Re: [PLUG] newegg security
On Thu, Jul 06, 2017 at 07:40:35AM -0700, Galen Seitz wrote: > Could someone else please try these two addresses and report if you see > a similar problem? To the best of my knowledge, both of these are > Newegg IPs. > > https://38.95.229.188 > https://216.52.208.188 Same deal using firefox, chrome, and opera. A server configuration error. Call them and let them know, though I bet the phone pool workers are in a different Chinese province than the semi-incompetent IT wonks who misconfigured the web server and IP address assignment. Keith -- Keith Lofstrom kei...@keithl.com ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] newegg security
On Thu, Jul 6, 2017 at 7:40 AM, Galen Seitzwrote: > On 07/04/17 08:55, Galen Seitz wrote: > > Hi, > > > > Yesterday I went to the newegg web site to buy a disk. I opened a > > private browsing session in Firefox and went to newegg.com. I then > > clicked on the login link on their home page. At this point my memory > > gets a bit fuzzy, but I believe it was at that point I got a "Your > > connection is not secure" page from Firefox. At that point I followed a > > link from the Firefox page to the SSL Labs' test page. I ran a test on > > secure.newegg.com and it came back with a grade of F. Unfortunately I > > subsequently closed the firefox private session, losing the test > > information and the IP address. This morning I tried the SSL test again > > on secure.newegg.com, and the resulting score was A+. Now I'm left > > wondering what was going on yesterday. Has anyone else encountered > > this? I *really* wish I hadn't deleted that page with the F score. > > > > FWIW, my Firefox is ESR 52.2.0. > > OK, tried it again this morning and got the insecure connection problem > again. the next time it fails, right away, drop to a command line and issue "ping secure.newegg.com" - this will tell you which IP your system is using for this address currently. however, the issue may not be with this hostname specifically. it could easily be some other part of the page it's complaining about. perhaps taking a screenshot of the error page (also showing the URL) would be helpful. this mailing list doesn't allow attachments, so you can either send it to me directly for my opinion, or upload it to imgur.com or some other place and post the link for everyone to see. -wes ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] newegg security
It worked for me. I am using chrome. It will bark at anything that does not even smell right seems. On Thu, Jul 6, 2017 at 10:10 AM, Galen Seitzwrote: > On 07/06/17 07:49, Tim wrote: > > > > > >> OK, tried it again this morning and got the insecure connection problem > >> again. I also tried it with Chrome and got a similar security warning. > >> Could someone else please try these two addresses and report if you see > >> a similar problem? To the best of my knowledge, both of these are > >> Newegg IPs. > >> > >> https://38.95.229.188 > >> https://216.52.208.188 > > > > > > HTTPS certificate validation will fail if you are not accessing the > > web server using the site's appropriate DNS domain name. Public HTTPS > > certificates cannot be issued for IP addresses, so the URLs you > > included are guaranteed to fail validation. > > OK, that makes sense, and also explains why the SSL Labs test says I > can't use IP addresses. Can you please try https://secure.newegg.com ? > It's causing security errors here. > > galen > -- > Galen Seitz > gal...@seitzassoc.com > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > -- Chuck Hast -- KP4DJT -- Glass, five thousand years of history and getting better. The only container material that the USDA gives blanket approval on. ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] newegg security
On Thu, 6 Jul 2017, Galen Seitz wrote: > OK, that makes sense, and also explains why the SSL Labs test says I can't > use IP addresses. Can you please try https://secure.newegg.com ? It's > causing security errors here. galen, mozilla-firefox-45.9.0esr: connects correctly. opera-45.0.2552.898: connects correctly. chromium-56.0.2924.76: connects correctly. Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] newegg security
On 07/06/17 07:49, Tim wrote: > > >> OK, tried it again this morning and got the insecure connection problem >> again. I also tried it with Chrome and got a similar security warning. >> Could someone else please try these two addresses and report if you see >> a similar problem? To the best of my knowledge, both of these are >> Newegg IPs. >> >> https://38.95.229.188 >> https://216.52.208.188 > > > HTTPS certificate validation will fail if you are not accessing the > web server using the site's appropriate DNS domain name. Public HTTPS > certificates cannot be issued for IP addresses, so the URLs you > included are guaranteed to fail validation. OK, that makes sense, and also explains why the SSL Labs test says I can't use IP addresses. Can you please try https://secure.newegg.com ? It's causing security errors here. galen -- Galen Seitz gal...@seitzassoc.com ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] newegg security
> OK, tried it again this morning and got the insecure connection problem > again. I also tried it with Chrome and got a similar security warning. > Could someone else please try these two addresses and report if you see > a similar problem? To the best of my knowledge, both of these are > Newegg IPs. > > https://38.95.229.188 > https://216.52.208.188 HTTPS certificate validation will fail if you are not accessing the web server using the site's appropriate DNS domain name. Public HTTPS certificates cannot be issued for IP addresses, so the URLs you included are guaranteed to fail validation. tim ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
[PLUG] newegg security
Hi, Yesterday I went to the newegg web site to buy a disk. I opened a private browsing session in Firefox and went to newegg.com. I then clicked on the login link on their home page. At this point my memory gets a bit fuzzy, but I believe it was at that point I got a "Your connection is not secure" page from Firefox. At that point I followed a link from the Firefox page to the SSL Labs' test page. I ran a test on secure.newegg.com and it came back with a grade of F. Unfortunately I subsequently closed the firefox private session, losing the test information and the IP address. This morning I tried the SSL test again on secure.newegg.com, and the resulting score was A+. Now I'm left wondering what was going on yesterday. Has anyone else encountered this? I *really* wish I hadn't deleted that page with the F score. FWIW, my Firefox is ESR 52.2.0. galen -- Galen Seitz gal...@seitzassoc.com ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug