If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
What is Screwing Up Chrome This Morning?
All sorts of sites that I use are now "Not Secure" and everything on
them is highlighted and the links don't work. No problems with Firefox yet. Does this have something to do with the overnight Windows Update? |
Ads |
#2
|
|||
|
|||
What is Screwing Up Chrome This Morning?
Ricardo Jimenez wrote:
All sorts of sites that I use are now "Not Secure" and everything on them is highlighted and the links don't work. No problems with Firefox yet. Does this have something to do with the overnight Windows Update? Do you have a sample site we could test ? Sites are not secure, all the time, and at least, I'd want to compare the response of several different browsers to understand why. Paul |
#3
|
|||
|
|||
What is Screwing Up Chrome This Morning?
Ricardo Jimenez wrote:
All sorts of sites that I use are now "Not Secure" and everything on them is highlighted and the links don't work. No problems with Firefox yet. Does this have something to do with the overnight Windows Update? Any program you use that intercepts web traffic can screw up security. Google is more strict regarding certificate validity. They've done it in the past and may have done so again. For example, when they required that the Subject Alternative Name field be populated for a multi-domain certificate, some companies got nailed that include and use their own self-signed certs (no CA is associated to the cert) with their programs. Applian's Replay Media Capture (RMC), a streaming video capture tool, could no longer run when Google got more strict on certs demanding the SAN field be populated. Firefox was more lax (less secure) so RMC users had to switch to Firefox instead of Google Chrome. Eventually Applian fixed the fields in their new self-signed cert (which they demand their customers buy v7 of RMC despite the new cert would work just as well with v7, and earlier). The cert gets put into the global cert store you see using certmgr.msc except for Firefox where Mozilla decided to wrest control on certs by using its own private cert store. The local cert is needed for a MITM scheme to intercept encrypted web traffic to allow capture from HTTPS sites; else, you can only intercept traffic from HTTP sites but most video sites are now HTTPS. Using a self-signed cert in a MITM scheme is hardly new. Companies use them on their workstations to allow them to monitor the content of HTTPS traffic generated by employees who are supposed to be working when at work and using company property and company resources. Local certs for the MITM scheme is also how several anti-virus programs work to interrogate HTTPS traffic; e.g. Avast uses one, by default, so they can inspect HTTPS traffic for malicious content (but their self-signed cert was created correctly and didn't trigger Chrome to start reporting HTTPS sites as insecure). When Google decides to lockdown on certificates to enforce the security they are supposed to offer, some sites and programs get nailed because they were sloppy, uneducated, or their cert issuer was so. You didn't provide any real examples of sites you visit where Google Chrome reports a problem but then you didn't even say what Google Chrome reports as the problem (is "not secure" all that Google Chrome reports?). You might also want to look under Internet Options - Connections - LAN Settings to make sure you are NOT using a proxy through which to pipe your web traffic. As another example, a long time ago RMC used a non-transparent proxy so it changed these settings to make web traffic go through its local proxy. If RMC crashed or was killed, it never got to its code to restore the proxy settings (to delete them and have clients go direct to the network). With its proxy killed but with proxy settings still pointing to it, all web access was lost -- until you went into the proxy settings to clear them. Back then I created a .reg file saved for when the proxy settings were blank so I could click on a shortcut to reload that .reg file to clear the proxy settings instead of having to wade through the Internet Options dialogs. So check if you are stuck using a proxy for your web traffic. |
#4
|
|||
|
|||
What is Screwing Up Chrome This Morning?
On Mon, 11 Dec 2017 11:33:48 -0500, Paul
wrote: Ricardo Jimenez wrote: All sorts of sites that I use are now "Not Secure" and everything on them is highlighted and the links don't work. No problems with Firefox yet. Does this have something to do with the overnight Windows Update? Do you have a sample site we could test ? Sites are not secure, all the time, and at least, I'd want to compare the response of several different browsers to understand why. Paul www.talkleft.com www.stopandshop.com |
#5
|
|||
|
|||
What is Screwing Up Chrome This Morning?
