TechSpot

PayPal & HTTPS

By Cycloid Torus
Feb 13, 2016
Post New Reply
  1. I use Chrome for a browser, but also have Firefox & IE(rarely used). All are up to date. I have HTTPS Everywhere, FlashControl, Adblock Plus, Avira Browser Safety. I have no problems reaching websites (eBay, Staples, BBC, my broker, TechSpot, etc. I am having problems getting to PayPal, and once there (after 6-8 tries on Chrome and Firefox), I can have real problems logging in. Mostly the address bar complains about 'no https' ("failedBecause=securityTokenError" - see #1) between the login attempt and actually logging in, it pushes me back to the login screen to try again - though I cannot imagine running a financial site like PayPal without https throughout. On occasion I get a series of "Privacy Error" notices which basically says Chrome / Firefox will not let me proceed because there is something wrong. The most troublesome is #3, when I get on the PaypPal website and HTTPS is 'green' and I link to login screen (still 'green') and I submit name and password for login and then https crashes and it appears there is a fraudulent certificate which involves "pixel.mathtag.com" (pop-up malware a/k/a Azureas).

    I have spoken to techs at PayPal and have been told "we don't see any login attempt - so not our problem". Of course that is true because the login is PREVENTED due to irregularity in the security. PayPal Problem 1.png PayPal Problem 3 following link from paypal email.png

    When https is broken, whose problem is it?
     
  2. jobeard

    jobeard TS Ambassador Posts: 9,322   +622

  3. Cycloid Torus

    Cycloid Torus TS Evangelist Topic Starter Posts: 1,657   +309

    Thanks for direction- taken:


    wormly - only exception

    TLS Stateless Resume / Session Tickets

    TLS Session resumption allows the reuse of a recently valid TLS session ticket - improving performance for clients making multiple requests in much the same way as SSL session caching does.

    This improves performance from the clients’ perspective, because it eliminates the need for a new (and time-consuming) TLS handshake to be conducted each time a request is made.

    A significant difference between TLS stateless resumption and SSL session caching is that TLS stateless resumption does not require the server to cache SSL session keys, which reduces the memory burden on the server to support large numbers of clients.

    If the client or server does not support TLS session tickets then a new session must be established for each request. Most modern clients and server support this feature, so be sure to enable it on your secure web server.

    comment: not such a bad thing - means I have to get each instance tested (I guess)


    F-Secure: able to access

    digicert.com - clear

    Ran adware cleaner - no issues

    Haven't run JRT in a while, so I might dig up a current copy and try that...but I was wondering if it was some type of Man in the Middle since it woul appear for awhile and then not for awhile
     
  4. Cycloid Torus

    Cycloid Torus TS Evangelist Topic Starter Posts: 1,657   +309

    Tried same in Firefox - all 3 tests worked fine - same TLS stateless exception

    BUT when I tried to reach PayPal, while I could get to home and it was secure, when I tied to login I got the following "failure" in the address bar - securityTokenError

    PayPal Problem 4.png
     
  5. Cycloid Torus

    Cycloid Torus TS Evangelist Topic Starter Posts: 1,657   +309

    So I went back to Chrome and googled 'security token error papal' and tried the first link:
    PayPal Problem 6.png

    which then led to:

    PayPal Problem 5.png

    So I have made the entire round trip and am back at 'broken https'
     
  6. Cycloid Torus

    Cycloid Torus TS Evangelist Topic Starter Posts: 1,657   +309

    Did all you suggested - all clear. Next steps or is this a Man-in-the-Middle attack?
     
  7. I use IE to log in with no problems try it might be Chrome playing silly buggers
     
  8. Cycloid Torus

    Cycloid Torus TS Evangelist Topic Starter Posts: 1,657   +309

    Could be silly buggers - or maybe something serious - only Clive knows...
     
  9. jobeard

    jobeard TS Ambassador Posts: 9,322   +622

    My thought is you need updated certificates and to drop the old, now unsupported ones
     
  10. Cycloid Torus

    Cycloid Torus TS Evangelist Topic Starter Posts: 1,657   +309

    I cleared cache, is there more to it than that? I'm a tinkerer (not a software jock, though I did a bit of programming on a 7094).
     
  11. jobeard

    jobeard TS Ambassador Posts: 9,322   +622

  12. Cycloid Torus

    Cycloid Torus TS Evangelist Topic Starter Posts: 1,657   +309

    Puzzled. 3004394 installed 12/10/14. 3024777 installed 12/13/14. ("problem fixed"). Then AGAIN 3004394 installed 2/11/15 (latest update).

    Is this a new 3004394 or the old one? Should I apply the 3024777 fix AGAIN?

    Win7 Home Premium (updated); Chrome (updated).
     
  13. Cycloid Torus

    Cycloid Torus TS Evangelist Topic Starter Posts: 1,657   +309

    Another slant: https://cheapsslsecurity.com/blog/google-chrome-ssl-certificate-errors-troubleshoot-guide/

    "Main reasons behind SSL Certificate Error on Google Chrome are:

    (1) The System Time is not the real-time.

    (2) The SSL certificate has Expired.

    (3) Google Chrome is not updated.

    (4) The SSL certificate is not Installed properly.

    (5) The SSL certificate is not issued by a Trusted Certificate Authority (CA) or a self-signed certificate is used to secure a website.

    (6) The website is secured with an outdated 128-bit SSL.

    (7) The website is secured with an outdated SHA-1 Algorithm."

