google privacy error - HSTS?

I am trying to get to the bottom of this error that I get (it seems) like once a day.  

What is HSTS?



Here is a screenshot:

google privacy error
LVL 5
Tom KnowltonWeb developerAsked:
Who is Participating?
 
DarinTCHSenior CyberSecurity EngineerCommented:
so again it is usually cert related

in this case deeper inspection seems to indicate an expired or shady cert was used - related to DigiCert

lots of sites that use them will be affected

1 - update all cert if possible
2 - delete expired certs

3 is this a mac
saw this before from other site
 when an old, apparently quasi-wide spread certificate expired.

Based on https://www.yesthatallen.com/fixing-an-old-digicert-issue/

Instructions for clearing expired DigiCert SSL certificate on OSX

 
Launching Keychain Access via Spotlight
⌘-Space
Type "Keychain Access"
Hit return
Ensure expired certificates are shown; enable "Show Expired Certificates" in the "View" menu.
Search for "Digicert".
Right-click the certificate with a red X and select "Delete DigiCert High Assurance EV Root CA"
The certificate may not look removed until Keychain Access is restarted
Restart your browsers
You should once again be able to access the affected sites.
0
 
DarinTCHSenior CyberSecurity EngineerCommented:
so this has actually been around for 5-6 but has recently been gaining traction
it has also been renamed as HTTP Strict Transport Security
a secure version of HTTP
which serves to thwart man in the mddle attacks

the HSTS informs the browser that this should be connected to as a secure site either http over ssl or tls
0
 
Tom KnowltonWeb developerAuthor Commented:
the HSTS informs the browser that this should be connected to as a secure site either http over ssl or tls


And in my case -- is failing to do so?  Can I fix this?
0
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
DarinTCHSenior CyberSecurity EngineerCommented:
yes you can install the certificate for said site into your PC -- into trusted certs
....caveat - usually works -
still having occasional issues - especially with firefox
0
 
Tom KnowltonWeb developerAuthor Commented:
Still looking at this.
0
 
Tom KnowltonWeb developerAuthor Commented:
I don't see how to make the certificates "trusted"
0
 
DarinTCHSenior CyberSecurity EngineerCommented:
which browser

IE is tools - internet options-trusted sites
and the certificate is on content - certificates - then import

the problem is the browser is now maintin a list of what should be a cert and which is trusted so it folks some security measures and legitimately blocks things like man-in-the-middle
0
 
Tom KnowltonWeb developerAuthor Commented:
All my troubles are in Chrome.
0
 
Oleksiy GaydaCommented:
You must have some extension in Chrome that hijacks HTTPS traffic to inspect it for advertising purposes. See that *.betrad.com "subject" on the bottom of the screenshot - you are going to google.com but the certificate being used for it is issued to betrad.com (which is actually a domain for "Ghostery Enterprises", formerly Evidon, a very well-known marketing analytics provider. Remove any Chrome extensions that you don't trust (especially any extensions associated with Betrad or Ghostery) and your browser will stop exhibiting MITM attack behaviors that Google's HSTS mechanisms are detecting and alerting on.

If removing all Chrome extensions doesn't work, you might have some other spyware installed on your computer (likely came along with some freeware game or utility). You should be able to get rid of those by running a scan with Malwarebytes.
0
 
Tom KnowltonWeb developerAuthor Commented:
I've removed all of my extensions, and it still happens.  For example in Google Docs if i try to edit a document the pop-up window gets hijacked by an advertisement.

When I go to settings / extensions in Chrome:

extensions remvoed
0
 
Tom KnowltonWeb developerAuthor Commented:
Scanning with malware bytes 2 detected objects so far:

malware scan so far
0
 
Tom KnowltonWeb developerAuthor Commented:
It's a PC, not a Mac.
0
 
Tom KnowltonWeb developerAuthor Commented:
Here is one that popped-up during the Malwarebytes scan:

iispace
0
 
Oleksiy GaydaCommented:
That last one is definitely a virus, most likely some crypto ransomware variant - don't click OK (sometimes triggering uninstallation processes on spyware will kick off their "deadman's hand" process of getting something else nasty to install).

The Malwarebytes scan is finding spyware as suspected: Multiplug and Yula Ads. Make sure you run Malwarebytes scan a couple of times and let it delete/clean whatever it finds.

You should also have an antivirus running on your system - there are a lot of free ones, like Avast or even the Microsoft Security Essentials. Although antiviruses don't always find and delete PUPs (potentially unwanted programs - term used for adware and spyware), so you should use something like Malwarebytes or AdAware to periodically scan for those.

Run a couple Malwarebytes scans, maybe reboot between them to make sure it can delete any "undeletable" objects. Make sure you have an antivirus. Be careful when installing freeware and run Malwarebytes scans every month or so. That should keep you clean of spyware going forward.

Good luck!

P.S. Don't worry, Mac users are starting to get these too, now that they're more popular and pose a more profitable target for the bad guys :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.