Ricardo Jimenez wrote:
On Mon, 11 Dec 2017 11:33:48 -0500, Paul wrote: Ricardo Jimenez wrote: All sorts of sites that I use are now "Not Secure" and everything on them is highlighted and the links don't work. No problems with Firefox yet. Does this have something to do with the overnight Windows Update? Do you have a sample site we could test ? Sites are not secure, all the time, and at least, I'd want to compare the response of several different browsers to understand why. Paul www.talkleft.com www.stopandshop.com OK, your first link doesn't accept https:// secure protocol. It only accepts http:// . There is an Internet campaign underway, to make every site use https, but the thing is, the various crypto suites means that maybe someone on Win98 or WinXP, no longer has access to a good browser for the job, so they'd be denies access to the web. The https is preferred for business sites, because it prevents eavesdropping. And Google Chrome has a relatively high default security suite it uses. A commercial site with a lot of third-party links on it, the web page ends up with a "mixed" status, where the main page is secure, but the adverts are not, or the adverts use a different crypto. To study suites, there are some ssllabs web sites. One checks your browser, for what suites it uses. Maybe it's AES-128 and Dxxxx (some five letter acronym that didn't stick in my head). There will be a list of possible combinations. At one time, were were ruling out 40 bit encryption standards (because they can be cracked in a short time). https://www.ssllabs.com/ssltest/viewMyClient.html The other page, checks a web site, to see how well "armored" it is. For example, the first site is going to get a "lesser" grading, because it doesn't support https at all. And the ssllabs web checker only checks for https suites (to detect the weak ones or the ones that are already compromised). You could plug in the stopandshop link into this one, and have the server analyzed, to see if it has a crypto suite that Chrome would also like. If the page has a mixed status, I would hope the scan here identifies the mixed levels of protection offered. https://www.ssllabs.com/ssltest/ The suites are large, so that the two ends of the link can negotiate and pick the best crypto they jointly share. You can run some tests now, to see which end is at fault. There's no need to scan your first link, because it doesn't accept https at all, so right away Chrome will be annoyed with it. For actual https sites, as newer versions of Chrome comes out, Google will "raise the bar" on the crypto suite considered sufficient. On certificates for https, they've switched from SHA1 to SHA256, which at the time broke some browsers. One Internet company recommended "fallback" behavior, so that SHA1 was still available for older browsers. But this won't last forever, and an older browser is going to throw an error if it doesn't support some newer choice of standard. It all boils down to an evil campaign to kick Win98 and WinXP people off the Internet :-) Keeping the NSA out of the loop, is their "excuse". And, when these companies do this, they[re doing it so that you have to use their new browser, with compromised privacy features (so they can track what sites you're visiting). It makes incognito browsing all that much more important. This is why modern browsers use omniboxes, with both search and URL in the same box. It means if every typed-in URL is also considered an attempt to "search", then your URL can be logged while phoning home. Firefox can make some good money from Google, for this kind of drooling data stream. If you search for a pair of socks on Walmart, the CNN news page will be covered in sock adverts :-) Paul |
#6
|
|||
|
|||
What is Screwing Up Chrome This Morning?
On 12/11/2017 04:45 PM, Ricardo Jimenez wrote:
On Mon, 11 Dec 2017 11:33:48 -0500, Paul wrote: Ricardo Jimenez wrote: All sorts of sites that I use are now "Not Secure" and everything on them is highlighted and the links don't work. No problems with Firefox yet. Does this have something to do with the overnight Windows Update? Do you have a sample site we could test ? Sites are not secure, all the time, and at least, I'd want to compare the response of several different browsers to understand why. Paul www.talkleft.com www.stopandshop.com In Firefox the stopandshop comes up but hitting the site info says that the main site is secure and images and external links are not. Thus the insecure logo in Firefox. I'm going to guess that Chrome puts up a more offensive opposition. Luckily FF just changes a little icon in the URL bar. |
#7
|
|||
|
|||
What is Screwing Up Chrome This Morning?
