Insecure Connection

Amin · 13 October 2016 09:02

Hello!
I had this message in Firefox:

Your connection is not secure.
The owner of www. .com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.

So, I had to use Chromium which allowed me to add it as an exception and enter the site.
I thought I could trust that site, but now I’m wondering, what kind of information can be stolen?
Regards,

wizd3m · 13 October 2016 09:12

I wouldn’t trust it what-so-ever.

malwaredpc · 13 October 2016 11:02

I would have tested the site with WOT before making an exception.

pfeiffep · 13 October 2016 11:44

If you have been accessing the site in the past without such warning there’s a possibility there was an improperly applied upgrade or cert renewal to the webserver. Chrome & Chromium use a different protocol than does FireFox for detecting a site’s overall security.
Here’s a snip from https://www.maikel.pro/blog/current-state-certificate-revocation-crls-ocsp/

The biggest PKI used as of today is in the WWW (HTTPS). HTTPS is 
deployed on global scale, with increasing numbers every year.  One of 
the most used applications to access the WWW is the web browser.  A few 
of the most popular web browsers out there are Chrome, Firefox and 
Internet Explorer. Chrome by default relies only on CRLs, with OSCP 
built in but not enabled. Chrome updates their CRLs via their updater 
which means these lists lag behind even more than natural CRLs (in 
general) but they improved usage speed (ImperialViolet, 2012). Firefox 
decided to implement OCSP in Firefox 28 beside CRLs. The original idea 
was to deprecate the usage of CRLs in Firefox, but after the failing 
infrastructure (Goodwin, 2015) of OCSP they decided to use it as a 
soft-fail. This means that Firefox will still accept a certificate if 
it’s not in the CRL list and doesn’t get a (correct) response from the 
OCSP request. Internet Explorer and Opera seem to operate under the same
 CRLs and OCSP implementations with a soft-fail on OCSP (allowing an 
attacker to use a revoked certificate) (Mutton, 2014).