Should I be worried about this?...

Linzt · 2009-05-04 15:35:42

Hi all,

As the thread title states. Check out this screenshot: http://img212.imageshack.us/img212/1209/ffpopup.jpg

I was reading a post by someone on a local forum and up pops that box - and whenever there is the words "credit card", "SSL" and "invalid" in the same message I think that I and anyone else would be justified in being worried. But! Not being a security expert I wondered what you all thought.

Please advise.

Last edited by Linzt (2009-05-04 15:36:39)

Mehall · 2009-05-04 20:11:15

looks like a bad configuration.

I can;t say for certain, but it looks like the certificate is only valid for www.paypalcreditcard.co.uk and you're on paypalcreditcard.co.uk (note the lack of www in the second one.)

Thats just what it looks like to me though, I'm no expert.

anonymous · 2009-05-04 20:41:07

What forum was it? How is it related to www.paypalcreditcard.co.uk?

corenominal · 2009-05-04 20:47:46

I do not have any experience of dealing with the paypalcreditcard.co.uk domain or services. Are they officially affiliated with PayPal?

Linzt · 2009-05-05 08:25:19

Hi guys,

I was browsing SheffieldForum.co.uk and up it pops whilst I was reading a post of some forumer's rant.

I was a little worried by it.

I was thinking - could it have something to do with any advertisements that are on the site? (If so, that raises questions as to why did my ABP + subscriptions failed to block it...)

corenominal wrote:

I do not have any experience of dealing with the paypalcreditcard.co.uk domain or services. Are they officially affiliated with PayPal?

I wouldn't know, Corenomial. But here's a screenshot of paypalcreditcard.co.uk. It doesn't have a valid security cert.
http://img201.imageshack.us/img201/431/ppccard.jpg

mehall wrote:

I can;t say for certain, but it looks like the certificate is only valid for www.paypalcreditcard.co.uk and you're on paypalcreditcard.co.uk (note the lack of www in the second one.)

Perhaps that was it in some way, though I wasn't visiting neither at the time.

Last edited by Linzt (2009-05-05 08:47:12)

anonymous · 2009-05-05 14:25:14

Linzt wrote:

I was thinking - could it have something to do with any advertisements that are on the site? (If so, that raises questions as to why did my ABP + subscriptions failed to block it...)

Which subscription(s) do you use? I would make sure they are updated. Also maybe consider Fanboy's AdBlock List.

Linzt wrote:

I wouldn't know, Corenomial. But here's a screenshot of paypalcreditcard.co.uk. It doesn't have a valid security cert.
http://img201.imageshack.us/img201/431/ppccard.jpg.

Like mehall said, you forgot the "www.":

fhsm · 2009-05-05 19:10:31

Looks like you got this sorted out; however, the short answer to your questions is yes you should always worry about any invalid SSL cert if you are banking (no pun intended) on that certificate.

SSL certificates have two basic functions - the first is cryptographic the second is identification. You can self sign a cert and get the full benefit of the encryption (think opening an SSH connection). But the root authority signing system is what we are really trusting to guarantee that the serve on the other end belongs to paypal or whoever. This is why I actually read the certificate and evaluate the chain of trust before handing over any financial information. This seems like a good habit for everyone to get into.

CrunchBang Linux

SEARCH

#1 2009-05-04 15:35:42

Should I be worried about this?...

#2 2009-05-04 20:11:15

Re: Should I be worried about this?...

#3 2009-05-04 20:41:07

Re: Should I be worried about this?...

#4 2009-05-04 20:47:46

Re: Should I be worried about this?...

#5 2009-05-05 08:25:19

Re: Should I be worried about this?...

#6 2009-05-05 14:25:14

Re: Should I be worried about this?...

#7 2009-05-05 19:10:31

Re: Should I be worried about this?...

Board footer