Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Microsoft Passport security certificate invalid

  • 07-11-2003 4:58pm
    #1
    Closed Accounts Posts: 252 ✭✭


    I notice that the SSL certificate used for the secure form presented to people signing up for MS "Passport" is invalid, and consequently produces a browser error message. It was issued to passport.com. The signup is processed via passport.net.

    Can Microsoft be trusted to get even the simplest things right?

    If you can't trust someone to get the little things right, is it logical to trust them when it comes to more important matters?

    Floater


Comments

  • Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    What error do you get? What URL?


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,566 Mod ✭✭✭✭Capt'n Midnight


    I take it you have gone to http://windowsupdate.microsoft.com and applied the security cert patches..

    Re: the second question - default file and share permissions are...
    Everyone - Full Control

    And don't tell me how safe 2003 is, unless you can tell me how to remove IE and all that other Swiss cheese..


  • Closed Accounts Posts: 252 ✭✭Floater


    Originally posted by ecksor
    What error do you get? What URL?

    Go into msn.com and sign-up for hotmail. It leads to a "secure" form where they ask you to provide your intimate details to their "passport" system - the Microsoft platform of global snooping.

    It would appear that they are misusing a cert issued to passport.com on a passport.net hosted page for some reason. Probably the usual reason - ie this company has a great difficulty getting anything right other than making money by abusing a monopoly.

    Floater


  • Closed Accounts Posts: 252 ✭✭Floater


    Originally posted by Capt'n Midnight
    I take it you have gone to http://windowsupdate.microsoft.com and applied the security cert patches..

    Updated every day.

    Floater


  • Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    Originally posted by Floater
    It would appear that they are misusing a cert issued to passport.com on a passport.net hosted page for some reason.

    And the error you get? I didn't reproduce an error following the steps you gave. The cert appears valid on two browsers I tested with (one version of IE and one Mozilla variant).

    Probably the usual reason - ie this company has a great difficulty getting anything right other than making money by abusing a monopoly.

    This forum is for the discussion of security. There are many many interesting issues that arise because of Microsoft's monopolistic practices, their passport system, the many software vulnerabilities, their 'trusted computing' initiatives, etc etc. Please feel free to discuss them.

    Please do not take every opportunity you can find to mindlessly bash Microsoft outside of that.


  • Advertisement
  • Closed Accounts Posts: 252 ✭✭Floater


    Originally posted by ecksor
    And the error you get? I didn't reproduce an error following the steps you gave. The cert appears valid on two browsers I tested with (one version of IE and one Mozilla variant).

    Internet Explorer > Tools > Internet Options > Advanced > (Security) "Warn about invalid site certificates" checkbox is ticked on mine. Is it on yours?
    This forum is for the discussion of security. There are many many interesting issues that arise because of Microsoft's monopolistic practices, their passport system, the many software vulnerabilities, their 'trusted computing' initiatives, etc etc. Please feel free to discuss them.

    Please do not take every opportunity you can find to mindlessly bash Microsoft outside of that.

    Mindless bashing? I bought Microsoft Outlook 2003 the other day and installed it (used to use Outlook 2002). I have three e-mail accounts installed with a default account specified.

    When I create an e-mail I have to manually specify the account I am sending from. The default setting doesn’t work for this.

    When I reply to an e-mail received, it always uses my default account. It should use the account that the other party used to contact me.

    While it managed to pick up my address book from Outlook XP, (and I can see all my contacts details in the “contacts” window), I can’t e-mail them without manually entering their e-mail addresses! The “to” button on the e-mail window turns up a blank.

    These are basic e-mail functions that should work out of the box without a hitch. This is appalling quality control!

    There are some nice features in Outlook 2003 in terms of the presentation options for viewing e-mail and the way it detects spam and sends it to a separate folder automatically.

    However if they can’t get the basics right in terms of “to” and “from” in an e-mail something tells me that I shouldn’t trust this company on other critical issues such as security. If you think this is “mindlessly bash(ing)” Microsoft please think again.

    Floater


  • Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    Originally posted by Floater
    Internet Explorer > Tools > Internet Options > Advanced > (Security) "Warn about invalid site certificates" checkbox is ticked on mine. Is it on yours?

    I don't use IE normally, so I haven't configured it at all. The version of IE that I do use (5.2 on a Mac) doesn't have the set of options that you refer to as far as I can tell briefly and I'm not about to expend much effort looking for the equivilent.

    Why have you not provided a URL or an exact error message? What does Mozilla tell you?
    However if they can’t get the basics right in terms of “to” and “from” in an e-mail something tells me that I shouldn’t trust this company on other critical issues such as security. If you think this is “mindlessly bash(ing)” Microsoft please think again.

    I think that the section I quoted above was mindless bashing and most of your posts are anti-microsoft rants that are lacking in relevant details. Can you stick to arguments that are less flimsy than "something tells me ... " ?


  • Closed Accounts Posts: 252 ✭✭Floater


    Originally posted by ecksor
    I don't use IE normally, so I haven't configured it at all. The version of IE that I do use (5.2 on a Mac) doesn't have the set of options that you refer to as far as I can tell briefly and I'm not about to expend much effort looking for the equivilent.

    Why have you not provided a URL or an exact error message? What does Mozilla tell you?

    "Your Web browser options are currently set to disable cookies. To use .NET Passport, you must enable cookies."

    Which is irrelevant. If you have an SSL certificate issued to "gov.ie" and if you use it on "ecksor.com" it shouldn't work without warning the user. The same holds for a certificate issued to passport.com. It shouldn't be used for passport.net or passport.ie or anything else.

    Look at the certificate and you will see the difference between it and the URL. You don't need a browser error message!

    Floater


  • Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    Originally posted by Floater
    If you have an SSL certificate issued to "gov.ie" and if you use it on "ecksor.com" it shouldn't work without warning the user. The same holds for a certificate issued to passport.com. It shouldn't be used for passport.net or passport.ie or anything else.

    Look at the certificate and you will see the difference between it and the URL. You don't need a browser error message!

    Did you or did you not get a browser error message? If you did, are you now able to reproduce it? If so, what URL are you getting it on, and what error message are you getting? Does anyone else get the same error?

    I have been presented with a server cert for login.passport.com, but I have also been served a cert for registernet.passport.net and probably others.

    Your comparison between the URL and the certificate is flawed. Elements of those pages are being served from several different SSL servers which all need to be appropriately identified, not just the server contained in the URL.


  • Closed Accounts Posts: 252 ✭✭Floater


    Originally posted by ecksor
    Did you or did you not get a browser error message? If you did, are you now able to reproduce it? If so, what URL are you getting it on, and what error message are you getting? Does anyone else get the same error?

    I have been presented with a server cert for login.passport.com, but I have also been served a cert for registernet.passport.net and probably others.

    Your comparison between the URL and the certificate is flawed. Elements of those pages are being served from several different SSL servers which all need to be appropriately identified, not just the server contained in the URL.

    Against my better judgement I allowed MS cookies on my Moz browser for the purpose of experimentation. I went back and tried it again with Internet Explorer and it didn't warn this time with the same security settings.

    Someone somewhere has made some changes!

    Do we have an MS spy in our midst?

    Floater


  • Advertisement
  • Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    Well, there was no errors in my browser and I checked pretty soon after your first post.

    Several possibilities.

    (1) someone was posing as one of the passport servers (unlikely).
    (2) temporary error caused by something local to you.
    (3) temporary error caused by something failing on the microsoft end.


Advertisement