Ricardo Jimenez wrote:
Paul wrote: Ricardo Jimenez wrote: All sorts of sites that I use are now "Not Secure" and everything on them is highlighted and the links don't work. No problems with Firefox yet. Does this have something to do with the overnight Windows Update? Do you have a sample site we could test ? Sites are not secure, all the time, and at least, I'd want to compare the response of several different browsers to understand why. Paul www.talkleft.com www.stopandshop.com Yep, Google Chrome says "Not Secure" but does not block the client from connecting to that site. A site can only be secure if they use a certificate to both authenticate their identity (through a CA - Certificate Authority - like Verisign) and to allow encryption of the traffic between the endpoints. Well, talkleft. is *NOT* an HTTPS web site. While you gave www.talkleft.com which specifies only the hostname at a domain, you left out that the full URL is http://www.talkleft.com/. That's not an HTTPS site. The 2nd site, www.stopandshop.com, is an HTTPS site. Its full URL is https://stopandshop.com/. Google Chrome does not report "Not Secure" for that site because its site cert is still valid. However, the "Secure" prefix field is missing because that site chooses to mix secure and insecure content. That is, some of the page is delivered under HTTPS while some of its content is delivered via HTTP. It is referred to as mixed content. Any web page that is not 100% secure for all its content is not a secure web page. Often mixed content results from a site allowing content from external resources, like ad servers, or getting images from a resource that doesn't use the overhead of HTTPS to deliver what they consider to be publicly-accessible content. Encryption isn't needed for content that doesn't need to be secured. https://developers.google.com/web/fu...-mixed-content The default of most web browsers is to allow mixed content. That is because discarding or blocking HTTPS content for an HTTPS web page can result in a rendered document that isn't usable (well, as far as the site is concerned). Not allowing mixed content will break many web sites. Mozilla takes the approach that mixed content is allowed but you can change it. For a long time, Mozilla allowed mixed content by default and users had to go into about:config to force an HTTPS delivered web page to only allow HTTPS for all of its content. Eventually Mozilla decided to warn about mixed content and added the security.mixed_content.block_active_content setting; see http://www.thewindowsclub.com/disabl...ontent-firefox and https://support.mozilla.org/en-US/kb...ocking-firefox. When visiting stopandshop.com using Firefox, you will see a yellow exclamation character overlay atop the padlock icon in the address bar. Click on it and you'll see the stopandshop.com is *NOT* secu it allows mixed content. The WindowsClub article mentions how to disable the active content check; however, the normally expected passive content that typically results in a mixed content page is the display content (affected by the security.mixed_content.block_display_content) as that would block HTTP content delivered via an HTTPS web page. If you changed that setting (from false to allow mixed display content) to True then the HTTPS delivered content would get blocked and the page may not render fully since the insecurely delivered display content got blocked. The first site is properly identified as "Not Secure" because, well, it is not secured by a site certificate. It just uses HTTP. The 2nd site is also identified as insecure (click on the circled "i" icon at the left of the address bar): it uses HTTPS to deliver the guts of the web page but some of the content is delivered via HTTP. Either a web page is secure or it is not. Mixed content, even if allowed, means the web page is NOT secure. There is no such thing as partially secure since all that means it is not fully secure which means not secure. If you don't want to configure the web browser to reject all insecure (HTTP) content when visiting what is supposedly a secure (HTTPS) site then complain to the site admin that their secure web pages are insecure because they deliver content via HTTP, not all of it via HTTPS. |
#8
|
|||
|
|||
What is Screwing Up Chrome This Morning?
