[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #5686 [EFF-HTTPS Everywhere]: Many rules fail to initiate rewrite to https & some that do produce insecure sessions

To: undisclosed-recipients:;
Subject: [tor-bugs] #5686 [EFF-HTTPS Everywhere]: Many rules fail to initiate rewrite to https & some that do produce insecure sessions
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Fri, 27 Apr 2012 23:05:42 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 27 Apr 2012 19:05:55 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5686: Many rules fail to initiate rewrite to https & some that do produce
insecure sessions
----------------------------------+-----------------------------------------
 Reporter:  torcoascor            |          Owner:  pde
     Type:  defect                |         Status:  new
 Priority:  normal                |      Milestone:     
Component:  EFF-HTTPS Everywhere  |        Version:     
 Keywords:                        |         Parent:     
   Points:                        |   Actualpoints:     
----------------------------------+-----------------------------------------
 Navigating to symantec.com, www.symantec.com, mcafee.com, ibm.com,
 www.mcaffee.com, npr.org, www.npr.org, nytimes.com, www.nytimes.com among
 many others results in "This website does not supply identity
 information". For some the site icon in a larger area appears that would
 suggest secure occasion occurs briefly. Examples that rewrite to https
 successfully include eff.com, torproject.org, adobe.com, mozilla.com.
 Entering full url https://full_host_name will establish a secure session
 for many of those that otherwise fail to rewrite. For npr.org gets
 rewritten to https://www.npr.org but doesn't connect in https scheme.
 Correct rules show in the HTTPS Everywhere control most of time but for
 some such as oracle.com the only rule identified is 2o7.net Navigating to
 https://www.oracle.net does not result in secure scheme but oracle logo
 appears to left of url. computerworld.com behaves similarly except that
 it's rule and 12 others including 2o7.net appear in the control list.
 lenovo.com and symantec.com both appear at first to have a secure
 connection which then is replaced by insecure but has been rewritten as
 https://www.lenovo.com/us/en/.

 Disabled all addins and navigated to several of the sites where the https
 rewrite appeared to have happened and the results were as follows: IBM -
 secured, Oracle - not secured, NPR - not secured, NYTimes - not secured
 and Lenovo - not secured. Using Chrome without the beta HTTPS Everywhere,
 IBM - secured; Lenovo, NPR, NYTimes, Symantec - connection secure but
 other resources partially secured; McAfee - not secured.

 Symptoms sound like virus/trojan but have run latest version of Microsoft
 msert.exe which found no infections. Norton as shown below is always on
 with real time protection and full scans daily.

 Any ideas about what is going on welcome.

 Environment: Windows 7 Ultimate SP1 w Norton Internet Security 19.7.0.9 on
 workstation behind SPI router/firewall; Firefox 12.0 w all Addons disabled
 except: HTTPS Everywhere 2.0.2, Norton Toolbar 2012.5.3.7, Norton
 Vulnerability Protection 10.1.0.68 - 3, Secure Login 0.9.9, Following
 plugins current: Flash, Java, MS Office, Nitro PDF 7.3, Acrobat 10.1.2.45
 not current: GoogleUpdate disabled, Silverlight.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5686>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #5686 [EFF-HTTPS Everywhere]: Many rules fail to initiate rewrite to https & some that do produce insecure sessions
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #5686 [EFF-HTTPS Everywhere]: Many rules fail to initiate rewrite to https & some that do produce insecure sessions
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #5686 [EFF-HTTPS Everywhere]: Many rules fail to initiate rewrite to https & some that do produce insecure sessions
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #5686 [EFF-HTTPS Everywhere]: Many rules fail to initiate rewrite to https & some that do produce insecure sessions
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #5686 [EFF-HTTPS Everywhere]: Many rules fail to initiate rewrite to https & some that do produce insecure sessions
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #5686 [EFF-HTTPS Everywhere]: Many rules fail to initiate rewrite to https & some that do produce insecure sessions
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #5676 [EFF-HTTPS Everywhere]: HTTPS rewriting is bypassed if DNS root is explicitly specified
Next by Author: Re: [tor-bugs] #5684 [Metrics Data Processor]: Should we stop sanitizing nicknames in bridge descriptors?
Previous by thread: Re: [tor-bugs] #5458 [Tor Client]: Clients should warn in the event of excessive circuit failures
Next by thread: Re: [tor-bugs] #5686 [EFF-HTTPS Everywhere]: Many rules fail to initiate rewrite to https & some that do produce insecure sessions
Index(es):
- Author
- Thread