Also accounts.intuit.com which affects various products e.g. Mint.
And an interesting comment from the thread:
Enforcement of this error can be disabled by setting security.pki.distrust_ca_policy to '1' in about:config. Changing the value back to '2' will re-enable this change.
Considering the PCWorld group in the UK have had to disclose a serious breach recently, plus they have not bothered to update their EV certs, i'd suggest their security isn't up to scratch and black hats will notice this.
It's interesting that Firefox preserves the "Continue" button for affected sites, while Chrome does not. I get that we want to keep broken sites relatively accessible for a while, but I worry that we could also be teaching people to ignore warnings like these. I wonder if the continue button dissapears with HSTS…
Well, to get to the continue button you have to click once, then after you click continue you have a new dialog asking if you're sure you want to trust the certificate and whether you want to trust just for the session or permanently. It's not idiot-proof, but then nothing in software ever is.
sounds like you've never needed to diagnose a broken cert before..
all of this nannying for the common good and breaking functionality is not always a good thing. provide sensible defaults and give the user control to override it as they see fit (like the continue button)
Probably because Mozilla subscribes to the ethos that a user should get the final say in what computation gets done on their computer, and not some third party. I would be sad if they ever took the "continue" option away.
This is consistent with their position on drm in browsers.
Firefox Nightly has the continue button regardless, but if the site has HSTS, it will tell you so, and will not allow you to add an exception; continue only shows the cause of the problem, in this case, that the certificate came from an untrusted source. This is in line with the "no user recourse" section of the HSTS RFC.
Users should get the final say always. This was normal behavior before windows 8. Now windows users are guests in their operating system, and the attitude can be seen in other software as well, not only from Microsoft.
Firefox is an awesome browser and is the most pro choice browser on the market, with options for privacy plugins, search engines, cookie choices, tracking protection, etc.
Personal responsibility? I have on occasion ordered things from websites who did not have their security in order. My conscious and informed decision. Although I did not order with a creditcard ofcourse.
23 comments
[ 3.5 ms ] story [ 60.0 ms ] threadAnd an interesting comment from the thread:
Enforcement of this error can be disabled by setting security.pki.distrust_ca_policy to '1' in about:config. Changing the value back to '2' will re-enable this change.
Similar schedule and post: https://security.googleblog.com/2018/03/distrust-of-symantec...
Sites like PayPal and Intuit, which should be on top of things related to security, have been non-responsive to my pings to fix it.
all of this nannying for the common good and breaking functionality is not always a good thing. provide sensible defaults and give the user control to override it as they see fit (like the continue button)
This is consistent with their position on drm in browsers.
Firefox is an awesome browser and is the most pro choice browser on the market, with options for privacy plugins, search engines, cookie choices, tracking protection, etc.