google privacy error - HSTS?
I am trying to get to the bottom of this error that I get (it seems) like once a day.
What is HSTS?
Here is a screenshot:
What is HSTS?
Here is a screenshot:
ASKER
the HSTS informs the browser that this should be connected to as a secure site either http over ssl or tls
And in my case -- is failing to do so? Can I fix this?
yes you can install the certificate for said site into your PC -- into trusted certs
....caveat - usually works -
still having occasional issues - especially with firefox
....caveat - usually works -
still having occasional issues - especially with firefox
ASKER
Still looking at this.
ASKER
I don't see how to make the certificates "trusted"
which browser
IE is tools - internet options-trusted sites
and the certificate is on content - certificates - then import
the problem is the browser is now maintin a list of what should be a cert and which is trusted so it folks some security measures and legitimately blocks things like man-in-the-middle
IE is tools - internet options-trusted sites
and the certificate is on content - certificates - then import
the problem is the browser is now maintin a list of what should be a cert and which is trusted so it folks some security measures and legitimately blocks things like man-in-the-middle
ASKER
All my troubles are in Chrome.
You must have some extension in Chrome that hijacks HTTPS traffic to inspect it for advertising purposes. See that *.betrad.com "subject" on the bottom of the screenshot - you are going to google.com but the certificate being used for it is issued to betrad.com (which is actually a domain for "Ghostery Enterprises", formerly Evidon, a very well-known marketing analytics provider. Remove any Chrome extensions that you don't trust (especially any extensions associated with Betrad or Ghostery) and your browser will stop exhibiting MITM attack behaviors that Google's HSTS mechanisms are detecting and alerting on.
If removing all Chrome extensions doesn't work, you might have some other spyware installed on your computer (likely came along with some freeware game or utility). You should be able to get rid of those by running a scan with Malwarebytes.
If removing all Chrome extensions doesn't work, you might have some other spyware installed on your computer (likely came along with some freeware game or utility). You should be able to get rid of those by running a scan with Malwarebytes.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've removed all of my extensions, and it still happens. For example in Google Docs if i try to edit a document the pop-up window gets hijacked by an advertisement.
When I go to settings / extensions in Chrome:
When I go to settings / extensions in Chrome:
ASKER
Scanning with malware bytes 2 detected objects so far:
ASKER
It's a PC, not a Mac.
ASKER
Here is one that popped-up during the Malwarebytes scan:
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
it has also been renamed as HTTP Strict Transport Security
a secure version of HTTP
which serves to thwart man in the mddle attacks
the HSTS informs the browser that this should be connected to as a secure site either http over ssl or tls