Posts: 25,376
Threads: 2,057
Joined: Feb 2005
Reputation:
12
Security alert on login
09-17-2010, 03:07 PM
When I logged in just now, I got a security alert. It started with "Unable to verify the identity of rcweb3 as a trusted site.", and went on to describe how the browser couldn't verify the security certificate of rcweb3. (I selected "Do not accept certificate and do not connect to the website"; it seems there's no ill effect in doing so.)
Anybody know what rcweb3 is? If it's an ad site or a tracking site, then maybe we shouldn't report this issue. (Because if they fix it, we won't know that they're chipping away at our privacy...)
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."
- Michael Ignatieff, addressing Stanford University in 2012
Posts: 27,457
Threads: 2,265
Joined: Sep 2002
Reputation:
21
I have no idea what it is. Google doesn't turn up anything meaningful for "rcweb3"; "rcweb" by itself turns up a load of radio-controlled hobbyist sites among other things that also seem irrelevant. Looking at the links on the page info for the main board page shows nothing with that domain.
When you say you logged in, were you speaking literally? What page do you normally come in on?
-- Bob
---------
Then the horns kicked in...
...and my shoes began to squeak.
Posts: 25,376
Threads: 2,057
Joined: Feb 2005
Reputation:
12
It happened right after I input my userID and password and clicked on the login button. (And it happened again when I logged in this evening.) I usually come in through the main DW Forum page.
Oh, and I'm using SeaMonkey as my main browser, not IE.
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."
- Michael Ignatieff, addressing Stanford University in 2012
Posts: 27,457
Threads: 2,265
Joined: Sep 2002
Reputation:
21
Huh. Let me log out and log in and see what happens, then.
-- Bob
---------
Then the horns kicked in...
...and my shoes began to squeak.
Posts: 27,457
Threads: 2,265
Joined: Sep 2002
Reputation:
21
Okay, I'm stumped. I didn't get any such warning on a logout and login, and a scan of the page info again shows no such domain with links on the main page.
Rob, can you do me a favor? After the next time you get it, do View|Page Info, hit the Links Tab, and eyeball the list to see if that domain shows up there? Thanks.
-- Bob
---------
Then the horns kicked in...
...and my shoes began to squeak.
Posts: 25,376
Threads: 2,057
Joined: Feb 2005
Reputation:
12
Will do. (I didn't get it this time...)
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."
- Michael Ignatieff, addressing Stanford University in 2012
Posts: 25,376
Threads: 2,057
Joined: Feb 2005
Reputation:
12
It's not on the list.
(There's a heck of a lot of crap that is on the page, though - including scripts for five different ad sites, which we shouldn't be getting because we pay for this forum.)
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."
- Michael Ignatieff, addressing Stanford University in 2012
Posts: 27,457
Threads: 2,265
Joined: Sep 2002
Reputation:
21
We're paying to not have the ads appear. I presume that's handled deeper on the server side than in the page templates.
As for the original problem, can you please email me a copy of the actual message text you get? Maybe I can eke something out of it. (Though I probably can't; it's still worth a look.)
-- Bob
---------
Then the horns kicked in...
...and my shoes began to squeak.
Posts: 25,376
Threads: 2,057
Joined: Feb 2005
Reputation:
12
Will do, the next time it happens. (It's become intermittent...)
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."
- Michael Ignatieff, addressing Stanford University in 2012
Posts: 25,376
Threads: 2,057
Joined: Feb 2005
Reputation:
12
I got a different popup upon login this time:
Quote:Server Certificate Expired
"a.live-conversion.com" is a site that uses a security certificate to encrypt data during transmission, but its certificate expired on 05 Dec 2009 15:09.
You should check to make sure that your computer's time (currently set to Monday 20 September 2010 09:45:51) is correct.
Would you like to continue anyway?
Since I'm visiting drunkardswalkforums.yuku.com, not a.live-conversion.com, I clicked "Cancel" - it doesn't seem to have any ill effects. (So far.)
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."
- Michael Ignatieff, addressing Stanford University in 2012
Posts: 27,457
Threads: 2,265
Joined: Sep 2002
Reputation:
21
Whoever they are, they're based in Tenafly NJ and use Gmail accounts for all their email. And obscure their WHOIS data. They're safe to ignore, as far as I can tell.
-- Bob
---------
Then the horns kicked in...
...and my shoes began to squeak.
Posts: 25,376
Threads: 2,057
Joined: Feb 2005
Reputation:
12
I got the rcweb3 message again. I'm not re-typing something that long; here's a screenshot.
As always, I chose "Do not accept..."
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."
- Michael Ignatieff, addressing Stanford University in 2012
Posts: 27,457
Threads: 2,265
Joined: Sep 2002
Reputation:
21
Gah. I should have said to examine the certificate. That's where there should be some more information about them. Sorry.
But given how hard it is to find anything about them with what we do know, it's probably more than safe to select the permanent "do not accept" option.
-- Bob
---------
Then the horns kicked in...
...and my shoes began to squeak.
Posts: 25,376
Threads: 2,057
Joined: Feb 2005
Reputation:
12
D'oh!
Well, it popped up again, so...
It looks like SeaMonkey doesn't like self-signed certificates. That's good behaviour, SeaMonkey - keep it up!
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."
- Michael Ignatieff, addressing Stanford University in 2012
Posts: 27,457
Threads: 2,265
Joined: Sep 2002
Reputation:
21
Okay, I think you can safely ignore this on a permanent basis. TARGUS is a marketing data outfit (their website boasts "Transform every customer contact into a profitable interaction. Get on-demand access to a wealth of knowledge that lets you identify, verify, score and locate prospects and customers... no matter the touch point"), so they're either providing ads or tracking your web activity or both. That they're issuing their own certificates suggests something a little underhanded is going on, too... I wonder who we could tell about that...
-- Bob
---------
Then the horns kicked in...
...and my shoes began to squeak.
|