Your connection is not private (MS-NMSecurity interception software)
Reported by
hras...@gmail.com,
May 16 2017
|
|||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0 Steps to reproduce the problem: 1. Open Chrome Browser 2. Try to access any site using HTTPS 3. For example https://www.google.com What is the expected behavior? Site is not accessible. Getting the following messages. ------------------------------------------------------------ Your connection is not private Attackers might be trying to steal your information from www.google.com.sa (for example, passwords, messages, or credit cards). NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM Automatically report details of possible security incidents to Google. Privacy policy ----------------------------------------------------------- What went wrong? No idea. Please find the attached file containing screen snapshot of the error Did this work before? Yes Same version as mentioned above Chrome version: <'Version 58.0.3029.110 (64-bit)'> Channel: stable OS Version: 10.0 Flash Version: Shockwave Flash 25.0 r0 Your suggestion or solution to solve this issue is highly appreciated. Thanks
,
May 16 2017
,
May 16 2017
Have you tried running Windows Update?
,
May 16 2017
Yes. Upto the latest update, it is done
,
May 16 2017
Thank you for providing more feedback. Adding requester "elawrence@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 16 2017
hraseed@: Please see https://textslashplain.com/2017/03/30/get-help-with-https-problems/ for instructions on what information to copy into this bug report. I need the specific diagnostic text shown after the error code is clicked to help explain how you can resolve this issue.
,
May 29 2017
Side note: I just troubleshooted a persistent NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM error that occurred on most HTTPS sites. Turns out the person had Lavasoft Web Companion installed, which installs a trusted root certificate (and re-adds the certificate on startup). Maybe we could suggest users run the Cleanup tool and/or check their Startup programs in Task Manager?
,
May 30 2017
hraseed@: Please provide the information requested in comment 7. Without it, we won't be able to investigate further.
,
May 31 2017
Version ======= Google Chrome 58.0.3029.110 (Official Build) (64-bit) Revision 691bdb490962d4e6ae7f25c6ab1fdd0faaf19cd0-refs/branch-heads/3029@{#830} OS Windows Device & Network ================ I am using a laptop and Wi-Fi connection. My other devices (MAC or MAC laptop) using the same Wi-Fi is not experiencing this problem. Diagnostic Information ====================== Subject: *.google.com.sa Issuer: MS-NMSecurity Expires on: Aug 16, 2017 Current date: May 31, 2017 PEM encoded chain: -----BEGIN CERTIFICATE----- MIICgTCCAeqgAwIBAgIJAPKV4OJF2SomMA0GCSqGSIb3DQEBBQUAMG0xFjAUBgNV BAoTDU1TLU5NU2VjdXJpdHkxEDAOBgNVBAcTB015IFRvd24xHDAaBgNVBAgTE1N0 YXRlIG9yIFByb3ZpZGVuY2UxCzAJBgNVBAYTAlVTMRYwFAYDVQQDEw1NUy1OTVNl Y3VyaXR5MB4XDTE3MDUyNDE3MTMwMFoXDTE3MDgxNjE3MTMwMFowaTELMAkGA1UE BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZp ZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxGDAWBgNVBAMUDyouZ29vZ2xlLmNvbS5z YTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2Q0j2y+aeJyoouICOK8/wdAc