You are not logged in.
Hi all,
As the thread title states. Check out this screenshot: http://img212.imageshack.us/img212/1209/ffpopup.jpg
I was reading a post by someone on a local forum and up pops that box - and whenever there is the words "credit card", "SSL" and "invalid" in the same message I think that I and anyone else would be justified in being worried. But! Not being a security expert I wondered what you all thought.
Please advise.
Last edited by Linzt (2009-05-04 15:36:39)
I don't have a sig...
Offline
looks like a bad configuration.
I can;t say for certain, but it looks like the certificate is only valid for www.paypalcreditcard.co.uk and you're on paypalcreditcard.co.uk (note the lack of www in the second one.)
Thats just what it looks like to me though, I'm no expert.
Ex-KDE user.
Collects old PC's (Coz he can't afford new ones =P)
Crunchbang @ Distrowatch
My Blog (updated infrequently, and on the #! Planet too.)
Offline
What forum was it? How is it related to www.paypalcreditcard.co.uk?
Offline
I do not have any experience of dealing with the paypalcreditcard.co.uk domain or services. Are they officially affiliated with PayPal?
Ex-developer of #! CrunchBang. Follow me on Twitter 
Offline
Hi guys,
I was browsing SheffieldForum.co.uk and up it pops whilst I was reading a post of some forumer's rant.
I was a little worried by it.
I was thinking - could it have something to do with any advertisements that are on the site? (If so, that raises questions as to why did my ABP + subscriptions failed to block it...)
I do not have any experience of dealing with the paypalcreditcard.co.uk domain or services. Are they officially affiliated with PayPal?
I wouldn't know, Corenomial. But here's a screenshot of paypalcreditcard.co.uk. It doesn't have a valid security cert.
http://img201.imageshack.us/img201/431/ppccard.jpg
I can;t say for certain, but it looks like the certificate is only valid for www.paypalcreditcard.co.uk and you're on paypalcreditcard.co.uk (note the lack of www in the second one.)
Perhaps that was it in some way, though I wasn't visiting neither at the time.
Last edited by Linzt (2009-05-05 08:47:12)
I don't have a sig...
Offline
I was thinking - could it have something to do with any advertisements that are on the site? (If so, that raises questions as to why did my ABP + subscriptions failed to block it...)
Which subscription(s) do you use? I would make sure they are updated. Also maybe consider Fanboy's AdBlock List.
I wouldn't know, Corenomial. But here's a screenshot of paypalcreditcard.co.uk. It doesn't have a valid security cert.
http://img201.imageshack.us/img201/431/ppccard.jpg.
Like mehall said, you forgot the "www.":

Offline
Looks like you got this sorted out; however, the short answer to your questions is yes you should always worry about any invalid SSL cert if you are banking (no pun intended) on that certificate.
SSL certificates have two basic functions - the first is cryptographic the second is identification. You can self sign a cert and get the full benefit of the encryption (think opening an SSH connection). But the root authority signing system is what we are really trusting to guarantee that the serve on the other end belongs to paypal or whoever. This is why I actually read the certificate and evaluate the chain of trust before handing over any financial information. This seems like a good habit for everyone to get into.
Offline
Copyright © 2012 CrunchBang Linux.
Proudly powered by Debian. Hosted by Linode.
Debian is a registered trademark of Software in the Public Interest, Inc.