A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows 7 » Windows 7 Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

What does it mean (to me) when a "certificate" to pirate bay is "invalid"?



 
 
Thread Tools Rate Thread Display Modes
  #16  
Old November 16th 15, 05:19 PM posted to alt.os.linux,alt.windows7.general
David E. Ross[_2_]
external usenet poster
 
Posts: 1,035
Default What does it mean (to me) when a "certificate" to pirate bay is"invalid"?

On 11/15/2015 11:05 PM, Kirk Jutland wrote:
On Sun, 15 Nov 2015 10:44:51 +0100, J.O. Aho wrote:

Your avat which intercepts your internet traffic notice the difference
between the site you wanted to go to and the certificate you got and
assumes that the site ain't the one you intended to go to and warns you
as the certificate is for cloudflaressl.com as the person behind the
copy of pirate bay hasn'ät bothered to upload the correct ssl
certificates to cloudflare.


OK. That is the first explanation that I *understood*.

1. I went to piratebay.whatever with Firefox 42.
2. Firefox and Avast both expected a certificate for "piratebay.whatever".
3. What came back was a certificate for cloudflares instead.
4. So Avast barfed on it.
5. Presumably, had I not used Avast, Firefox would have also barfed.

Now the $64 question....

Is it safe (so to speak) to go there?
I'm not expecting perfect safety (this isn't a banking site).

But, is it *really* the piratebay that I'm going to or not?


With a faulty certificate (e.g., for a piratebay.whatever when the Web
site is now cloudflares.com), you are at risk, The Pirate Bay site
might have been hijacked.

--
David E. Ross

Pharmaceutical companies claim their drug prices are
so high because they have to recover the costs of developing
those drugs. Two questions:

1. Why is the U.S. paying the entire cost of development while
prices for the same drugs in other nations are much lower?

2. Manufacturers of generic drugs did not have those
development costs. Why are they charging so much for generics?
Ads
  #17  
Old November 16th 15, 07:41 PM posted to alt.os.linux,alt.windows7.general
Kirk Jutland
external usenet poster
 
Posts: 6
Default What does it mean (to me) when a "certificate" to pirate bay is"invalid"?

On Mon, 16 Nov 2015 08:19:31 -0800, David E. Ross wrote:

With a faulty certificate (e.g., for a piratebay.whatever when the Web
site is now cloudflares.com), you are at risk, The Pirate Bay site
might have been hijacked.


See, thats the thing.
Let's say I'm going to pirate bay to download, War & Peace.
Piratebay is already dodgy for that, isn't it?
So, is it any more dodgy to get that torrent from Cloudflares?

I don't know (realistically) a thing about *either* site.

  #18  
Old November 16th 15, 09:46 PM posted to alt.os.linux,alt.windows7.general
J.O. Aho
external usenet poster
 
Posts: 130
Default What does it mean (to me) when a "certificate" to pirate bay is"invalid"?

On 11/16/2015 07:41 PM, Kirk Jutland wrote:
On Mon, 16 Nov 2015 08:19:31 -0800, David E. Ross wrote:

With a faulty certificate (e.g., for a piratebay.whatever when the Web
site is now cloudflares.com), you are at risk, The Pirate Bay site
might have been hijacked.


See, thats the thing.
Let's say I'm going to pirate bay to download, War & Peace.
Piratebay is already dodgy for that, isn't it?
So, is it any more dodgy to get that torrent from Cloudflares?

I don't know (realistically) a thing about *either* site.


You will get a torrent file, but I know that some of the domains used
are just a copy of pirate bay which will open a new tab/window with spam
when you click on some of the links, this can make you catch a
malware/virus just by visiting those spam pages (that depends on the
browser and what potential vulnerabilities it has together with the
plugins). To minimize the risk, use a advertisement blocker like
ghostery or similar, which can (if you are lucky) prevent to open that
tab/window with spam.

What you get with the torrent is a different thing, this can include
malware/viruses/spyware regardless if you download the torrentfile from
the pirate bay or a copy of it.

Alternative is to use binary usergroups, but it's not a protection
against viruses/malware/spyware in the application, pdf you downloaded.

--

//Aho
  #19  
Old November 17th 15, 12:18 PM posted to alt.os.linux,alt.windows7.general
~BD~[_12_]
external usenet poster
 
Posts: 40
Default What does it mean (to me) when a "certificate" to pirate bay is"invalid"?

