If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#16
|
|||
|
|||
What does it mean (to me) when a "certificate" to pirate bay is"invalid"?
On 11/15/2015 11:05 PM, Kirk Jutland wrote:
On Sun, 15 Nov 2015 10:44:51 +0100, J.O. Aho wrote: Your avat which intercepts your internet traffic notice the difference between the site you wanted to go to and the certificate you got and assumes that the site ain't the one you intended to go to and warns you as the certificate is for cloudflaressl.com as the person behind the copy of pirate bay hasn'ät bothered to upload the correct ssl certificates to cloudflare. OK. That is the first explanation that I *understood*. 1. I went to piratebay.whatever with Firefox 42. 2. Firefox and Avast both expected a certificate for "piratebay.whatever". 3. What came back was a certificate for cloudflares instead. 4. So Avast barfed on it. 5. Presumably, had I not used Avast, Firefox would have also barfed. Now the $64 question.... Is it safe (so to speak) to go there? I'm not expecting perfect safety (this isn't a banking site). But, is it *really* the piratebay that I'm going to or not? With a faulty certificate (e.g., for a piratebay.whatever when the Web site is now cloudflares.com), you are at risk, The Pirate Bay site might have been hijacked. -- David E. Ross Pharmaceutical companies claim their drug prices are so high because they have to recover the costs of developing those drugs. Two questions: 1. Why is the U.S. paying the entire cost of development while prices for the same drugs in other nations are much lower? 2. Manufacturers of generic drugs did not have those development costs. Why are they charging so much for generics? |
Ads |
#17
|
|||
|
|||
What does it mean (to me) when a "certificate" to pirate bay is"invalid"?
On Mon, 16 Nov 2015 08:19:31 -0800, David E. Ross wrote:
With a faulty certificate (e.g., for a piratebay.whatever when the Web site is now cloudflares.com), you are at risk, The Pirate Bay site might have been hijacked. See, thats the thing. Let's say I'm going to pirate bay to download, War & Peace. Piratebay is already dodgy for that, isn't it? So, is it any more dodgy to get that torrent from Cloudflares? I don't know (realistically) a thing about *either* site. |
#18
|
|||
|
|||
What does it mean (to me) when a "certificate" to pirate bay is"invalid"?
On 11/16/2015 07:41 PM, Kirk Jutland wrote:
On Mon, 16 Nov 2015 08:19:31 -0800, David E. Ross wrote: With a faulty certificate (e.g., for a piratebay.whatever when the Web site is now cloudflares.com), you are at risk, The Pirate Bay site might have been hijacked. See, thats the thing. Let's say I'm going to pirate bay to download, War & Peace. Piratebay is already dodgy for that, isn't it? So, is it any more dodgy to get that torrent from Cloudflares? I don't know (realistically) a thing about *either* site. You will get a torrent file, but I know that some of the domains used are just a copy of pirate bay which will open a new tab/window with spam when you click on some of the links, this can make you catch a malware/virus just by visiting those spam pages (that depends on the browser and what potential vulnerabilities it has together with the plugins). To minimize the risk, use a advertisement blocker like ghostery or similar, which can (if you are lucky) prevent to open that tab/window with spam. What you get with the torrent is a different thing, this can include malware/viruses/spyware regardless if you download the torrentfile from the pirate bay or a copy of it. Alternative is to use binary usergroups, but it's not a protection against viruses/malware/spyware in the application, pdf you downloaded. -- //Aho |
#19
|
|||
|
|||
What does it mean (to me) when a "certificate" to pirate bay is"invalid"?
On 15/11/2015 08:42, David_Dewgud wrote:
On 15/11/2015 07:06, David E. Ross wrote: On 11/14/2015 7:48 PM, Kirk Jutland wrote: What does it mean (to me) when a "certificate" to pirate bay is "invalid"? http://i.imgur.com/mkL4pt2.jpg So, I admit, I try to go to piratebay to search about stuff that is available for download. I'm not sure the difference, but it happens with these sites: thepiratebay.to thepiratebay.la thepiratebay.gd My av program won't let me get there. http://i.imgur.com/mkL4pt2.jpg It says: "the following certificate is invalid sni34388.cloudflares1.com Huh? What is cloudflares1? I didn't go there, did I? I guess the certificate "is" for cloudflares1, but, what does that mean, to me? It's a dodgy site to begin with anyway, so, should I expect this? Or is this abnormal? How do I INTERPRET what the problem is? Is it severe enough to turn off the av checks? Is it an innocuous message? How "critical" is this message? I realize it means "something" is wrong with the certificate for the encryption of that web site. But it's a dodgy web site to start with, isn't it? So, should I be worried if I were to turn off my av program? Why? You should not be using Avast to check the validity of Web site certificates. Instead, you should use a browser that does it. I know that SeaMonkey and Firefox do it. I think Internet Explorer, Edge, Chrome, Safari, and Opera do it, too. When I see a message about an invalid certificate, it means I was trying to view a secure Web site (e.g., my bank) that has a problem with establishing a secure Internet connection with my browser. When I go to my bank's Web site, the Web server indicates that the site has a subscriber certificate that was digitally signed by some intermediate certificate. The server supplies my browser with public parts of both the subscriber and intermediate certificates. The intermediate certificate is supposed to be digitally signed by a root certificate that is contained in a database that is part of my browser. That is, the root certificate is on my computer. If this chain of certificates is complete -- if the signature on the subscriber certificate can indeed be traced to the intermediate certificate and if the signature on the intermediate certificate can indeed be traced to the root certificate -- a secure connection can then be established between my browser and the Web server. There are several reasons why the chain of certificates breaks down, leaving you with a message about an invalid certificate. Messages about invalid certificates usually indicate why the certificate is invalid. Among the reasons a * All certificates -- subscriber, intermediate, and root -- have expiration dates. Either a certificate has actually expired and needs to be replaced; or