Topics

moderated safari warns groups.io certificate expired, site "may be impersonating" groups.io etc. #misc


 

Ominously, I just got the same "this connection is not private... impersonation" yada yada  message on my brand-new (< 1 month old) iPhone, after clicking on a wapo link that had been sent to me in an email. It happened just once but does not bode well.
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


 

I have no problem using an alternative browser, either, and have been using Firefox for groups.io during this issue. It is still convenient to use safari sometimes, if not for groups.io then for some other sites.


On Jun 2, 2020, at 8:08 PM, dave w <groupsmaster@...> wrote:

On Tue, Jun 2, 2020 at 07:29 AM, J_Catlady wrote:
It's clear now that it's my old version of Safari (forced on me by my old OS) that's causing my problem.
Group- To be contrary, both my MacBook and OS are older than those cited.
And I have no problem whatsoever using an alternative browser.
The 'condition' of using Safari is the concern- while it can't be erased, I'd suggest it can be ignored.
And that from a 30 year 'fanboy' who's done my time troublshooting and supporting a heck of a lot of other local Mac users, mostly for free!
regards dave

--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


dave w
 

On Tue, Jun 2, 2020 at 07:29 AM, J_Catlady wrote:
It's clear now that it's my old version of Safari (forced on me by my old OS) that's causing my problem.
Group- To be contrary, both my MacBook and OS are older than those cited.
And I have no problem whatsoever using an alternative browser.
The 'condition' of using Safari is the concern- while it can't be erased, I'd suggest it can be ignored.
And that from a 30 year 'fanboy' who's done my time troublshooting and supporting a heck of a lot of other local Mac users, mostly for free!
regards dave


 

Yep, I can get in using safari now, which makes me tempted to delay the inevitable (an OS upgrade;)
Thanks!
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


 

Hi All,

I've upgraded the certificates on the site.

Cheers, Mark


Michael Pavan
 

Oops, I mixed up which Safari goes with which OS,
I should have said:

OS X 10.15.5 Catalina is a 64-bit based OS.
It won't run on any Mac older than 2012, and in the case of the Mac Pro, late 2013.

If you have apps that will not function on 64-bit, do not upgrade beyond OS X 10.14.6 Mojave (the last 32-bit)
(My choice for my 2017 MacBookPro)
Safari 13.1.1 is the latest for this OS (and Catalina)

If you have "Storage Medium Type: Rotational"
(i.e. a Hard Disk Drive, HDD - rather than a Solid-State Drive, SSD)
it is advised to not update beyond OS X 10.11.6 El Capitan
(My choice for my mid 2010 MacBookPro)
Safari 11.1.2 is the latest for this OS


Michael Pavan
 

OS X 10.15.5 Catalina is a 64-bit based OS.
It won't run on any Mac older than 2012, and in the case of the Mac Pro, late 2013.

If you have apps that will not function on 64-bit, do not upgrade beyond OS X 10.14.6 Mojave (the last 32-bit)
(My choice for my 2017 MacBookPro)
Safari 11.1.2 is the latest for this OS

If you have "Storage Medium Type: Rotational"
(i.e. a Hard Disk Drive, HDD - rather than a Solid-State Drive, SSD)
it is advised to not update beyond OS X 10.11.6 El Capitan
(My choice for my mid 2010 MacBookPro)
Safari 13.1.1 is the latest for this OS (and Catalina)


 

Patti,
I'll PM you but it's been determined that the certificate is fine and this is my safari. I can't even view videos on FB any more and even FB informs me that I must switch to "an up to date browser." Nevertheless, I won't look a gift horse in the mouth (pun intended - I know you're a horse person!) and may PM you later. I've even received a generous offer from another IT person on beta who's willing to hold my hand during the OS update (something I'm dreading;) Beta is wonderful!
J

On Mon, Jun 1, 2020 at 1:23 PM Patti Woodbury <deserthorses@...> wrote:
J - my son (he's an IT manager and bit of a MAC/Safari guru) feels this is "something else" - and not related to the age of either your machine or version of Safari. It would be easier to investigate offline if you would feel comfortable pm-ing me; could then be more specific in some back and forth of what to look for, etc., if its a serious issue or not, etc.
Everything about the certificate, issuer, etc. is valid and up to date.

Patti in AZ


--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


 

J - my son (he's an IT manager and bit of a MAC/Safari guru) feels this is "something else" - and not related to the age of either your machine or version of Safari. It would be easier to investigate offline if you would feel comfortable pm-ing me; could then be more specific in some back and forth of what to look for, etc., if its a serious issue or not, etc.
Everything about the certificate, issuer, etc. is valid and up to date.

Patti in AZ


 

Right, Patti, rhanks. It's clear now that it's my old version of Safari (forced on me by my old OS) that's causing my problem. I need to upgrade to Cataline but am scared to do it. It's becoming more and more clear that I need to bite that bullet soon.


On Mon, Jun 1, 2020 at 12:26 PM Patti Woodbury <deserthorses@...> wrote:


MacBook Pro ten years old running High Sierra 10.13.6

Patti


--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


 



MacBook Pro ten years old running High Sierra 10.13.6

Patti


Thomas Gruber
 

Hi,
That‘s a pretty old version of Safari. Mine is 13.1.1 now. Could that be the reason?
Kind regards
Thomas

Am 31.05.2020 um 01:29 schrieb J_Catlady <j.olivia.catlady@...>:

This is my safari: Version 11.1.2 (11605.3.8.1)
Should I worry? It has a little lock symbol and then it says:
This Connection is Not Private. This website may be impersonating "groups.io" to steal your personal or financial information. You should go back to the previous page.