NaFfP65JRny+Q297wzOX4EczBPOIt45jldnztVoXn/yJzFONZ5LvxIQjkzYL5CQI WxDFq8ED5fnJtgTEKd1AWrXymYrr1C5/u2H5WsuAUWk9M9VE5UijQtksK3wnLI8j OyC9uCNbAxQ2CZu4EKECAwEAAaMtMCswKQYDVR0RBCIwIIIPKi5nb29nbGUuY29t LnNhgg1nb29nbGUuY29tLnNhMA0GCSqGSIb3DQEBBQUAA4GBAGq4+iQciUh+o5cq wSl12C32UdytzmdGmaYFTmb/jjUI7xJ4HVYS9Y0MpMqoRrK1nmR8StG+oEAvc3dn 1Tes3IwX+4hTR+1G97phO5GHF/MJk7BfEJTmbqNzMhXi4eBaGVlRzB/8g35iloSy r1nXCqbkhs/Vt9sXWSi5pgeDAoE+ -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDKzCCApSgAwIBAgIJAIWeqUgVaj9xMA0GCSqGSIb3DQEBBQUAMG0xFjAUBgNV BAoTDU1TLU5NU2VjdXJpdHkxEDAOBgNVBAcTB015IFRvd24xHDAaBgNVBAgTE1N0 YXRlIG9yIFByb3ZpZGVuY2UxCzAJBgNVBAYTAlVTMRYwFAYDVQQDEw1NUy1OTVNl Y3VyaXR5MB4XDTE0MDIyNjE0MzQ0OVoXDTM0MDIyMTE0MzQ0OVowbTEWMBQGA1UE ChMNTVMtTk1TZWN1cml0eTEQMA4GA1UEBxMHTXkgVG93bjEcMBoGA1UECBMTU3Rh dGUgb3IgUHJvdmlkZW5jZTELMAkGA1UEBhMCVVMxFjAUBgNVBAMTDU1TLU5NU2Vj dXJpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKE31vM1/RfDSIvFfs/Q FUSFx33suY04CEb7lJzSVXw+SaVe0gNqr39UPY83EPWjETqiKdchmDpN+aXbdWQP Y5C3UQxyy2mRRR3SqWpDFqLhrs9Igrm/i02liJHkBm0EQUf0ybAI6+Q889bibluw OZV8bqEoubA5GCoJFD6wUBhNAgMBAAGjgdIwgc8wDAYDVR0TBAUwAwEB/zAdBgNV HQ4EFgQUBut04LCsUqaWjCR7sLjtCQWVg2gwgZ8GA1UdIwSBlzCBlIAUBut04LCs UqaWjCR7sLjtCQWVg2ihcaRvMG0xFjAUBgNVBAoTDU1TLU5NU2VjdXJpdHkxEDAO BgNVBAcTB015IFRvd24xHDAaBgNVBAgTE1N0YXRlIG9yIFByb3ZpZGVuY2UxCzAJ BgNVBAYTAlVTMRYwFAYDVQQDEw1NUy1OTVNlY3VyaXR5ggkAhZ6pSBVqP3EwDQYJ KoZIhvcNAQEFBQADgYEAJeqOcPiKzeS1Lu5XnPB2PqDS5D3V2Kx9OjXog5uG2krh bdJbGL0cPLVj+cUN5uGcTKY0T3Zk+6GoH1/pXs4TCbsopRoWYcIk0wW1dG3dMyhv KXGSS1dVXDW92NXTx/t/0U+Afphwz7LBy4tQOF+ZYaStdjVANrLk5bLaX5h0c/g= -----END CERTIFICATE-----
,
May 31 2017
Thank you for providing more feedback. Adding requester "elawrence@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 7 2017
Friendly ping for an update from elawrence@ as per C#10.
,
Jun 7 2017
MS-NMSecurity is an unknown piece of software that intercepts HTTPS connections. It does not, as far as I know, belong to a legitimate software package and it has previously been associated with unwanted software [1]. What security software is installed on the PC in question? Is it up-to-date and does it find any threats? Can you try running the Chrome Cleanup tool: https://www.google.com/chrome/cleanup-tool/index.html and see whether it finds any adware/malware? [1] https://www.boards.ie/b/thread/2057726777/4?
,
Jun 15 2017
[hraseed]: Could you please respond to comment #13? Thanks!
,
Jun 22 2017
Archiving; we can't make progress without feedback. @haraseed: If you're still having this problem, could you file a new bug with the information requested in c#13? Thanks much.
,
Jun 23 2017
I have sent all the information that you have sought so far. No progress seen so far. That's my feedback.
,
Jun 23 2017
Re #16, to reiterate my questions: What security software is installed on the PC in question? Is it up-to-date and does it find any threats? Can you try running the Chrome Cleanup tool: https://www.google.com/chrome/cleanup-tool/index.html and see whether it finds any adware/malware?
,
Jun 23 2017
Re-opening in response to activity; waiting for feedback from OP.
,
Jun 23 2017
Thank you for providing more feedback. Adding requester "elawrence@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 23 2017
Reversing sheriffbot's mistake.
