Puzzled
@ntli.net | Ebay SSL site certificates
Anyone know why Ebay uk is issuing SSL site certificates supposedly from the US DoD
Wwwd.my.af.mil
US Government
DoD
www.usafa.af.mil
U.S. Government
DoD, PKI, USAF
US
Firefox says they can’t be trusted? |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL | What link (url) were you following? |
|
Puzzled
@ntli.net | »www.ebay.co.uk/ then follow the signin link, Opera gives the same warning been happening for over a day now. |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
 ·Callcentric
 ·RoadRunner Cable
·AT&T CallVantage
2 edits | reply to Puzzled
If you're using EBay.co.uk's signin page, that page is a Verisign issued Cert. See screenshot above.
Only guess I'd have would be if you're using a proxy or other MITM and it's spoofing EBay's cert with its own. In that case, you should be aware that your SSL data can be read by whoever's presenting the cert.
EDIT - tried your link, same thing. The cert I get is from Verisign.
--
6EQUJ5 |
|
Puzzled
@ntli.net
| Thats what I was concerened with, Also as one can't contact Ebay anymore by E-mail you have to sign in, same applies if one wants to change ones password.
With NTL you have to go through a proxy I have tried various ones but each time I get the duff certs.
Not sure what is the best course of action |
|
Kiwi
Premium
join:2003-05-26
USA | reply to Puzzled
Perhaps a filter issue? Works fine with IE7, both links. |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
·Callcentric
·RoadRunner Cable
·AT&T CallVantage
2 edits | reply to Puzzled
Assuming you're not using a wireless where someone can poison your ARP cache and redirect you, contact your ISP and tell them what's going on. IMO you have a proxy feeding you certs. If that's the ISP, their proxy servers may be misconfigured or compromised.
Also run virus and malware scans, including A squared free, for installed proxies or other malware.
If you use any special software for secure signins to work or other sites, check with the site's help desk.
Finally, send an email to spoof@Ebay.co.uk or ebay.com. It may not help, but can't hurt. In the meantime try using another PC for logins to sensitive sites until you get this resolved.
--
6EQUJ5 |
|
Puzzled
@ntli.net | reply to Kiwi
I have even tried a VM with Linux/Firefox same result. |
|
Puzzled
@ntli.net
| reply to EGeezer
said by EGeezer  :Assuming you're not using a wireless where someone can poison your ARP cache and redirect you, contact your ISP and tell them what's going on. IMO you have a proxy feeding you certs. If that's the ISP, their proxy servers may be misconfigured or compromised. Also run virus and malware scans, including A squared free, for installed proxies or other malware. If you use any special software for secure signins to work or other sites, check with the site's help desk. Finally, send an email to spoof@Ebay.co.uk or ebay.com. It may not help, but can't hurt. In the meantime try using another PC for logins to sensitive sites until you get this resolved. I did send emails to ebay, got a reply saying that 'The address you wrote to (support@ebay.com) is no longer in service. Please re-send your email to us through the Contact Us page listed below' which means you have to log in.
Thanks for the suggestion about the ISP I will do so ASAP.
I don't seem to have any problems with any other site that uses a secure log in (so far!)
I do run KAV6 and have no alerts and I have tried with a VM linux with the same result so I presume its not on my machine? But I will later on, try my laptop. |
|
Anon users
| reply to Puzzled
Only Ebay cert not 'working' or every SSL cert??? try other secure sites as well & check... |
|
Puzzled
@ntli.net | said by Anon users :
Only Ebay cert not 'working' or every SSL cert??? try other secure sites as well & check...
Only Ebay so far. No problems with any others I have tried |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T U-Verse
 ·AT&T Midwest
1 edit | reply to Puzzled
Something is definitely wrong here. You are right to be suspicious.
I can't tell if this is an MITM attack, or malware on your computer, or DNS poisoning that is taking you to the wrong site. I would guess that DNS problems are the most likely.
