Donations to SETI

Questions and Answers : Web site : Donations to SETI
Message board moderation

To post messages, you must log in.

1 · 2 · Next

AuthorMessage
Profile Dune Finkleberry
Avatar

Send message
Joined: 22 Sep 99
Posts: 1314
Credit: 1,124,651
RAC: 0
United States
Message 1053557 - Posted: 7 Dec 2010, 14:56:16 UTC

I've recently decided to donate a bit of extra cash to SETI, but when I go to HERE to make the donation I get this popup when I try to enter "Click here to make an online credit card or VISA check card donation" I can do it.



It's all coming from my BitDefender Security, calling the site's security certificate invalid. Call me paranoid but...

Lately Firefox has been acting weird, and I'm just not really sure anymore if it can be trusted. All virus scans come up clean.
ID: 1053557 · Report as offensive
Eric Korpela Project Donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar

Send message
Joined: 3 Apr 99
Posts: 1382
Credit: 54,506,847
RAC: 60
United States
Message 1053625 - Posted: 7 Dec 2010, 22:51:10 UTC - in response to Message 1053557.  
Last modified: 8 Dec 2010, 18:59:16 UTC

Hi Dune,

It appears that your computer isn't recognizing "COMODO CA, Ltd." as a valid certification authority. The most common cause of that would be, either your browser or BitDefender using doesn't include COMODO CA in its cacert file.

Upgrading might help. The version of Firefox I have (3.6.12) has the COMODO CA cert in it, as does IE8. I doubt it would be in IE6. I don't know what version of Firefox was the first to include it.

Safari 4.0.4 does not have the proper certificate installed. Again, I don't know which version of Safari would first have the proper certification. Matt tells me that recent versions of Safari on iPhone and iPad have the correct certificates.

Recent versions of Chrome appear to have the proper certificate. However the Google browser on my Android phone does not.

If your browser doesn't have the correct certificate, you can verify that the one you have is correct by viewing the certificate. If the certificate has following properties, you've got the right one.

* Issued to Common Name devcomm.urel.berkeley.edu
* Issued by Common Name COMODO High-Assurance Secure Server CA
* Serial Number 00:E2:95:17:C5:2F:C2:72:C1:8B:10:08:65:A2:E0:55:E2
* SHA1 Fingerprint 4F:8F:C7:66:9E:1E:04:D1:A9:60:4D:A1:7F:8D:91:0E:6D:90:34:3D
* MD5 Fingerprint D9:49:A1:D3:28:86:9D:41:B4:F9:11:BE:D8:BB:44:5B

Once you're sure you have the right certificate you can safely grant an exception.

Eric
@SETIEric@qoto.org (Mastodon)

ID: 1053625 · Report as offensive
Profile Dune Finkleberry
Avatar

Send message
Joined: 22 Sep 99
Posts: 1314
Credit: 1,124,651
RAC: 0
United States
Message 1053658 - Posted: 7 Dec 2010, 23:35:01 UTC

Thx for the response. It's odd that I'm also running Firefox (3.6.12). But even odder that three days ago I went in to the site without a whimper. I'll check IE8 as have that too, but I hate running IE.

This too shall pass. I'll make that donation within a couple of days.
ID: 1053658 · Report as offensive
Profile Uli
Volunteer tester
Avatar

Send message
Joined: 6 Feb 00
Posts: 10923
Credit: 5,996,015
RAC: 1
Germany
Message 1053742 - Posted: 8 Dec 2010, 3:20:32 UTC

AAAAAAAAAAAASSSSSSSSSSSSSSSOOOOOOOOOOOOOOMMMMMMMMMMMMMMEEEEEEEEEEEEEE got a preci.
Dune
I see a shining Star.

Pluto will always be a planet to me.

Seti Ambassador
Not to late to order an Anni Shirt
ID: 1053742 · Report as offensive
Profile Dune Finkleberry
Avatar

Send message
Joined: 22 Sep 99
Posts: 1314
Credit: 1,124,651
RAC: 0
United States
Message 1053758 - Posted: 8 Dec 2010, 4:03:30 UTC - in response to Message 1053742.  

I see a shining Star.

Already!
ID: 1053758 · Report as offensive
Profile Uli
Volunteer tester
Avatar

Send message
Joined: 6 Feb 00
Posts: 10923
Credit: 5,996,015
RAC: 1
Germany
Message 1053763 - Posted: 8 Dec 2010, 4:18:41 UTC - in response to Message 1053758.  

I see a shining Star.

Already!

Yep...................Dune
Pluto will always be a planet to me.

