On 03/11/2014 02:42 PM, Claudio Moretti wrote: > Hey Brian, > > I can't even reach PCWorld over HTTPS: > > Unable to connect > > Iceweasel can't establish a connection to the server at > www.pcworld.com <http://www.pcworld.com>. > > The site could be temporarily unavailable or too busy. Try > again in a few moments. > If you are unable to load any pages, check your computer's > network connection. > If your computer or network is protected by a firewall or > proxy, make sure that Iceweasel is permitted to access the Web. > > > This probably means that (at least for now) they've taken down their > HTTPS website. It's not a matter of updating the ruleset, but disabling > it by default. > > This, though, requires an update to the extension, and I'm not sure what > the policies for that are.
Nope, it just requires setting the "default_off" attribute in the ruleset. BTW, this was a serious bug report that probably broke the site for a lot of users! In the future it would be great if someone could cc me directly or put [URGENT] in the subject line. -Yan > > Yan, could you help? :) > > Thanks, > > Claudio > > claudio@Chuck:~$ nmap -p443 pcworld.com <http://pcworld.com> > www.pcworld.com <http://www.pcworld.com> > > Starting Nmap 6.41SVN ( http://nmap.org ) at 2014-03-11 21:42 GMT > Nmap scan report for pcworld.com <http://pcworld.com> (70.42.185.10) > Host is up (0.17s latency). > rDNS record for 70.42.185.10 <http://70.42.185.10>: www.pcworld.com > <http://www.pcworld.com> > PORT STATE SERVICE > 443/tcp closed https > > Nmap scan report for www.pcworld.com <http://www.pcworld.com> (70.42.185.10) > Host is up (0.17s latency). > PORT STATE SERVICE > 443/tcp closed https > > Nmap done: 2 IP addresses (2 hosts up) scanned in 0.52 seconds > > > > On Tue, Mar 11, 2014 at 8:00 PM, Brian Carpenter > <[email protected] <mailto:[email protected]>> wrote: > > While visiting pcworld.com <http://pcworld.com> > > (https://www.pcworld.com/article/2091801/5-alternatives-to-logmein-free-for-remote-pc-access.html) > with HTTPS Everywhere enabled in the latest Chrome stable build, I > received this notice from Chrome: > > You attempted to reach *www.pcworld.com <http://www.pcworld.com>*, > but the server presented a certificate issued by an entity that is > not trusted by your computer's operating system. This may mean that > the server has generated its own security credentials, which Chrome > cannot rely on for identity information, or an attacker may be > trying to intercept your communications. > > The certificate is for localhost.localdomain and may indicate a > misconfiguration on the part of pcworld.com <http://pcworld.com>, > but I don't have contact information for them, at least not contact > info for someone who would know what I'm talking about. ;) > > Might need to push out an update for the pcworld.com > <http://pcworld.com> rules. Thanks! > > Regards, > > Brian 'geeknik' Carpenter > https://twitter.com/geeknik > > > -- Yan Zhu <[email protected]> Staff Technologist Electronic Frontier Foundation https://www.eff.org 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x134
signature.asc
Description: OpenPGP digital signature
