comments in-line On 5/24/14, NoOp <[email protected]> wrote: > On 05/24/2014 04:47 AM, Lee wrote: >> Well I think I found something! >> >> Could not verify this Certificate because the issuer is unknown >> >> Issued to >> Common Name (CN Name of bank >> Organization (O) DO-NOT-TRUST >> Organizational unit (OU) Created by http://www.fiddler2.com >> Serial Number >> D5:45:43:f3:bbe2:56:A7:40:D2:83:OF:2A:99:4D:19 >> >> Issued By >> >> Common Name (CN) DO_NOT_TRUST_FiddlerRoot >> Organization (0) DO_NOT_TRUST >> Organizational Unit (OU) Created by http://www.fiddler2.com >> >> Validity >> Issued On 5/13/2014 >> Expires on 5/12/2024 >> >> Fingerprints >> SHA1 >> 16:E2:6D"E2:99:FD:CO:B8:54:3F:39:7d:80:C1:2D:26:F1:AA:25:57 >> MDS Fingerprint A9:41:5e:3a:b4:8E:D8:D6:95:8D:609:5c:82:55:11:07 >> > > Well... there is nothing nefarious about fiddler2.com itself. Fiddler is > a free web debugging proxy for any browser, system or platform. > Basically it's a developer's debugger tool. Just so 'Fiddler' > fiddler2.com doesn't get a bad rap in the archives: > > <http://www.telerik.com/fiddler> > <http://www.telerik.com/fiddler#KeyFeatures> > <http://blogs.telerik.com/fiddler/posts/13-08-19/faq---certificates-in-fiddler>
Did I say anything bad about fiddler? I didn't think I did, but ... If we're going "for the record", I think the motivation of the person installing the "man-in-the-middle" determines if the program is malicious or not. If the OP installed it, no, it's not malicious. Anyone else - yeah, I'd say it's malicious. > "By default, Fiddler intercepts insecure traffic (HTTP) but it can be > configured to decrypt secure (HTTPS) traffic. In order to do so, the > proxy executes a man-in-the-middle attack against the secure traffic; to > achieve that, Fiddler must generate a root certificate and use that root > certificate to generate multiple end-entity certificates, one for each > HTTPS site which is being intercepted." > > You can see that it is used in real life: > <http://hitmanpro.wordpress.com/2014/01/05/malware-served-via-yahoo-affected-millions/> > "Below a screenshot of Fiddler showing the recorded drive-by infection, > proofing that Yahoo was indeed infecting its visitors through a > malicious iframe" > <http://hitmanpro.files.wordpress.com/2014/01/yahoo-proof1.png> > ... > > And the program itself doesn't contain any malware or virus: > <http://fiddler.en.lo4d.com/virus-malware-tests> > > So you apparently got this installed by something you did, downloaded, > or someplace you visited on the web. It is possible that a piece of > malware may be trying to use the Fiddler proxy debugger to intercept > your traffic. But, if that is the case it didn't work very well as the > Fiddler generated certs were detected and blocked by SeaMonkey. (the > other Lee was spot on in determining that you had a proxy problem) > > <http://superuser.com/questions/169303/why-are-my-browsers-suddenly-configured-to-use-a-proxy> <insert>If you didn't install Fiddler,</insert> > You should run anti-malware & anti-virus checks to see if you can > determine and eradicate whatever changed you to Fiddler proxy settings. In other words, if you installed Fiddler & then forgot about it - no problems. Otherwise something bad happened & it'd be a Good Idea to run the anti-malware / anti-virus / anti-whatever checks to see what other bad things have been done to your machine & try to reverse it. Once you've got it cleaned up, consider installing cert patrol & maybe even request policy: https://addons.mozilla.org/en-US/seamonkey/addon/certificate-patrol/ https://addons.mozilla.org/en-us/seamonkey/addon/requestpolicy/ Regards, Lee _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
