• 0 Posts
  • 720 Comments
Joined 1 year ago
Cake day: June 29th, 2023
  • Sanctus@lemmy.worldtoPC Master Race@lemmy.worldWhy do I get so many security alerts? Additional screenshot in commentsEnglish
    0·
    2 days ago

    According to nathanaldensr on an ATT forum:

    So much terrible advice in this thread, including by AT&T. I’m a software developer, including web development, of 20+ years who is used to seeing these kinds of things. Hopefully I can help educate the folks on this thread.

    TL;DR: There is nothing wrong with your equipment or its settings. Your internet connection is down and your modem is hijacking outgoing HTTPS connections. Once your internet connection comes back, the modem will no longer perform this behavior.

    In-depth answer:

    Various apps like browsers and Zoom use a protocol known as HTTPS. This protocol requires that your client device (PC, phone, etc.) and the remote server negotiate a secure, encrypted connection. Part of this negotiation is the server presenting the app with a certificate. The certificate will be issued for the domain name your computer is trying to access. For example, when your internet connection is working, connecting a browser to https://att.com will result in the server presenting a certificate for att.com, which is both trusted by a so-called “trusted certificate authority” and is also issued for att.com. Because the certificate is trusted and its domain name matches the domain name you are attempting to connect to, the browser allows the connection.

    Your problem arose because the AT&T modem, often a brand like Arris, detects that there is no internet connection and intercepts these outgoing HTTPS connection attempts. Instead of not responding at all, which I argue is the more secure option, the Arris modem responds with a so-called “self-signed” certificate–named this way because the certificate was not issued by a trusted certificate authority like the real https://att.com certificate. Not only is the certificate not trusted, but it’s also issued for the domain name dsldevice.domain_not_set.invalid, which, of course, doesn’t match the domain name your client device is attempting to connect to. This results in scary warnings, popups, etc. These warnings differ from app to app, but they almost always prevent any further activity on the connection. This is for security reasons because sometimes malicious actors can man-in-the-middle a connection attempt between your client device and a server and attempt to provide a fake certificate. Most modern apps are programmed to handle these mismatches and prevent you from continuing to use the connection.

    For example, here is Zoom’s warning window that shows the self-signed certificate, its domain name (called a common name in certificate parlance), and who it was issued by. You can see the issuer is Arris, who is the manufacturer of my modem. Ignore the “The certificate is valid” with a green checkmark; the certificate is “valid” in the sense that it is well-formed, but it is invalid in the sense that it was not signed by a trusted certificate authority and is issued for a mismatched domain name (Zoom really should not report self-signed certificates as “valid.”)

    Insightful, kinda a dick about it tho. But yeah some message interception from your router or provider seems to be it.

    I dont have this experience myself. I just saw your post and browsed some forums. So be cautious. But the issue isn’t contained to any single device, platform, or provider it seems. So these explanations seem valid.