Hello comrades.
I took my mother to IKEA furniture store (to buy tealights, as usual). There they have free wifi, I connected to that and when starting to brows the web I was informed by my smartphone (running cyanogenmod 12.1) that there where some untrusted certificate. Well, I didn’t trust the certificate either before investigating some more.
Picture of the warning message (sorry it is in swedish) https://drive.google.com/file/d/0B_ytmE4TVZKUYzVpTTRLVHVfRm8/view?usp=sharing
Anyone know if “lancom-systems” is a good certificate publisher (or what it might be called)?
On Fri, 15 May 2015 15:56:05 +0000, quinness wrote:
> Hello comrades.
> I took my mother to IKEA furniture store (to buy tealights, as usual).
> There they have free wifi, I connected to that and when starting to
> brows the web I was informed by my smartphone (running cyanogenmod 12.1)
> that there where some untrusted certificate. Well, I didn’t trust the
> certificate either before investigating some more.
> Picture of the warning message (sorry it is in swedish)
> http://tinyurl.com/n2ref8l Anyone know if “lancom-systems” is a good
> certificate publisher (or what it might be called)?
They look to be a wireless network provider, and they’ve probably issued
a certificate for connectivity on the in-store wireless. You might check
with IKEA about this - not sure what this has to do with openSUSE or even
Linux. 
Jim
–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C
Duuuuhhhhh:X
Only slightly close to linux as cyanogenmod is slightly connected to linux.
Now I will try to find out how to ask how to move this to general-chit-chat. (plz. no suggestion, I want to find out by myself)
Some organizations will only allow HTTPS access if you go through a proxy
which essentially decrypts and then re-encrypts your traffic, after doing
deep-packet inspection (DPI) on the data. This is horrible, terrible,
no-good, and rotten, and you should always, always, always reject any
attempts as they will have access to any data you think secure (usernames,
passwords, accounts, etc.). This is very uncommon, but some places try
it. Don’t use their networks, or get a proxy working somehow so your
connections can remain secure.
–
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…
Sounds like I won’t take the chance for them to see my password…
Thank you…
Depends on when you’re being challenged for the certificate.
Yes, it might suggest a proxy firewall which could do what ab suggests.
But, it might also be part of something else, like an 801.x system. Although a bit unusual for public access wifi hotspots (very common for enterprise “corporate” networks") in that case the certificate is used only for authentication and encryption of the wifi and not the ethernet part of the session. So, in an 801.x system you shouldn’t have a need to be wary of securing personal, private information.
TSU
On Fri, 15 May 2015 17:16:02 +0000, quinness wrote:
> Duuuuhhhhh:X Only slightly close to linux as cyanogenmod is slightly
> connected to linux.
> Now I will try to find out how to ask how to move this to
> general-chit-chat. (plz. no suggestion, I want to find out by myself)
No problem, I see that it was reported for movement, so someone will take
care of that shortly (I’m busy with work or I’d do it myself). 
Jim
–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C
Will be moved to General Chitchat and is CLOSED for the moment.
Moved from Network//Internet and open again.
Hope it isn’t work related… :\
All of you, thanks for the information and your time.
On Sat, 16 May 2015 08:56:01 +0000, quinness wrote:
> hendersj;2710104 Wrote:
>> … someone will take care of that shortly (I’m busy with work or I’d
>> do it myself).
>>
>> Jim
>>
> Hope it isn’t work related… :\
Well, the work-related stuff was work-related. I had written that in the
middle of my workday, and quite literally as I was getting ready to write
a post saying I was going to move it, a logjam cleared on one of my major
projects, so it was full steam ahead.
> All of you, thanks for the information and your time.
You bet.
Jim
–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C
But there’s no way to know which, right? Either you trust them or you don’t. If you do, they can decrypt your communications. Something quite possible anywhere, even more in a public wifi, is that correct?
That’s a scary thought.
That is scary! Don’t know if it common, but if they want to block “unnecessary” traffic (like trorrent) they might do this. Especially scary when we don’t get a error or warning message like this. Maybe some system just accepts new certs without asking any question first.
On 2015-05-18 06:16, brunomcl wrote:
> But there’s no way to know which, right? Either you trust them or you
> don’t. If you do, they can decrypt your communications. Something quite
> possible anywhere, even more in a public wifi, is that correct?
>
> That’s a scary thought.
Well, connecting to a wifi spot that you do not control is scary. It is
the other side in the connection, they can always sniff your connection.
Even if the wifi connection is encrypted, the wifi spot has to decipher
it before transmitting it to their ISP, and at that point it is again on
the clear.
So one or another, the people controlling the wifi spot can always sniff
the traffic. To avoid that you need using https or similar things that
encrypt end to end.
What I do not know is if the wifi spot also does proxy services on
https, then what happens.
–
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 “Bottle” (Minas Tirith))
On Mon, 18 May 2015 08:26:01 +0000, quinness wrote:
> brunomcl;2710435 Wrote:
>> But there’s no way to know which, right? Either you trust them or you
>> don’t. If you do, they can decrypt your communications. Something quite
>> possible anywhere, even more in a public wifi, is that correct?
>>
>> That’s a scary thought.
> That is scary! Don’t know if it common, but if they want to block
> “unnecessary” traffic (like trorrent) they might do this. Especially
> scary when we don’t get a error or warning message like this. Maybe some
> system just accepts new certs without asking any question first.
The only way that would happen is if the certificate is trusted (either
directly because the user imported the certificate into their certificate
store or because the certificate authority is trusted).
Jim
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C