On 15/11/2015 08:42, David_Dewgud wrote:
On 15/11/2015 07:06, David E. Ross wrote:
On 11/14/2015 7:48 PM, Kirk Jutland wrote:
What does it mean (to me) when a "certificate" to pirate bay is
"invalid"?
http://i.imgur.com/mkL4pt2.jpg

So, I admit, I try to go to piratebay to search about stuff that is
available for download.

I'm not sure the difference, but it happens with these sites:
thepiratebay.to
thepiratebay.la
thepiratebay.gd

My av program won't let me get there.
http://i.imgur.com/mkL4pt2.jpg

It says: "the following certificate is invalid sni34388.cloudflares1.com
Huh? What is cloudflares1?
I didn't go there, did I?
I guess the certificate "is" for cloudflares1, but, what does that
mean, to
me?
It's a dodgy site to begin with anyway, so, should I expect this?
Or is this abnormal?

How do I INTERPRET what the problem is?
Is it severe enough to turn off the av checks?
Is it an innocuous message?

How "critical" is this message?

I realize it means "something" is wrong with the certificate for the
encryption of that web site. But it's a dodgy web site to start with,
isn't
it? So, should I be worried if I were to turn off my av program?

Why?


You should not be using Avast to check the validity of Web site
certificates. Instead, you should use a browser that does it. I know
that SeaMonkey and Firefox do it. I think Internet Explorer, Edge,
Chrome, Safari, and Opera do it, too.

When I see a message about an invalid certificate, it means I was trying
to view a secure Web site (e.g., my bank) that has a problem with
establishing a secure Internet connection with my browser. When I go to
my bank's Web site, the Web server indicates that the site has a
subscriber certificate that was digitally signed by some intermediate
certificate. The server supplies my browser with public parts of both
the subscriber and intermediate certificates. The intermediate
certificate is supposed to be digitally signed by a root certificate
that is contained in a database that is part of my browser. That is,
the root certificate is on my computer. If this chain of certificates
is complete -- if the signature on the subscriber certificate can indeed
be traced to the intermediate certificate and if the signature on the
intermediate certificate can indeed be traced to the root certificate --
a secure connection can then be established between my browser and the
Web server.

There are several reasons why the chain of certificates breaks down,
leaving you with a message about an invalid certificate. Messages about
invalid certificates usually indicate why the certificate is invalid.
Among the reasons a

* All certificates -- subscriber, intermediate, and root -- have
expiration dates. Either a certificate has actually expired and needs
to be replaced; or else your computer's clock is wrong, causing your
computer to act as if a certificate has expired.

* The system administrator for the Web server is an idiot and should
not be trusted to be involved with secure Web browsing. This is
evidenced by his or her failure to install the intermediate certificate
on the server. Do not laugh; this is a very common problem.

* Your browser's certificate database does not contain the required
root certificate. This might happen if you are using an old browser,
older than the root certificate. In your case, it could also happen if
you are using an old version of Avast since Avast must contain a
database of root certificates to check the chain of certificates. It is
also possible that you accidentally deleted the file containing the
database of root certificates.

* The Web site you are trying to visit recently changed its domain
name. The signed subscriber certificate was created for the old domain
name. A new signed subscriber certificate is needed for the new domain
name. Note that this can happen if the three Pirate Bay domains you
cited are now merely aliases for sni34388.cloudflares1.com; the
subscriber certificate must be for the actual domain and not its
aliases. This is another instance of an idiot system administrator.

Some browsers (e.g., SeaMonkey, Firefox) have the capability to override
the detection of an invalid certificate. Perhaps Avast might have such
a capability. However, this is a capability that should be used only
with extreme caution.


FYI, I've just sent this to a Facebook friend!

=

I'm now left wondering about Avast! though. The certificate here is
provided by them!

https://social.technet.microsoft.com/profile/BDonTJ

Using Google Chrome and clicking on the padlock reveals this ........

Your connection to social.technet.microsoft.com is encrypted using an
obsolete cipher suite.

The connection uses TLS 1.2.

=

It's exactly the same here too!

https://community.dynamics.com/members/bdontj

(You might like to read at the link showing there!)

=

However, that is NOT the same as I see if I look under the padlock at
Google.com. I see this ...

Your connection to www.google.co.uk is encrypted using a modern cipher
suite.

The connection uses QUIC.

The connection is encrypted and authenticated using CHACHA20_POLY1305
and uses ECDHE_RSA as the key exchange mechanism.

