Tom Knowlton
asked on
google privacy error - HSTS?
ASKER
the HSTS informs the browser that this should be connected to as a secure site either http over ssl or tls
And in my case -- is failing to do so? Can I fix this?
yes you can install the certificate for said site into your PC -- into trusted certs
....caveat - usually works -
still having occasional issues - especially with firefox
....caveat - usually works -
still having occasional issues - especially with firefox
ASKER
Still looking at this.
ASKER
I don't see how to make the certificates "trusted"
which browser
IE is tools - internet options-trusted sites
and the certificate is on content - certificates - then import
the problem is the browser is now maintin a list of what should be a cert and which is trusted so it folks some security measures and legitimately blocks things like man-in-the-middle
IE is tools - internet options-trusted sites
and the certificate is on content - certificates - then import
the problem is the browser is now maintin a list of what should be a cert and which is trusted so it folks some security measures and legitimately blocks things like man-in-the-middle
ASKER
All my troubles are in Chrome.
You must have some extension in Chrome that hijacks HTTPS traffic to inspect it for advertising purposes. See that *.betrad.com "subject" on the bottom of the screenshot - you are going to google.com but the certificate being used for it is issued to betrad.com (which is actually a domain for "Ghostery Enterprises", formerly Evidon, a very well-known marketing analytics provider. Remove any Chrome extensions that you don't trust (especially any extensions associated with Betrad or Ghostery) and your browser will stop exhibiting MITM attack behaviors that Google's HSTS mechanisms are detecting and alerting on.
If removing all Chrome extensions doesn't work, you might have some other spyware installed on your computer (likely came along with some freeware game or utility). You should be able to get rid of those by running a scan with Malwarebytes.
If removing all Chrome extensions doesn't work, you might have some other spyware installed on your computer (likely came along with some freeware game or utility). You should be able to get rid of those by running a scan with Malwarebytes.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ASKER
It's a PC, not a Mac.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
it has also been renamed as HTTP Strict Transport Security
a secure version of HTTP
which serves to thwart man in the mddle attacks
the HSTS informs the browser that this should be connected to as a secure site either http over ssl or tls