Seti Ambassador
Not to late to order an Anni Shirt
ID: 1053763 · Report as offensive
Profile KWSN THE Holy Hand Grenade!
Volunteer tester
Avatar

Send message
Joined: 20 Dec 05
Posts: 3187
Credit: 57,163,290
RAC: 0
United States
Message 1054005 - Posted: 8 Dec 2010, 18:33:02 UTC

Firefox 3.6.8 comes up with the security exception...
.

Hello, from Albany, CA!...
ID: 1054005 · Report as offensive
Profile Dune Finkleberry
Avatar

Send message
Joined: 22 Sep 99
Posts: 1314
Credit: 1,124,651
RAC: 0
United States
Message 1054013 - Posted: 8 Dec 2010, 18:50:15 UTC - in response to Message 1054005.  
Last modified: 8 Dec 2010, 18:54:07 UTC

Firefox 3.6.8 comes up with the security exception...

Must be a beta version. My Firefox 3.6.12 is still showing no updates available. And I don't do beta versions. I'll let someone who knows what they're doing get the bugs out.

Whatever the case may be, I've got my star.

Interesting that I just got a call this morn from my bank. They wanted to know if Berkley was authorized. :-)
ID: 1054013 · Report as offensive
Eric Korpela Project Donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar

Send message
Joined: 3 Apr 99
Posts: 1382
Credit: 54,506,847
RAC: 60
United States
Message 1054016 - Posted: 8 Dec 2010, 18:53:25 UTC - in response to Message 1054013.  

Because giving your money to a University is what thieves commonly do if they get your credit card number?
@SETIEric@qoto.org (Mastodon)

ID: 1054016 · Report as offensive
Profile Dune Finkleberry
Avatar

Send message
Joined: 22 Sep 99
Posts: 1314
Credit: 1,124,651
RAC: 0
United States
Message 1054022 - Posted: 8 Dec 2010, 18:56:56 UTC - in response to Message 1054016.  

Because giving your money to a University is what thieves commonly do if they get your credit card number?

Ha! I guess you'd have more donations if that were true.

HEY! I thought you were banned!
ID: 1054022 · Report as offensive
Eric Korpela Project Donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar

Send message
Joined: 3 Apr 99
Posts: 1382
Credit: 54,506,847
RAC: 60
United States
Message 1054024 - Posted: 8 Dec 2010, 19:00:41 UTC - in response to Message 1054022.  


HEY! I thought you were banned!


I was framed by the CRL! So they let me off with a warning.
@SETIEric@qoto.org (Mastodon)

ID: 1054024 · Report as offensive
Profile KWSN THE Holy Hand Grenade!
Volunteer tester
Avatar

Send message
Joined: 20 Dec 05
Posts: 3187
Credit: 57,163,290
RAC: 0
United States
Message 1054034 - Posted: 8 Dec 2010, 19:15:53 UTC - in response to Message 1054013.  

Firefox 3.6.8 comes up with the security exception...

Must be a beta version. My Firefox 3.6.12 is still showing no updates available. And I don't do beta versions. I'll let someone who knows what they're doing get the bugs out.

Whatever the case may be, I've got my star.

Interesting that I just got a call this morn from my bank. They wanted to know if Berkley was authorized. :-)


that was 3.6.8, which (IIRC) is before 3.6.12... [evil grin]
.

Hello, from Albany, CA!...
ID: 1054034 · Report as offensive
Profile Richard Babylon

Send message
Joined: 20 Dec 99
Posts: 7
Credit: 842,661
RAC: 0
United States
Message 1054186 - Posted: 9 Dec 2010, 6:06:32 UTC - in response to Message 1053625.  

Hi Eric,

I don't really understand how certificates work, but I ran into this exact same problem. I checked your hash numbers and all the rest -- it all matches what I'm seeing on my screen -- and I trust the site, so I'll make a certificate exception.

But just so you know, I also have Firefox 3.6.12.

This seems like the kind of thing that should be fixed, if commonplace, because you're cheating yourselves of possible donations. If I weren't so patient and so dedicated I may have deemed it not worth the effort of researching this and checking those long strings of characters. I've been with the project since '99 and I'm not giving up that easy.

Anyway, thanks for the instructions -- and thanks to Dune for the screenshot.
ID: 1054186 · Report as offensive
Profile Vilius
Avatar

Send message
Joined: 17 Aug 02
Posts: 7
Credit: 5,414,436
RAC: 0
Lithuania
Message 1054204 - Posted: 9 Dec 2010, 8:52:24 UTC

As for IE, it uses system certificates. So you should ensure that you have the latest Update for Root Certificates from Microsoft installed. At the time of this writing the latest is http://www.microsoft.com/downloads/en/details.aspx?FamilyID=25249786-2b8e-4c51-8f4b-727ce25cc2c5
days go by, and still I think of you...
ID: 1054204 · Report as offensive
Profile Dune Finkleberry
Avatar

Send message
Joined: 22 Sep 99
Posts: 1314
Credit: 1,124,651
RAC: 0
United States
Message 1054205 - Posted: 9 Dec 2010, 9:01:05 UTC - in response to Message 1054204.  