You might check whether you have a hosts file with a bad entry for securepics.ebaystatic.com.
edit: The DNS problems - connecting you to the wrong site -- could be occurring at your web proxy. Definitely contact your ISP about this.
--
Never underestimate the ability of a large organization to screw up |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
·Vonage
·AT&T Southeast
 ·Cingular Wireless
·AT&T CallVantage
4 edits | reply to Puzzled
said by Puzzled :
With NTL you have to go through a proxy I have tried various ones but each time I get the duff certs.
That statement seems to be at odds with the setup instructions on the NTL web site as shown in the screen capture below.
Can you post the results of a traceroute and nslookup for signin.ebay.co.uk and securepics.ebaystatic.com? Those results mught give a clue to your problem.
For what it is worth, securepics.ebaystatic.com appears to be operated by Akamai, and with the load balancing tricks that Akamai does, you could be going to a totally different login server than someone from the US, and what you are seeing may be a temporary problem with the Akamai DNS (it has happened before).
--
Outsourcing is not the same as Offshoring!
Test your firewall. | Smell the flowers. |
|
Puzzled
@ntli.net
| reply to nwrickert
said by nwrickert :Something is definitely wrong here. You are right to be suspicious. I can't tell if this is an MITM attack, or malware on your computer, or DNS poisoning that is taking you to the wrong site. I would guess that DNS problems are the most likely. You might check whether you have a hosts file with a bad entry for securepics.ebaystatic.com. Thanks for the suggestion, I have a huge hosts file but no entries for securepics.ebaystatic.com.
As per EGeezer's suggestion I have just used 'A squared' comes up clean as does Kav6.
If I use a Linux distro on a VM that is fresh, does that not ensure that my connection to the cable modem itself is clean or can something be inserted between the VM and the network card?
|
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| Something could be inserted between VM and net. However, it is far more likely that the problem is at your ISP - either their DNS server or their web proxy server.
--
Never underestimate the ability of a large organization to screw up |
|
Puzzled
@ntli.net
| reply to NetFixer
Well just got back on after work and Christmas Shopping! Seems that someone somewhere either took notice of one of my e-mails, read this site or else they fixed it anyway as things are now back to normal. I just hope no one has been burned by this if it were malicious.
said by NetFixer :said by Puzzled :
With NTL you have to go through a proxy I have tried various ones but each time I get the duff certs.
That statement seems to be at odds with the setup instructions on the NTL web site as shown in the screen capture below. For what it is worth, securepics.ebaystatic.com appears to be operated by Akamai, and with the load balancing tricks that Akamai does, you could be going to a totally different login server than someone from the US, and what you are seeing may be a temporary problem with the Akamai DNS (it has happened before). By default NTL route through a proxy so there is no need for a user to enter an address. There are several in each area, (9 in the one I’m in) so it is possible to preempt which server one is directed to and use any one on the network not just local. Which is very useful as it is then possible to get round ‘local difficulties’ which happen with much too much frequency IMO.
Interesting about Akamai.
said by nwrickert :Something could be inserted between VM and net. However, it is far more likely that the problem is at your ISP - either their DNS server or their web proxy server. More food for thought, Hopefully whatever the cause it has been resolved permanently.
It is very good to know that there is a site where one can post one's concerns, get a good response, and help when needed. My thanks to those that run this site!
My special thanks also to all who have replied for their time and help, it has been very much appreciated.
Merry Christmas! |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country! | Thanks so much for your followup and kudos to the folks here. Sounds like we were on the right track too! Merry Christmas!
--
6EQUJ5 |
|
Nowen
@transaria.net
| reply to Puzzled
I have this same problem, which hasn't gone away. I'm using MAC OSX 10.3, Firefox 2.0.0.1. It doesn't do this in Safari, and occasionally it doesn't in Firefox. The really strange thing is that usafa.af.mil is the US Airforce Academy's website. So my error message in effect says that it can't verify that Paypal (and Ebay) is the US Airforce Academy. Very strange indeed. |
|
