jury Duty. (Don’t ask!) On with the story……

There’s been several conversations on this blog about Drive-by download malware. Has there not? (Or is it, have there not?)

Let me refresh your memory on just two of them:  How To Stop The New Malware & Mal-ads Still Being Pushed Through Ad Servers.

And I first reported the discovery of this nasty bugger on my YouTube channel. Since such time, I’ve seen some wonderful and more professional videos on the subject as well as taken criticism from alleged hackers about my lame presentation. But hey, it comes with the territory, right?

But, as our students know, I’ve been “preachin and teachin” on the ills of using Internet Explorer, as well as the dangers of using Microsoft products for years! And if you’ve been a subscriber to our newsletters since 1996 (print first, then digital in 2000), you’ve heard about it too! I haven’t changed in all these years.

Well, a recent article in InfoWorld has once again, reiterated what I’ve been saying!

First, the article states:

The bug, which Microsoft patched as part of a record-tying security update for the month of November, is in the Windows kernel, the heart of the operating system. The kernel improperly parses EOT (Embedded OpenType) fonts, a compact form of fonts designed for use on Web pages that can also be used in Microsoft Word and PowerPoint documents.

Did you read that part about PowerPoint documents? HELLO? Have I not been telling you to STOP opening PPS and other PowerPoint attachments you get in an email from you email buddies and family members?

You know the ones I’m talking about. The pretty picture presentations that make you go, “oooh!” and “ahhh!” Yea, those! Or the religious ones with pictures of Jesus walking with you in the sand that even has music playing in the background. Yes, those too!

How do you know if these are infected? Yes, they may have come from a reliable source, but did they get it from a reliable source? Did their reliable source get it from a reliable source?

Half the time you can see the trail of forwards in these emails (email addresses included) and you have no idea who the heck those other people are! But you open them anyway!

Now, moving on past those goofy PowerPoint attachments, the article goes on to say:

The bug will be extremely attractive to hackers, Moore maintained, and not simply because it can be exploited in a classic “drive-by” attack that can silently hijack an unpatched Windows 2000 or Windows XP system when users visit a compromised or malicious Web site. On Vista, a successful exploit would give the attacker additional access to the machine, but could not be used to inject malware, Microsoft said.

Once again, the drive-by attack is mentioned. I’m not going to preach again. You’ve heard it from me before.

But let’s look at how this exploit (possible drive-by) could work (my own emphasis in red added):

“An EOT file can use both compression and encryption,” noted Moore, referring to the font format that hackers will use to exploit the bug. Because the file can be compressed and encoded, most antivirus software will have a difficult, if not impossible, time detecting whether a Web page’s fonts are being used to launch attacks. “They will blow past any line of user protection,” he said.

And since the EOT file is rendered at the kernel level, not by IE itself, browser-based defenses won’t help. “There’s no JavaScript required for an exploit,” Moore said, talking about the scripting language that’s a popular tool for hackers who target browsers. Those kinds of attacks can be deflected by restricting JavaScript, or disabling it entirely.

On Vista PCs, IE7’s and IE8’s “sandbox,” which is designed to prevent attack code from escaping the browser and worming its way into, say, the operating system, also will be useless, Moore said.

You don’t have to understand the entire amount of jargon to realize what’s being said. YOU ARE UNPROTECTED IF YOU ARE USING MICROSOFT BROWSERS!

Here’s something else that is said in the article that gets my blood boiling – again, emphasis added in red by me:

Top-notch hackers may also be able to leverage a treasure trove of bug fixes that Microsoft silently added to the MS09-065 update, Moore said. “There’s a massive number of function fixes in the update,” he said, adding that the practice isn’t unusual for Microsoft. Even though the company called out only three Windows kernel vulnerabilities in that bulletin, Moore said he had been able to find at least eight altogether.

How can anyone understand the updates without spending time researching their assets off if Microsoft doesn’t fully explain what the heck is going on?

Do they somehow think that by hiding the update information they are protecting consumers from amateur hackers that might figure out a flaw if they provided more information? I mean, what’s the rationale Microsoft?

This is yet another pathetic example of how well Microsoft knows security. And you expect me to trust them? You want me to jump on board the Windows 7 bandwagon because it’s such an outstanding (and allegedly secure) operating system? Give me a break and give me a Mac or Ubuntu!

As the saying goes, “Poke me with a fork, I’m done!”

Full Article: Hackers will exploit Windows kernel bug | Security Central – InfoWorld.