    On my end, the problems could be 'bad time' on my system clock (mine is NIST) and 'out of date' browser (updated 3 times in last 2 weeks). Maybe we add 'bad windows update'.

    Sorry if I'm a bit burned out. Up all night with a sick furnace in -20C weather.
     
  14. jobeard

    jobeard TS Ambassador Posts: 9,322   +622

    Likely to repeated use of the 3004394 identifier (eg v1,v2,v3 ...) to track currency of the certificates.

    3024777 should not be required UNLESS you have an issue.
     
    Cycloid Torus likes this.
  15. Cycloid Torus

    Cycloid Torus TS Evangelist Topic Starter Posts: 1,657   +309

    Don't have the specific error, so will not run the fix.

    I guess it looks like PayPal's problem - at least until the dying certificate expires.
     
  16. jobeard

    jobeard TS Ambassador Posts: 9,322   +622

    That bothers me, as others are using PP - - so I would question your PC. Have you tried accessing via a mobile device?
     
  17. Cycloid Torus

    Cycloid Torus TS Evangelist Topic Starter Posts: 1,657   +309

    Don't own one. Just was able to sign in at PayPal and at PayPal tech support - as if nothing had happened.

    Then I tried an incognito Chrome and was told PayPal wouldn't accept https

    "
    Windows Network Diagnostics
    Publisher details
    Issues found
    The remote device or resource won't accept the connection
    The remote device or resource won't accept the connection
    The device or resource (www.paypal.com) is not set up to accept connections on port "https".
    Detected
    [​IMG]
    Contact your network administrator
    Completed
    Issues found
    Detection details
    6
    The remote device or resource won't accept the connection
    Detected
    [​IMG]
    The device or resource (www.paypal.com) is not set up to accept connections on port "https".
    Contact your network administrator
    Completed
    The computer or device you are trying to reach is available, but it doesn’t support what you’re trying to do. This might be a configuration issue or a limitation of the device.
    Detection details
    [​IMG]
    [​IMG]
    Network Diagnostics Log
    File Name: 7D22A6E3-9FAF-47F7-94E3-D4E0C1ED6A05.Diagnose.0.etl
    [​IMG]
    Other Networking Configuration and Logs
    File Name: NetworkConfiguration.cab
    Collection information
    Computer Name: BOSSPC
    Windows Version:
    6.1
    Architecture:
    amd64
    Time:
    Monday, February 15, 2016 2:10:30 PM
    Publisher details
    [​IMG]
    Windows Network Diagnostics
    Detects problems with network connectivity.
    Package Version:
    1.0
    Publisher:
    Microsoft Windows

    Puzzled.
     
  18. jobeard

    jobeard TS Ambassador Posts: 9,322   +622

    OK, Chrome fails, Try IE and/or Firefox
     
  19. Cycloid Torus

    Cycloid Torus TS Evangelist Topic Starter Posts: 1,657   +309

    Ran malwarebytes - nothing. CMD - ipconfig /dnsflush (oops, /flushdns) - connected https with PayPal.

    Lets say it is DNS - my ISP, Cablevision - what should I do?
     
    Last edited: Feb 15, 2016
  20. jobeard

    jobeard TS Ambassador Posts: 9,322   +622

    (1) likely you made a typo; it's IPCONFIG /FLUSHDNS (not dnsflush)

    get a cmd prompt and test with NSLOOKUP PAYPAL.COM

    I get:
    • Non-authoritative answer:
    • Name: PAYPAL.COM
    • Addresses: 66.211.169.3
    • 66.211.169.66
     
  21. Cycloid Torus

    Cycloid Torus TS Evangelist Topic Starter Posts: 1,657   +309

    Currently just the same - and able to sign in at paypal.com - will test this way if error appears.

    Thanks!

    ps Called my ISP and they will take a look too.
     
  22. Cycloid Torus

    Cycloid Torus TS Evangelist Topic Starter Posts: 1,657   +309

    Problem is back..and worse in a way. I entered the IP (both of them) for paypal and was told

    "Your connection is not private
    Attackers might be trying to steal your information from 66.211.169.3 (for example, passwords, messages, or credit cards).

    NET::ERR_CERT_COMMON_NAME_INVALID
    Subject: paypal.com

    Issuer: DigiCert SHA2 High Assurance Server CA

    Expires on: Dec 16, 2016

    Current date: Feb 15, 2016"

    I dumped dns cache into a text file and found
    "
    www.paypal.com
    ----------------------------------------
    Record Name . . . . . : www.paypal.com
    Record Type . . . . . : 1
    Time To Live . . . . : 8201
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 54.221.204.162"

    Which is NOT paypal, but it is https://www.wormly.com/ instead


    It seems to say that the issue is beyond me...any help would be appreciated.
     
  23. Cycloid Torus

    Cycloid Torus TS Evangelist Topic Starter Posts: 1,657   +309

    Another thought - what program or service created the local DNS cache - if there were a problem with that - what is it? -how could you test it? - how could you fix it?
     
  24. That sounds like you have been hacked and have a redirect in your machine for paypal but without being there
     
  25. Cycloid Torus

    Cycloid Torus TS Evangelist Topic Starter Posts: 1,657   +309

    Poking around further I think I have discovered something - but do not know what to do about it. Apparently, Google DNS cache is getting the IP for PayPal mixed up with other IPs in the local machine DNS resolver. I also imagine that if I knew Firefox, I would find something similar going on there. See the screenshot below and let me know what you think.

    PayPal Problem 8 wrong IP in Google DNS Cache.png
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...