Re: [PLUG] newegg security

2017-07-06 Thread Keith Lofstrom 
On Thu, Jul 06, 2017 at 07:40:35AM -0700, Galen Seitz wrote:
> Could someone else please try these two addresses and report if you see
> a similar problem?  To the best of my knowledge, both of these are
> Newegg IPs.
> 
> https://38.95.229.188
> https://216.52.208.188

Same deal using firefox, chrome, and opera.  A server
configuration error.  Call them and let them know,
though I bet the phone pool workers are in a different
Chinese province than the semi-incompetent IT wonks who
misconfigured the web server and IP address assignment.

Keith

-- 
Keith Lofstrom  kei...@keithl.com
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] newegg security

2017-07-06 Thread wes 
On Thu, Jul 6, 2017 at 7:40 AM, Galen Seitz  wrote:

> On 07/04/17 08:55, Galen Seitz wrote:
> > Hi,
> >
> > Yesterday I went to the newegg web site to buy a disk.  I opened a
> > private browsing session in Firefox and went to newegg.com.  I then
> > clicked on the login link on their home page.  At this point my memory
> > gets a bit fuzzy, but I believe it was at that point I got a "Your
> > connection is not secure" page from Firefox.  At that point I followed a
> > link from the Firefox page to the SSL Labs' test page.  I ran a test on
> > secure.newegg.com and it came back with a grade of F.  Unfortunately I
> > subsequently closed the firefox private session, losing the test
> > information and the IP address.  This morning I tried the SSL test again
> > on secure.newegg.com, and the resulting score was A+.  Now I'm left
> > wondering what was going on yesterday.  Has anyone else encountered
> > this?  I *really* wish I hadn't deleted that page with the F score.
> >
> > FWIW, my Firefox is ESR 52.2.0.
>
> OK, tried it again this morning and got the insecure connection problem
> again.


the next time it fails, right away, drop to a command line and issue "ping
secure.newegg.com" - this will tell you which IP your system is using for
this address currently.

however, the issue may not be with this hostname specifically. it could
easily be some other part of the page it's complaining about. perhaps
taking a screenshot of the error page (also showing the URL) would be
helpful.

this mailing list doesn't allow attachments, so you can either send it to
me directly for my opinion, or upload it to imgur.com or some other place
and post the link for everyone to see.

-wes
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] newegg security

2017-07-06 Thread Chuck Hast 
It worked for me. I am using chrome. It will bark at anything that does not
even
smell right seems.

On Thu, Jul 6, 2017 at 10:10 AM, Galen Seitz  wrote:

> On 07/06/17 07:49, Tim wrote:
> >
> >
> >> OK, tried it again this morning and got the insecure connection problem
> >> again.  I also tried it with Chrome and got a similar security warning.
> >> Could someone else please try these two addresses and report if you see
> >> a similar problem?  To the best of my knowledge, both of these are
> >> Newegg IPs.
> >>
> >> https://38.95.229.188
> >> https://216.52.208.188
> >
> >
> > HTTPS certificate validation will fail if you are not accessing the
> > web server using the site's appropriate DNS domain name.  Public HTTPS
> > certificates cannot be issued for IP addresses, so the URLs you
> > included are guaranteed to fail validation.
>
> OK, that makes sense, and also explains why the SSL Labs test says I
> can't use IP addresses.  Can you please try https://secure.newegg.com ?
> It's causing security errors here.
>
> galen
> --
> Galen Seitz
> gal...@seitzassoc.com
> ___
> PLUG mailing list
> PLUG@lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>



-- 

Chuck Hast  -- KP4DJT --
Glass, five thousand years of history and getting better.
The only container material that the USDA gives blanket approval on.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] newegg security

2017-07-06 Thread Rich Shepard 
On Thu, 6 Jul 2017, Galen Seitz wrote:

> OK, that makes sense, and also explains why the SSL Labs test says I can't
> use IP addresses. Can you please try https://secure.newegg.com ? It's
> causing security errors here.

galen,

   mozilla-firefox-45.9.0esr: connects correctly.
   opera-45.0.2552.898: connects correctly.
   chromium-56.0.2924.76: connects correctly.

Rich
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] newegg security

2017-07-06 Thread Galen Seitz 
On 07/06/17 07:49, Tim wrote:
> 
> 
>> OK, tried it again this morning and got the insecure connection problem
>> again.  I also tried it with Chrome and got a similar security warning.
>> Could someone else please try these two addresses and report if you see
>> a similar problem?  To the best of my knowledge, both of these are
>> Newegg IPs.
>>
>> https://38.95.229.188
>> https://216.52.208.188
> 
> 
> HTTPS certificate validation will fail if you are not accessing the
> web server using the site's appropriate DNS domain name.  Public HTTPS
> certificates cannot be issued for IP addresses, so the URLs you
> included are guaranteed to fail validation.

OK, that makes sense, and also explains why the SSL Labs test says I
can't use IP addresses.  Can you please try https://secure.newegg.com ?
It's causing security errors here.

galen
-- 
Galen Seitz
gal...@seitzassoc.com
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] newegg security

2017-07-06 Thread Tim 


> OK, tried it again this morning and got the insecure connection problem
> again.  I also tried it with Chrome and got a similar security warning.
> Could someone else please try these two addresses and report if you see
> a similar problem?  To the best of my knowledge, both of these are
> Newegg IPs.
> 
> https://38.95.229.188
> https://216.52.208.188


HTTPS certificate validation will fail if you are not accessing the
web server using the site's appropriate DNS domain name.  Public HTTPS
certificates cannot be issued for IP addresses, so the URLs you
included are guaranteed to fail validation.

tim
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] newegg security

2017-07-04 Thread Galen Seitz 
Hi,

Yesterday I went to the newegg web site to buy a disk.  I opened a
private browsing session in Firefox and went to newegg.com.  I then
clicked on the login link on their home page.  At this point my memory
gets a bit fuzzy, but I believe it was at that point I got a "Your
connection is not secure" page from Firefox.  At that point I followed a
link from the Firefox page to the SSL Labs' test page.  I ran a test on
secure.newegg.com and it came back with a grade of F.  Unfortunately I
subsequently closed the firefox private session, losing the test
information and the IP address.  This morning I tried the SSL test again
on secure.newegg.com, and the resulting score was A+.  Now I'm left
wondering what was going on yesterday.  Has anyone else encountered
this?  I *really* wish I hadn't deleted that page with the F score.

FWIW, my Firefox is ESR 52.2.0.


galen
-- 
Galen Seitz
gal...@seitzassoc.com
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug