Hi forum friends,
While working my Shiretoko browser on aalerted webpage that was then checked and launched via Perspectives I got the following prompt:
"done_quering_notaries error Type Error: gSSL Status is null"
What should I check or where should I look for the origin of this error message?
Is this a MS bug or some form of attack?
My encryption report from http://www.fortify.net/sslcheck.html:
# cipher, 256-bit key
# AES cipher, 192-bit key
# AES cipher, 128-bit key
# RC4 cipher, 128-bit key
# RC2 cipher, 128-bit key
# Triple-DES cipher, 168-bit key
# IDEA cipher, 128-bit key
# DES cipher, 56-bit key
Get an error here also: https://connect.sigen-ca.si/index-en.htm Perspectives then redirects to a Not found,
luntrus
Error prompt - why?
Error prompt - why?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.1pre) Gecko/20090719 Shiretoko/3.5.1pre
Re: Error prompt - why?
(I know nothing of Perspectives.)
With the latter link, I get an "This Connection is Untrusted" warning.
If I accept the certificate, I then end up at a "404" (The requested URL was not found on this server. Maybe the link to that file has changed.).
So, just as it says, thinking you have an outdated link.
With the latter link, I get an "This Connection is Untrusted" warning.
If I accept the certificate, I then end up at a "404" (The requested URL was not found on this server. Maybe the link to that file has changed.).
So, just as it says, thinking you have an outdated link.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.1pre) Gecko/20090716 SeaMonkey/2.0b1pre
-
- Ambassador
- Posts: 1586
- Joined: Fri Mar 20, 2009 4:47 am
- Location: Colorado, USA
Re: Error prompt - why?
I don't use Perspectives anymore. I couldn't connect with two of its four servers at one time in the past and I suspect that may have been causing me some performance problems. I don't think it did anything for me anyhow, since I'm using a desktop computer connected to my ISP with a wired DSL connection.
Using the latest Shiretoko nightly, my SSL Encryption Report from Fortify is the same as yours.
https://connect.sigen-ca.si/index-en.htm is not a good link. Append an "l" to it, i.e. use https://connect.sigen-ca.si/index-en.html. You still need to manually allow the certificate though. BTW, I did all my testing in a sandbox. I'm won't accept an untrusted certificate otherwise.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.1pre) Gecko/20090719 Shiretoko/3.5.1pre
Using the latest Shiretoko nightly, my SSL Encryption Report from Fortify is the same as yours.
https://connect.sigen-ca.si/index-en.htm is not a good link. Append an "l" to it, i.e. use https://connect.sigen-ca.si/index-en.html. You still need to manually allow the certificate though. BTW, I did all my testing in a sandbox. I'm won't accept an untrusted certificate otherwise.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.1pre) Gecko/20090719 Shiretoko/3.5.1pre
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1
Re: Error prompt - why?
So long as you do not set the certificate "permanent", wouldn't it be session only in any case?I won't accept an untrusted certificate otherwise.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.1pre) Gecko/20090716 SeaMonkey/2.0b1pre
Re: Error prompt - why?
Hi Alan Baxter,
Thanks for the explanation.
Thanks for the explanation.
I quote here from: http://taosecurity.blogspot.com/2008/10 ... tives.htmlIt's important to remember the problem this approach, perspectives, is trying to solve. The classic case is detecting and avoiding a man-in-the-middle attack against SSL while browsing at an Internet cafe. This approach will not help if someone creates a Web site advertising "avoid foreclosure!"
luntrusBy independently querying the desired target site, the notaries can check whether each is receiving the same authentication information, called a digital certificate, in response. If one or more notaries report authentication information that is different than that received by the browser or other notaries, a user would have reason to suspect that an attacker has compromised the connection...
"When Firefox users click on a website that uses a self-signed certificate, they get a security error message that leaves many people bewildered," [author[ Andersen said. Once Perspectives has been installed in the browser, however, it can automatically override the security error page without disturbing the user if the site appears legitimate.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.1pre) Gecko/20090719 Shiretoko/3.5.1pre
-
- Ambassador
- Posts: 1586
- Joined: Fri Mar 20, 2009 4:47 am
- Location: Colorado, USA
Re: Error prompt - why?
I suppose. But why expose myself for even a session to a possibly malicious site?therube wrote:So long as you do not set the certificate "permanent", wouldn't it be session only in any case?I won't accept an untrusted certificate otherwise.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1