Security alert on login

[robkelk]

When I logged in just now, I got a security alert. It started with "Unable to verify the identity of rcweb3 as a trusted site.", and went on to describe how the browser couldn't verify the security certificate of rcweb3. (I selected "Do not accept certificate and do not connect to the website"; it seems there's no ill effect in doing so.)

Anybody know what rcweb3 is? If it's an ad site or a tracking site, then maybe we shouldn't report this issue. (Because if they fix it, we won't know that they're chipping away at our privacy...)
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."

- Michael Ignatieff, addressing Stanford University in 2012

[Bob Schroeck]

I have no idea what it is. Google doesn't turn up anything meaningful for "rcweb3"; "rcweb" by itself turns up a load of radio-controlled hobbyist sites among other things that also seem irrelevant. Looking at the links on the page info for the main board page shows nothing with that domain.

When you say you logged in, were you speaking literally? What page do you normally come in on?
-- Bob
---------
Then the horns kicked in...
...and my shoes began to squeak.

[robkelk]

It happened right after I input my userID and password and clicked on the login button. (And it happened again when I logged in this evening.) I usually come in through the main DW Forum page.

Oh, and I'm using SeaMonkey as my main browser, not IE.
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."

- Michael Ignatieff, addressing Stanford University in 2012

[Bob Schroeck]

Huh. Let me log out and log in and see what happens, then.
-- Bob
---------
Then the horns kicked in...
...and my shoes began to squeak.

[Bob Schroeck]

Okay, I'm stumped. I didn't get any such warning on a logout and login, and a scan of the page info again shows no such domain with links on the main page.

Rob, can you do me a favor? After the next time you get it, do View|Page Info, hit the Links Tab, and eyeball the list to see if that domain shows up there? Thanks.
-- Bob
---------
Then the horns kicked in...
...and my shoes began to squeak.

[robkelk]

Will do. (I didn't get it this time...)
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."

- Michael Ignatieff, addressing Stanford University in 2012

[robkelk]

It's not on the list.

(There's a heck of a lot of crap that is on the page, though - including scripts for five different ad sites, which we shouldn't be getting because we pay for this forum.)
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."

- Michael Ignatieff, addressing Stanford University in 2012

[Bob Schroeck]

We're paying to not have the ads appear. I presume that's handled deeper on the server side than in the page templates.

As for the original problem, can you please email me a copy of the actual message text you get? Maybe I can eke something out of it. (Though I probably can't; it's still worth a look.)
-- Bob
---------
Then the horns kicked in...
...and my shoes began to squeak.

[robkelk]

Will do, the next time it happens. (It's become intermittent...)
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."

- Michael Ignatieff, addressing Stanford University in 2012

[robkelk]

I got a different popup upon login this time:

Server Certificate Expired

"a.live-conversion.com" is a site that uses a security certificate to encrypt data during transmission, but its certificate expired on 05 Dec 2009 15:09.

You should check to make sure that your computer's time (currently set to Monday 20 September 2010 09:45:51) is correct.

Would you like to continue anyway?

Since I'm visiting drunkardswalkforums.yuku.com, not a.live-conversion.com, I clicked "Cancel" - it doesn't seem to have any ill effects. (So far.)
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."

- Michael Ignatieff, addressing Stanford University in 2012

[Bob Schroeck]

Whoever they are, they're based in Tenafly NJ and use Gmail accounts for all their email. And obscure their WHOIS data. They're safe to ignore, as far as I can tell.
-- Bob
---------
Then the horns kicked in...
...and my shoes began to squeak.

[robkelk]

I got the rcweb3 message again. I'm not re-typing something that long; here's a screenshot.



As always, I chose "Do not accept..."
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."

- Michael Ignatieff, addressing Stanford University in 2012

[Bob Schroeck]

Gah. I should have said to examine the certificate. That's where there should be some more information about them. Sorry.

But given how hard it is to find anything about them with what we do know, it's probably more than safe to select the permanent "do not accept" option.
-- Bob
---------
Then the horns kicked in...
...and my shoes began to squeak.

[robkelk]

D'oh!

Well, it popped up again, so...



It looks like SeaMonkey doesn't like self-signed certificates. That's good behaviour, SeaMonkey - keep it up!
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."

- Michael Ignatieff, addressing Stanford University in 2012

[Bob Schroeck]

Okay, I think you can safely ignore this on a permanent basis. TARGUS is a marketing data outfit (their website boasts "Transform every customer contact into a profitable interaction. Get on-demand access to a wealth of knowledge that lets you identify, verify, score and locate prospects and customers... no matter the touch point"), so they're either providing ads or tracking your web activity or both. That they're issuing their own certificates suggests something a little underhanded is going on, too... I wonder who we could tell about that...
-- Bob
---------
Then the horns kicked in...
...and my shoes began to squeak.