,
Jun 23 2017
I am using Kaspersky. This is the Antivirus software I am using it for several years so far. Also I tried chrome cleanup tool when the issue was found. It did not report any issue.
,
Jun 23 2017
Thank you for providing more feedback. Adding requester "rdsmith@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 23 2017
,
Jul 11 2017
elawrence@ could you please respond to the comment #21
,
Jul 11 2017
All information we have at this point suggests that this user's PC is infected with malware. Unfortunately, the Chrome team is limited in our ability to help with this other than to suggest that the user either successfully remove the malware or, failing that, wipe the malware by reinstalling the operating system.
,
Jul 11 2017
I am not sure about this malware infection. I have an internet version Kaspersky anti virus which should take care of this. Even if it is not doing so, how can I 'successfully' detect this malware ? Chrome cleanup tool is not able to find any... Please advise as reinstalling OS is not an easy option. Thanks in advance.
,
Jul 11 2017
@hraseed: A "Man-in-the-Middle" (MitM) needs to achieve two things: 1> The PC must trust his root certificate 2> The PC must route your network traffic through the attacker From the sound of things, your MitM had achieved both of these things, but our change in Chrome 58 meant that the certificate your Operating System was tricked into trusting was deemed invalid because it uses a legacy algorithm. So you were protected against the MitM (blocking the site) because the attacker got sloppy. To fix this, we need to figure out #2-- How is the attacker getting your traffic to intercept. There are four primary ways this might be happening: i> He has his code on your computer. ii> He's reconfigured your PC to go through a proxy he controls. iii> He's reconfigured your PC to use his DNS servers. iv> He's in control of the network you're using (e.g. he compromised your router). Of these, (i) is the most likely as it would explain how he got your computer to trust his root certificate to start with. If you visit HTTPS://paypal.com using Internet Explorer, is the entire Address Bar colored Green with "Paypal, Inc" listed next to the lock? Or do you see a simple lock icon? To eliminate (ii) please open Internet Explorer and click Tools > Internet Options > Connection tab > LAN Settings. Are any of the boxes checked? If so, which ones, and what text is in the boxes, if any? Based on your answers to the questions above, I will guide you toward collecting data to help narrow down the problem.
,
Jul 11 2017
I should also mention that one other user who encountered this problem ran an Adware Remover from MalwareBytes (see https://www.malwarebytes.com/adwcleaner/) and it resolved the issue for them. I haven't used that tool so I can't vouch for it, but if you decide to try it and it does resolve the problem for you, we'd be very interested in the logs or other information it generates.
,
Jul 11 2017
i) I tried https://paypal.com Result: Everything in address bar came green including website address ii) I checked Internet Explorer (My laptop has Microsoft Edge) from Edge. In the LAN settings one check box is 'checked' which has ' Automatically detect settings'. All other check boxes are disabled. Hope that helps. If you need screen snapshots, I can send the same.
,
Jul 11 2017
Thank you for providing more feedback. Adding requester "elawrence@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 11 2017
Regarding (i) - was that tested in Chrome or IE/Edge?
,
Jul 11 2017
If you're not on a network you expect to require a proxy server (which is rare for home PCs) you can untick the "Automatically detect settings" box. This probably won't change anything, but it could. Re #1: If the background of the address bar was in green in Internet Explorer, that strongly suggests that the HTTPS interception logic is only running in Chrome and not inside Internet Explorer. One possible explanation is that you've got a Chrome extension (e.g. a "VPN" or other networking thing) that is sending your traffic somewhere other than its original destination. If you start Chrome in Guest mode (https://support.google.com/chrome/answer/6130773?co=GENIE.Platform%3DDesktop&hl=en) or Incognito mode (if you can't find Guest mode) do you still see the certificate error page in Chrome?
,
Jul 21 2017
hraseed@, have you been able to try starting Chrome in guest mode or Incognito mode, as mentioned in comment #32?
,
Aug 22 2017
Please feel free to reopen if this is still happening. |
|||||||||||||||
►
Sign in to add a comment |
|||||||||||||||
Comment 1 by elawrence@chromium.org
, May 16 2017Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Needs-Feedback Type-Bug