=

I'm afraid I'm on a 150 mile round trip to visit my sister today, but
I'll remove Avast! this evening and see if things look different! Btw,
I'm looking at all this using my Apple iMac and OS X El Capitan. The
machine SHOULD be free from malware. wink emoticon

--
David B.



Just in case anyone is vaguely interested ........

Avast! has been removed from the iMac.

NOW ..... the certificates shown are from Microsoft (Not Avast!)

Is this of any surprise to anyone?!!!

--
David B.
  #20  
Old November 17th 15, 06:40 PM posted to alt.os.linux,alt.windows7.general
Kirk Jutland
external usenet poster
 
Posts: 6
Default What does it mean (to me) when a "certificate" to pirate bay is"invalid"?

On Mon, 16 Nov 2015 21:46:02 +0100, J.O. Aho wrote:

You will get a torrent file, but I know that some of the domains used
are just a copy of pirate bay which will open a new tab/window with spam
when you click on some of the links


I have never seen that.

Of course, I use ghostery, noscript, https everywhere, canvass blocker,
random agent spoofer, adblock plus, etc.

But, I wasn't worried about spam.

I mainly am asking that, since piratebay already is a semi-not-normal
site, being told that the certificate is from cloudfare doesn't mean
anything to me. I wasn't expecting the pirate bay to be run by LE
or anything and to be squeaky clean in the first place.

I just wanted to know how to INTERPRET the message.

It's odd that, without Avast, Firefox doesn't seem to have any problems.
So, is Avast just making this stuff up?

What you get with the torrent is a different thing, this can include
malware/viruses/spyware regardless if you download the torrentfile from
the pirate bay or a copy of it.


Again, that's a different topic that the antivirus should take care
of once the file is on the machine. What is *inside* the file that
the torrent points to can be *anything* (I realize that). In this
case, it's just a book - but it can still *hide* a virus.

That was never the question though. The question was just how to
interpret the message (because another one will pop up tomorrow).

  #21  
Old November 17th 15, 08:34 PM posted to alt.os.linux,alt.windows7.general
Wildman[_2_]
external usenet poster
 
Posts: 422
Default What does it mean (to me) when a "certificate" to pirate bay is"invalid"?

On Tue, 17 Nov 2015 17:40:50 +0000, Kirk Jutland wrote:

It's odd that, without Avast, Firefox doesn't seem to have any problems.
So, is Avast just making this stuff up?


Could be that Avast is doing it for same reason that many anti-virus
programs flag key generators as viruses when they are not.

--
Wildman GNU/Linux user #557453
Big Brother is watching you!
  #22  
Old November 18th 15, 07:06 AM posted to alt.os.linux,alt.windows7.general
J.O. Aho
external usenet poster
 
Posts: 130
Default What does it mean (to me) when a "certificate" to pirate bay is"invalid"?

On 11/17/2015 06:40 PM, Kirk Jutland wrote:
On Mon, 16 Nov 2015 21:46:02 +0100, J.O. Aho wrote:

You will get a torrent file, but I know that some of the domains used
are just a copy of pirate bay which will open a new tab/window with spam
when you click on some of the links


I have never seen that.

Of course, I use ghostery, noscript, https everywhere, canvass blocker,
random agent spoofer, adblock plus, etc.

But, I wasn't worried about spam.


You should, a lot of malware is delivered with online spam and this
ain't just a problem on shady sites, it also a problem on mainstream
sites too.


I just wanted to know how to INTERPRET the message.

It's odd that, without Avast, Firefox doesn't seem to have any problems.
So, is Avast just making this stuff up?


No, they have different view on trustworthy, firefox lets cloudflare to
pass as they know there are sites which uses it without setting up the
account with proper certificates. Avast just looks at the domain you
enter and what the certificate says.

It's up to you to decide if you want to follow the recommendation or
not. If you need fast help, use duckduckgo.com to check out the domain
you are to enter.

--

//Aho

  #23  
Old November 19th 15, 06:33 AM posted to alt.os.linux,alt.windows7.general
Daniel47
external usenet poster
 
Posts: 12
Default What does it mean (to me) when a "certificate" to pirate bay is"invalid"?

On 18/11/2015 5:06 PM, J.O. Aho wrote:

Snip
It's up to you to decide if you want to follow the recommendation or
not. If you need fast help, use duckduckgo.com to check out the domain
you are to enter.


How do you "use DuckDuckGo.com to check out the domain you are to
enter."?? Dies it rate sites or are you just using DDG to look for
commentary about sites??

Daniel

 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 10:42 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.