As for IE, it uses system certificates. So you should ensure that you have the latest Update for Root Certificates from Microsoft installed. At the time of this writing the latest is http://www.microsoft.com/downloads/en/details.aspx?FamilyID=25249786-2b8e-4c51-8f4b-727ce25cc2c5

IE showed the same. It was weird, because I was in there a few days earlier with no problems.

Weird....
ID: 1054205 · Report as offensive
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 1054231 - Posted: 9 Dec 2010, 13:12:35 UTC - in response to Message 1054186.  

This seems like the kind of thing that should be fixed, if commonplace, because you're cheating yourselves of possible donations. If I weren't so patient and so dedicated I may have deemed it not worth the effort of researching this and checking those long strings of characters. I've been with the project since '99 and I'm not giving up that easy.


If the user's browser doesn't have the CA listed as a trust, how does SETI fix that?
ID: 1054231 · Report as offensive
Profile Richard Babylon

Send message
Joined: 20 Dec 99
Posts: 7
Credit: 842,661
RAC: 0
United States
Message 1054311 - Posted: 9 Dec 2010, 17:32:58 UTC - in response to Message 1054231.  

This seems like the kind of thing that should be fixed, if commonplace, because you're cheating yourselves of possible donations...


If the user's browser doesn't have the CA listed as a trust, how does SETI fix that?


That's a good question and I don't know the answer. (As I said above, I don't really understand how certificates work.) But it seems to me that communication to the certificate authority (COMODO CA in this case) about their "unrecognized" status would be a good start. They could then complain to the Mozilla community and to the creators of any other affected browser.
ID: 1054311 · Report as offensive
Eric Korpela Project Donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar

Send message
Joined: 3 Apr 99
Posts: 1382
Credit: 54,506,847
RAC: 60
United States
Message 1054336 - Posted: 9 Dec 2010, 18:22:19 UTC - in response to Message 1054311.  

COMODO is aware of the problem. Even though they are a recognized CA, some browsers makers haven't been very good about updating their certification files, especially for browsers on older operating systems. I'm guessing there are some negotiations going on regarding more recent browsers.

As for why Firefox 6.3.12 sometimes has them and sometimes doesn't, maybe Firefox on Windows also checks the system certification key archive.
@SETIEric@qoto.org (Mastodon)

ID: 1054336 · Report as offensive
Profile Pappa
Volunteer tester
Avatar

Send message
Joined: 9 Jan 00
Posts: 2562
Credit: 12,301,681
RAC: 0
United States
Message 1054521 - Posted: 10 Dec 2010, 5:00:14 UTC

Public Key Infrastructure (PKI)

The very short course.

With the advent of doing "secure transactions" on the Internet (shopping, code signing, personal identification etc). A method had to be formed to secure the connection from the User, to the Server and/or to the Agency that processes the Card/transactions. Yes there is more.

Both camps (Win, Nix), created Certificate Services (along with Versign and others) becoming Certificate Authorities. and Providing Server based Certificate Services that would provide for the creation of a "Trusted" Certificate Server. In this day an age there are about 30 different things that a specific Secure Certificate could be issued for. If you really want to know Google is your friend and please it will take some time to read and understand.

In most cases, the OS (Windows, Nix etc) houses the Root, Intermediate and other Certificates. It then becomes the problem of various software(s) (Browsers etc) which are supposed to "read" from the Base Certificates Stores in the OS. Updates for the OS normally provide updates to the Root Certificates. That means that YOU the User has to go get those updates. Yes Certificates do expire, and there is facility for that.

Now in the case of this browser or that browser having or not having an issue. Then it becomes a Browser correctly reading what is embedded in the OS (back to up0dates). That is a "Browser" issue (or in some cases the user checked a check box, they did not fully understand now are now stuck with the undsired choice).

In the case of UCB, The Certificate under "Give to Cal" was updated 5 December 2010. There appears to be a problem with the certificate. As Eric states Comodo has been notified. So we wait.

Regards

Pappa

Please consider a Donation to the Seti Project.

ID: 1054521 · Report as offensive
Profile Richard Babylon

Send message
Joined: 20 Dec 99
Posts: 7
Credit: 842,661
RAC: 0
United States
Message 1054533 - Posted: 10 Dec 2010, 6:08:38 UTC

Thanks Eric and Pappa. It's gratifying to see that my guess about what could be done -- based on only slight knowledge and logical deduction -- is not only plausible, but is already underway.
ID: 1054533 · Report as offensive
1 · 2 · Next

Questions and Answers : Web site : Donations to SETI


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.