Why do I get so many security alerts? Additional screenshot in comments - eviltoast

Dell XPS 15 9530, Windows 11 Pro 10.0.22631, x64, 13th Intel Core i9… I could go on. Hopefully that’s enough info.

This is a sub for asking tech questions right? Apologize if not.

  • Sanctus@lemmy.world
    link
    fedilink
    English
    arrow-up
    21
    arrow-down
    1
    ·
    6 months ago

    According to nathanaldensr on an ATT forum:

    So much terrible advice in this thread, including by AT&T. I’m a software developer, including web development, of 20+ years who is used to seeing these kinds of things. Hopefully I can help educate the folks on this thread.

    TL;DR: There is nothing wrong with your equipment or its settings. Your internet connection is down and your modem is hijacking outgoing HTTPS connections. Once your internet connection comes back, the modem will no longer perform this behavior.

    In-depth answer:

    Various apps like browsers and Zoom use a protocol known as HTTPS. This protocol requires that your client device (PC, phone, etc.) and the remote server negotiate a secure, encrypted connection. Part of this negotiation is the server presenting the app with a certificate. The certificate will be issued for the domain name your computer is trying to access. For example, when your internet connection is working, connecting a browser to https://att.com will result in the server presenting a certificate for att.com, which is both trusted by a so-called “trusted certificate authority” and is also issued for att.com. Because the certificate is trusted and its domain name matches the domain name you are attempting to connect to, the browser allows the connection.

    Your problem arose because the AT&T modem, often a brand like Arris, detects that there is no internet connection and intercepts these outgoing HTTPS connection attempts. Instead of not responding at all, which I argue is the more secure option, the Arris modem responds with a so-called “self-signed” certificate–named this way because the certificate was not issued by a trusted certificate authority like the real https://att.com certificate. Not only is the certificate not trusted, but it’s also issued for the domain name dsldevice.domain_not_set.invalid, which, of course, doesn’t match the domain name your client device is attempting to connect to. This results in scary warnings, popups, etc. These warnings differ from app to app, but they almost always prevent any further activity on the connection. This is for security reasons because sometimes malicious actors can man-in-the-middle a connection attempt between your client device and a server and attempt to provide a fake certificate. Most modern apps are programmed to handle these mismatches and prevent you from continuing to use the connection.

    For example, here is Zoom’s warning window that shows the self-signed certificate, its domain name (called a common name in certificate parlance), and who it was issued by. You can see the issuer is Arris, who is the manufacturer of my modem. Ignore the “The certificate is valid” with a green checkmark; the certificate is “valid” in the sense that it is well-formed, but it is invalid in the sense that it was not signed by a trusted certificate authority and is issued for a mismatched domain name (Zoom really should not report self-signed certificates as “valid.”)

    Insightful, kinda a dick about it tho. But yeah some message interception from your router or provider seems to be it.

    I dont have this experience myself. I just saw your post and browsed some forums. So be cautious. But the issue isn’t contained to any single device, platform, or provider it seems. So these explanations seem valid.

    • ilovededyoupiggy@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      9
      ·
      6 months ago

      Jr Modem Engineer: Hey Steve, what should we do if their Internet is out and they want an https cert that we are unable to find?

      Sr Modem Engineer: Well, Frank, glad you asked! We’ll just quietly substitute it with this random janky self-signed certificate for the modem itself instead, I’m sure that’ll solve everything!

      Jr: But won’t that just obscure the real problem and overwhelm the user with a bunch of unnecessary and incorrect error messages?

      Sr: Sometimes my genius is almost frightening.

      • Sanctus@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        6 months ago

        Literally my thought process. Though the alternative I guess is you just don’t get a cert? Maybe the web page is automatically rejected? Both those suck too lol

  • remotelove@lemmy.ca
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    6 months ago

    Nah, this is not really a tech support community, but whatever. (Unless it is a tech support community? I always thought pcmasterrace was supposed to be a hair on the sarcastic side.)

    It looks like a self-signed cert that is on your DSL modem (The subdomain was ‘dsldevice’…) and I am guessing you are trying to use the web interface for your modem?

    If you aren’t making a connection to that device (which would have an IP address in 192.168.x.x, 10.x.x.x or 172.16.x.x) and you are trying to browse to an external site, then:

    1. There is no internet connection and your device is injecting a local address for an external DNS query to give you a hint that you need to fix yo’ shit or
    2. Your device is super old and cannot handle HTTPS correctly. (Unlikely)
    3. Your DSL device is hijacked and is doing an MTM attack on a HTTPS connection. (Highly unlikely, but you never know.)

    Do regular web sites work correctly, or does this happen regardless of the site you are attempting to browse to?

  • 0oWow@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    6 months ago

    Could be that you didn’t pay your internet bill, or your modem has no service.

    • Gimpydude@lemmynsfw.com
      link
      fedilink
      English
      arrow-up
      5
      ·
      6 months ago

      dsidevice.domain_not_set.invalid is the name on the certificate. That’s not the name of a real website. This means that something else is making that certificate.

      If you Google that name, you’ll see that it’s used when some Internet routers lose their connection and they hijack the https connection to give you an error page. Since it’s an https connection, and it’s not a valid certificate you get the error.

  • TheFinn@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    1
    ·
    6 months ago

    Are you connecting through a proxy? Are you familiar with the name given for the certificate: dsldevice?

    It looks like malware that wants to harvest your credentials at every site you visit.