else your computer's clock is wrong, causing your computer to act as if a certificate has expired. * The system administrator for the Web server is an idiot and should not be trusted to be involved with secure Web browsing. This is evidenced by his or her failure to install the intermediate certificate on the server. Do not laugh; this is a very common problem. * Your browser's certificate database does not contain the required root certificate. This might happen if you are using an old browser, older than the root certificate. In your case, it could also happen if you are using an old version of Avast since Avast must contain a database of root certificates to check the chain of certificates. It is also possible that you accidentally deleted the file containing the database of root certificates. * The Web site you are trying to visit recently changed its domain name. The signed subscriber certificate was created for the old domain name. A new signed subscriber certificate is needed for the new domain name. Note that this can happen if the three Pirate Bay domains you cited are now merely aliases for sni34388.cloudflares1.com; the subscriber certificate must be for the actual domain and not its aliases. This is another instance of an idiot system administrator. Some browsers (e.g., SeaMonkey, Firefox) have the capability to override the detection of an invalid certificate. Perhaps Avast might have such a capability. However, this is a capability that should be used only with extreme caution. FYI, I've just sent this to a Facebook friend! = I'm now left wondering about Avast! though. The certificate here is provided by them! https://social.technet.microsoft.com/profile/BDonTJ Using Google Chrome and clicking on the padlock reveals this ........ Your connection to social.technet.microsoft.com is encrypted using an obsolete cipher suite. The connection uses TLS 1.2. = It's exactly the same here too! https://community.dynamics.com/members/bdontj (You might like to read at the link showing there!) = However, that is NOT the same as I see if I look under the padlock at Google.com. I see this ... Your connection to www.google.co.uk is encrypted using a modern cipher suite. The connection uses QUIC. The connection is encrypted and authenticated using CHACHA20_POLY1305 and uses ECDHE_RSA as the key exchange mechanism. = I'm afraid I'm on a 150 mile round trip to visit my sister today, but I'll remove Avast! this evening and see if things look different! Btw, I'm looking at all this using my Apple iMac and OS X El Capitan. The machine SHOULD be free from malware. wink emoticon -- David B. Just in case anyone is vaguely interested ........ Avast! has been removed from the iMac. NOW ..... the certificates shown are from Microsoft (Not Avast!) Is this of any surprise to anyone?!!! -- David B. |
#20
|
|||
|
|||
What does it mean (to me) when a "certificate" to pirate bay is"invalid"?
On Mon, 16 Nov 2015 21:46:02 +0100, J.O. Aho wrote:
You will get a torrent file, but I know that some of the domains used are just a copy of pirate bay which will open a new tab/window with spam when you click on some of the links I have never seen that. Of course, I use ghostery, noscript, https everywhere, canvass blocker, random agent spoofer, adblock plus, etc. But, I wasn't worried about spam. I mainly am asking that, since piratebay already is a semi-not-normal site, being told that the certificate is from cloudfare doesn't mean anything to me. I wasn't expecting the pirate bay to be run by LE or anything and to be squeaky clean in the first place. I just wanted to know how to INTERPRET the message. It's odd that, without Avast, Firefox doesn't seem to have any problems. So, is Avast just making this stuff up? What you get with the torrent is a different thing, this can include malware/viruses/spyware regardless if you download the torrentfile from the pirate bay or a copy of it. Again, that's a different topic that the antivirus should take care of once the file is on the machine. What is *inside* the file that the torrent points to can be *anything* (I realize that). In this case, it's just a book - but it can still *hide* a virus. That was never the question though. The question was just how to interpret the message (because another one will pop up tomorrow). |
#21
|
|||
|
|||
What does it mean (to me) when a "certificate" to pirate bay is"invalid"?
On Tue, 17 Nov 2015 17:40:50 +0000, Kirk Jutland wrote:
It's odd that, without Avast, Firefox doesn't seem to have any problems. So, is Avast just making this stuff up? Could be that Avast is doing it for same reason that many anti-virus programs flag key generators as viruses when they are not. -- Wildman GNU/Linux user #557453 Big Brother is watching you! |
#22
|
|||
|
|||
What does it mean (to me) when a "certificate" to pirate bay is"invalid"?
On 11/17/2015 06:40 PM, Kirk Jutland wrote:
On Mon, 16 Nov 2015 21:46:02 +0100, J.O. Aho wrote: You will get a torrent file, but I know that some of the domains used are just a copy of pirate bay which will open a new tab/window with spam when you click on some of the links I have never seen that. Of course, I use ghostery, noscript, https everywhere, canvass blocker, random agent spoofer, adblock plus, etc. But, I wasn't worried about spam. You should, a lot of malware is delivered with online spam and this ain't just a problem on shady sites, it also a problem on mainstream sites too. I just wanted to know how to INTERPRET the message. It's odd that, without Avast, Firefox doesn't seem to have any problems. So, is Avast just making this stuff up? No, they have different view on trustworthy, firefox lets cloudflare to pass as they know there are sites which uses it without setting up the account with proper certificates. Avast just looks at the domain you enter and what the certificate says. It's up to you to decide if you want to follow the recommendation or not. If you need fast help, use duckduckgo.com to check out the domain you are to enter. -- //Aho |
#23
|
|||
|
|||
What does it mean (to me) when a "certificate" to pirate bay is"invalid"?
On 18/11/2015 5:06 PM, J.O. Aho wrote:
Snip It's up to you to decide if you want to follow the recommendation or not. If you need fast help, use duckduckgo.com to check out the domain you are to enter. How do you "use DuckDuckGo.com to check out the domain you are to enter."?? Dies it rate sites or are you just using DDG to look for commentary about sites?? Daniel |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|