Shields Up

Post by **fac51** » Sat Feb 28, 2004 7:13 pm

well thats ok then

vinnieza · Post by **vinnieza** » Sun Mar 07, 2004 12:31 pm

i also get a security warning saying the name on the certificate doesn't match the website name?

Post by **fac51** » Sun Mar 07, 2004 12:35 pm

Vlammetje wrote:Yeah.

Just a few random quotes out of all that:

I think you hit the nail on the head. Using Mozilla 1.5 I didn't get the error message on ?https://www.grc.com or ?https://grc.com at all. With IE6 I got no message with ?https://grc.com but did get it with ?https://www.grc.com though.

--------------------------------------------------------------------------------

I just confirmed the same thing with IE 5.5 SP2. Drop the 'www' and no cert message appears.

Maybe Mozilla is smart enough to know that http://www.grc.com and grc.com are the same thing whereas IE6 just checks for an exact string match.

--------------------------------------------------------------------------------

No one tell SpaceCowboy, but in this case I think IE is right and Mozilla/Firebird is wrong. There appears to be a valid distinction as to the type of cert, and Mozilla appears to be ignoring it. Some certs apply ONLY to the exact domain name / machine quoted in the cert.

Geotrust/FreeSSL/ChainedSSL makes a distinction between single subdomain certs and "wildcard" certs -- the latter protects *.example.com .

Of course, I am too lazy to search BugZilla, since this is almost certainly already reported. (And it's probably easily tweakable already.)

Summarized: the certificate is issued to https://grc.com and your link says https://www.grc.com

They think that's why the alert shows up.

Seems peculiar to me but I guess in IE anything is possible.

This is why. the certificate is issued to https://grc.com and my link says http://www.grc.com

i'll go change the initial link i think

vinnieza · Post by **vinnieza** » Sun Mar 07, 2004 12:40 pm

thanks, i've never known that before?

Post by **fac51** » Sun Mar 07, 2004 12:42 pm

yeah i know it caught us all by surprise to :wink:

Andy · Post by **Andy** » Sun May 29, 2005 8:56 pm

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

Dredging up an oldie......

None of the tests could detect a single problem with my system, every single port tested is Stealthed

Post by **fac51** » Sun May 29, 2005 9:11 pm

lol just used it earlier today myself