Then you can click on "Go Back" or "Show Details." When I click on Show Details, it says

Safari warns you when a website has an expired certificate. This website's certificate expired 1 day ago. This may happen if the website is misconfigured, an attacker has compromised your connection, or your system clock is incorrect. Your system clock is set to Saturday, May 30, 2020. If this is not right, fixing the clock may address this warning.
To learn more, you can view the certificate. If you understand the risks involved, you can visit this website.
Oddly, I was unable to copy the text to paste it here. I had to type it in verbatim. I didn't click on either link above.
Should I worry???
Thanks.

--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


Dave Wade
 

Anyone who gets this error should be worried because it means whilst they haven’t been hacked, they are missing root or trusted certificate updates.

Whilst this means they may reject valid certificates, as is happening in this case, it could mean the accept revoked certificates as valid…

 

Dave

 

From: main@beta.groups.io <main@beta.groups.io> On Behalf Of J_Catlady
Sent: 31 May 2020 00:46
To: main@beta.groups.io
Subject: Re: [beta] safari warns groups.io certificate expired, site "may be impersonating" groups.io etc. #misc

 

Thanks, Duane. At least I'm not alone, so am less worried that I've been hacked or something.

 

On Sat, May 30, 2020 at 4:33 PM Duane <txpigeon@...> wrote:

On Sat, May 30, 2020 at 05:01 PM, Mark Fletcher wrote:

Is anyone else seeing this?

Someone reported it on GMF, but didn't specify the browser, https://groups.io/g/GroupManagersForum/message/32051

Duane


--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


 

Hi All,

I will generate a new SSL certificate to address this issue, but it won't be until Monday or Tuesday. In the meantime, you can use Chrome or Firefox to access the site.

Thanks,
Mark


 

Ok. I will answer messages like this offlist from hereon in. Thanks.
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


Donald Hellen
 

J_Catlady . . .

On Sat, 30 May 2020 17:57:38 -0700, "J_Catlady"
<j.olivia.catlady@gmail.com> wrote:

Any advice? Feel free to message me offlist if this is not relevant to most people here.
Are you unable to upgrade the operating system?

If you can't, you're in the same boat as those still Running Windows
XP. You won't have the security updates to keep you safe.

Donald


----------------------------------------------------
Some ham radio groups you may be interested in:
https://groups.io/g/ICOM
https://groups.io/g/Ham-Antennas
https://groups.io/g/HamRadioHelp


 

Ok. From Mark's link, it seems like the problem may be my old computer etc:

"Devices that received security updates after mid 2015 should have the modern USERTrust RSA Certification Authority root certificate (valid until Jan 2038) in their operating system or browser truststores and should be largely unaffected.

Legacy devices that have not received updates to support newer roots will also likely to be missing other essential security updates and support for standards required by the modern Internet. We strongly encourage decommissioning these devices if their software cannot be upgraded. Non-upgraded, legacy devices should never be exposed to the Internet and special mitigations should be applied to isolate them from neighbor systems."

Any advice? Feel free to message me offlist if this is not relevant to most people here.


--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


Christopher Warrington
 

On 2020-05-30 at 3:01:17 PM, Mark Fletcher <markf@corp.groups.io> wrote:

I'm unable to duplicate this, and the .groups.io certificate
doesn't expire until September 9th. Is anyone else seeing this?
It looks like the Groups.io cert is cross-signed with the AddTrust
root that expired at 2020-05-30 10:48Z. [1]

Modern TLS clients don't have trouble with this cert because the
USERTRUST root hasn't expired yet.

Time for a newer cert without this root?


openssl s_client -connect groups.io:443
CONNECTED(00000004)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = FR, ST = Paris, L = Paris, O = Gandi, CN = Gandi Standard SSL CA 2
verify return:1
depth=0 OU = Domain Control Validated, OU = Gandi Standard Wildcard SSL, CN = *.groups.io
verify return:1
---
Certificate chain
0 s:OU = Domain Control Validated, OU = Gandi Standard Wildcard SSL, CN = *.groups.io
i:C = FR, ST = Paris, L = Paris, O = Gandi, CN = Gandi Standard SSL CA 2
1 s:C = FR, ST = Paris, L = Paris, O = Gandi, CN = Gandi Standard SSL CA 2
i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
2 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
3 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
---
<SNIP>

[1]: https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020

--
Christopher Warrington <lists@cw.codes>


 

On Sat, May 30, 2020 at 4:52 PM J_Catlady <j.olivia.catlady@...> wrote:
Duane, could you get the info from the person on GMF about what they're running, etc?

I think this is maybe the issue:



I am away from the computer for the next few hours, so I can't research it any more. When I'm back I will see if there's anything on my end that we can do.


Mark
 


Joseph Hudson
 

No problems on my Mac running safari.

On May 30, 2020, at 5:01 PM, Mark Fletcher <markf@corp.groups.io> wrote:

I'm unable to duplicate this, and the .groups.io certificate doesn't expire until September 9th. Is anyone else seeing this?

Thanks, Mark