On Mon, 11 Dec 2017 17:34:38 -0500, Paul wrote:
It all boils down to an evil campaign to kick Win98 and WinXP people off the Internet :-) Keeping the NSA out of the loop, is their "excuse". And, when these companies do this, they[re doing it so that you have to use their new browser, with compromised privacy features (so they can track what sites you're visiting). It makes incognito browsing all that much more important. This is why modern browsers use omniboxes, with both search and URL in the same box. It means if every typed-in URL is also considered an attempt to "search", then your URL can be logged while phoning home. Firefox can make some good money from Google, for this kind of drooling data stream. If you search for a pair of socks on Walmart, the CNN news page will be covered in sock adverts :-) Paul Google has been pulling some **** on my end lately where I type in a search term, and I get something saying I have to prove I am a not a robot. I have to hit a submit button and answer presonal info. I'm using Firefox. Well, I am going to say the exact words I said out loud. "**** YOU GOOGLE, THERE ARE OTHER SEARCH ENGINES". Not only did I change my default search engine to another one, I added google.com and a few other incarnations of google, such as adservice.google.com, to my hosts file.Google thinks they own the internet. **** GOOGLE! |
#9
|
|||
|
|||
What is Screwing Up Chrome This Morning?
And now, Chrome can't handle www.nytimes.com !!
Thanks to those who have explained why. Could you make it simple? Is the following correct? There is nothing I can do except use a different browser. TIA |
#10
|
|||
|
|||
What is Screwing Up Chrome This Morning?
On 12/12/2017 14:54, Ricardo Jimenez wrote:
And now, Chrome can't handle www.nytimes.com !! Thanks to those who have explained why. Could you make it simple? Is the following correct? There is nothing I can do except use a different browser. TIA Actually, you can do something and it is pretty much easier. You can create a new Windows profile (some call this windows Account) and use it to see if Google Chrome works from that new account. If it does then you know that your old profile is somewhat corrupted and so you can post back so that a fix can be suggested. Good luck. -- With over 600 million devices now running Windows 10, customer satisfaction is higher than any previous version of windows. |
#11
|
|||
|
|||
What is Screwing Up Chrome This Morning?
On Tue, 12 Dec 2017 09:54:43 -0500, Ricardo Jimenez
wrote: And now, Chrome can't handle www.nytimes.com !! Thanks to those who have explained why. Could you make it simple? Is the following correct? There is nothing I can do except use a different browser. TIA I've just been to https://www.nytimes.com/site using Chrome and it worked OK. I think you have some setting wrong. Steve -- http://www.npsnn.com |
#12
|
|||
|
|||
What is Screwing Up Chrome This Morning?
On Tue, 12 Dec 2017 09:54:43 -0500, Ricardo Jimenez wrote:
And now, Chrome can't handle www.nytimes.com !! Thanks to those who have explained why. Could you make it simple? Is the following correct? There is nothing I can do except use a different browser. TIA Seems fine here in the UK -- Jim S |
#13
|
|||
|
|||
What is Screwing Up Chrome This Morning?
|
#14
|
|||
|
|||
What is Screwing Up Chrome This Morning?
On Tue, 12 Dec 2017 09:54:43 -0500, Ricardo Jimenez
wrote: And now, Chrome can't handle www.nytimes.com !! Thanks to those who have explained why. Could you make it simple? Is the following correct? There is nothing I can do except use a different browser. TIA What exactly does it do when you venture onto the site with Chrome? Can you post a screenshot, per chance? |
#15
|
|||
|
|||
What is Screwing Up Chrome This Morning?
On Tue, 12 Dec 2017 12:28:20 -0500, Doomsdrzej wrote:
On Tue, 12 Dec 2017 09:54:43 -0500, Ricardo Jimenez wrote: And now, Chrome can't handle www.nytimes.com !! Thanks to those who have explained why. Could you make it simple? Is the following correct? There is nothing I can do except use a different browser. TIA What exactly does it do when you venture onto the site with Chrome? Can you post a screenshot, per chance? As far as www.nytimes.com , it will come up sometimes as http:/www.nytimes.com and at other times as https://www.nytimes.com In the first case, there will be an insecure message in the address bar and the site is unusable. Just adding the s in the address bar seems to work for some sites but not for others like www.talkleft.com I think that Chrome preventing http sites from working just started this week, at least for Windows10. |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|