Hi,
Since last week, web browsers (Firefox esr v115.12.0 and Konqueror v22.12.3) on my Debian Bookworm v12.5.0 based-laptop have had only intermittent access to the web. For example, whilst using Firefox and attempting to access the Youtube web site, the browser displays the following text.
Software is Preventing Firefox From Safely Connecting to This Site
www.youtube.com is most likely a safe site, but a secure connection could not be established. This issue is caused by allot.com/emailAddress=info@allot.com, which is either software on your computer or your network.
What can you do about it?
www.youtube.com has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site.
If your antivirus software includes a feature that scans encrypted connections (often called “web scanning” or “https scanning”), you can disable that feature. If that doesn’t work, you can remove and reinstall the antivirus software.
If you are on a corporate network, you can contact your IT department.
If you are not familiar with allot.com/emailAddress=info@allot.com, then this could be an attack, and there is nothing you can do to access the site.
This screen also has two buttons labelled "Go back" and "Advanced...". Clicking on "Advanced..." reveals further, boxed-out text as follows as well as a "Go Back" button.
Web sites prove their identity via certificates, which are issued by certificate authorities.
Firefox is backed by the non-profit Mozilla, which administers a completely open certificate authority (CA) store. The CA store helps ensure that certificate authorities are following best practices for user security.
Firefox uses the Mozilla CA store to verify that a connection is secure, rather than certificates supplied by the user’s operating system. So, if an antivirus program or a network is intercepting a connection with a security certificate issued by a CA that is not in the Mozilla CA store, the connection is considered unsafe.
Error code: MOZILLA_PKIX_ERROR_MITM_DETECTED [<-- link]
View Certificate [<-- link]
Clicking on the "MOZILLA_PKIX_ERROR_MITM_DETECTED" link displays yet more boxed-out text which starts as follows.
"https://www.youtube.com/
Your connection is being intercepted by a TLS proxy. Uninstall it if possible or configure your device to trust its root certificate.
HTTP Strict Transport Security: true
HTTP Public Key Pinning: true"
This is then followed by two blocks of alpha-numeric text comprising two certificates.
Clicking on the "View Certificate" link shows the offending certificate (which allows only field-by-field "copying and pasting" here) to be as follows.
Under "Subject Name" there is "Common Name nl102.trafcfy.com"
Under "Issuer Name" there are the following.
Country ES
State/Province/County Madrid
Locality Madrid
Organisation Allot
Organisational Unit Allot
Common Name allot.com/emailAddress=info@allot.com [<-- link]
Under "Validity" there are the following.
Not Before Fri, 16 Dec 2016 13:07:49 GMT
Not After Wed, 16 Dec 2026 13:07:49 GMT
I have "tracked" these certificates to /etc/ssl/certs. However, I do not see any mention of "nl102.trafcfy.com" or "allot.com". I am using Dolphin which has been set to "Show Hidden Files".
So, how do I remove these offending certificates when I cannot even find them ?
Stuart
Since last week, web browsers (Firefox esr v115.12.0 and Konqueror v22.12.3) on my Debian Bookworm v12.5.0 based-laptop have had only intermittent access to the web. For example, whilst using Firefox and attempting to access the Youtube web site, the browser displays the following text.
Software is Preventing Firefox From Safely Connecting to This Site
www.youtube.com is most likely a safe site, but a secure connection could not be established. This issue is caused by allot.com/emailAddress=info@allot.com, which is either software on your computer or your network.
What can you do about it?
www.youtube.com has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site.
If your antivirus software includes a feature that scans encrypted connections (often called “web scanning” or “https scanning”), you can disable that feature. If that doesn’t work, you can remove and reinstall the antivirus software.
If you are on a corporate network, you can contact your IT department.
If you are not familiar with allot.com/emailAddress=info@allot.com, then this could be an attack, and there is nothing you can do to access the site.
This screen also has two buttons labelled "Go back" and "Advanced...". Clicking on "Advanced..." reveals further, boxed-out text as follows as well as a "Go Back" button.
Web sites prove their identity via certificates, which are issued by certificate authorities.
Firefox is backed by the non-profit Mozilla, which administers a completely open certificate authority (CA) store. The CA store helps ensure that certificate authorities are following best practices for user security.
Firefox uses the Mozilla CA store to verify that a connection is secure, rather than certificates supplied by the user’s operating system. So, if an antivirus program or a network is intercepting a connection with a security certificate issued by a CA that is not in the Mozilla CA store, the connection is considered unsafe.
Error code: MOZILLA_PKIX_ERROR_MITM_DETECTED [<-- link]
View Certificate [<-- link]
Clicking on the "MOZILLA_PKIX_ERROR_MITM_DETECTED" link displays yet more boxed-out text which starts as follows.
"https://www.youtube.com/
Your connection is being intercepted by a TLS proxy. Uninstall it if possible or configure your device to trust its root certificate.
HTTP Strict Transport Security: true
HTTP Public Key Pinning: true"
This is then followed by two blocks of alpha-numeric text comprising two certificates.
Clicking on the "View Certificate" link shows the offending certificate (which allows only field-by-field "copying and pasting" here) to be as follows.
Under "Subject Name" there is "Common Name nl102.trafcfy.com"
Under "Issuer Name" there are the following.
Country ES
State/Province/County Madrid
Locality Madrid
Organisation Allot
Organisational Unit Allot
Common Name allot.com/emailAddress=info@allot.com [<-- link]
Under "Validity" there are the following.
Not Before Fri, 16 Dec 2016 13:07:49 GMT
Not After Wed, 16 Dec 2026 13:07:49 GMT
I have "tracked" these certificates to /etc/ssl/certs. However, I do not see any mention of "nl102.trafcfy.com" or "allot.com". I am using Dolphin which has been set to "Show Hidden Files".
So, how do I remove these offending certificates when I cannot even find them ?
Stuart
Statistics: Posted by Stuarte — 2024-07-08 08:41 — Replies 0 — Views 5