netsurfer802 Posted October 24, 2014 Share Posted October 24, 2014 I have been working with a Windows 8.1 computer that is used to play music for a company...and they havea setup where by they login into a webpage on a local ip address of 192.168.1.106 and play fromstations by choosing the station. However, they have been getting an error that says,"Attackers might be trying to steal your information from 192.168.1.106"...the system time and datewere correct...and when I tried the webpage starting with 192.168.1.106 using Inprivate browsingI got the same error. I was also told that the website is basically Pandora. After importingthe certificate for the webpage as a trusted webpage for root certificates it seemed notto have a problem. I had ran scans with Malwarebytes and found a little over 300 PUP infections which I cleaned up...and a scan with Avast which had found a threat from a file that was placed on the desktop which came up as" High" severity. Aside from doing normal updating and scanning with an antimalware program such as Malwarebytes and with Avast is there anything else that should be done? Thanks in advanced for any helpful response/s. Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted October 24, 2014 MVC Share Posted October 24, 2014 Is this in Chrome, They have recently changed their tact for things that don't have a certificate. To the end user this maybe confusing.... Link to comment Share on other sites More sharing options...
sc302 Veteran Posted October 24, 2014 Veteran Share Posted October 24, 2014 perhaps it has something to do with this http://www.ghacks.net/2014/10/15/ssl-3-0-vulnerability-discovered-find-out-how-to-protect-yourself/ due to a security issue with SSL 3.0 publicly disclosed on 10/14 (google "poodle bug"), Chrome will be issuing warnings when users reach affected websites. Firefox is expected to follow suit in November. This includes any site supporting SSL 3.0 with any cipher suite except RC4, which has its own issues. Recommendation is to disallow SSL 3.0 completely, but that also means you lose IE6 compatibility. http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed http://time.com/3513083/poodle-bug-technology-ssl-web/ Link to comment Share on other sites More sharing options...
+BudMan MVC Posted October 24, 2014 MVC Share Posted October 24, 2014 If this was an actual browser warning? "Attackers might trying to steal" Come on really - is this meant for like 2nd graders? Give the actual problem, and then link to more info would be better solution to the problem. This site supports SSL 3 which has security concern - more information here. etc... Pretty impressed that neowin is only running tls ;) https://www.ssllabs.com/ssltest/analyze.html?d=neowin.net&s=74.204.71.246 Firefox will turn it off with 34, but for now you can disable it here https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/ I can see issues with sites that don't turn off ssl3, and users getting warnings that mention "attackers" is just scare mongering if you ask me. Link to comment Share on other sites More sharing options...
Recommended Posts