Page 1 of 1

What is this?

Posted: Fri Dec 09, 2016 11:24 am
by jest2dogs
I often get this notice concerning this particular "website" as listed in the notice whenever I go to say, The New York Times site or other news site. Today I got it when I went to "marinetraffic.com".

Is this some sort of bug, or trojan horse?

When I have typed the supposed address into the address bar it goes nowhere. If I tap on the circular arrow to "repeat" the request, the address disappears.

If it is a bug or trojan horse, how do I get rid of it?

Re: What is this?

Posted: Sat Dec 10, 2016 10:11 am
by Stephen Hart
I use the New York Times site often and have never seen this notice. Are you using some kind of shortcut to get to the Times, or the plain, vanilla URL?
http://www.nytimes.com/

Sometimes such a message means that the site need to update its certificate. I've seen it occasionally on other sites.

Generally, it's a good idea to only use the most straightforward URLs. Especially these days when fake news sites are trying to come up with URLs that are nearly like the real ones.

https://en.wikipedia.org/wiki/List_of_f ... s_websites

Re: What is this?

Posted: Sat Dec 10, 2016 1:18 pm
by jest2dogs
I get "breaking news" alerts from The NY Times that show up on all my devices. (I have The NY Times app on my iPad). But now this certificate warning showed up yesterday when I went to marine traffic.com and, just now, I got a similar alert when I went to the British news site for an article from The Guardian. The aforementioned certification alert has been showing up for months.

I contacted Olypen and they could not duplicate the certificate alert and they said their site was clean. They offered to research it further if I want. They suggested I make sure my computer time/date is correct as that may trigger such an alert. My time/date is just fine, thank you.

My mind is telling me that I may have inadvertently triggered a "cookie" or some kind of a bug when I clicked on a sidebar article on some news page or the like. (Sorry, I do not know how to clean out, or otherwise edit "cookies", though I have come across that option somewhere in the preferences. I suffer from "CRS" :0)

BTW, that other issue I had with Mail, where I could not edit in "Draft" , but then, miraculously all was better? Well, the issue has returned! Me thinks a bug.

Re: What is this?

Posted: Sat Dec 10, 2016 2:36 pm
by Stephen Hart
I guess it's possible that a request is going to another site and triggering the alert when you visit certain legitimate ones.

Here's how to check on cookies, through it may not be easy to know what you want to delete:

Safari > Preferences > Privacy > Cookies and website data > Manage Website Data...

Re: What is this?

Posted: Sat Dec 10, 2016 2:46 pm
by Stephen Hart
Googling "Safari can't verify the identity of the website" turns up pages of answers to this exact question, going back years. You might check a few of those out.
http://osxdaily.com/2014/03/26/fix-safa ... ite-error/

Here's an answer from Stony Brook University computer science, which sounds trustworthy:
https://www.cs.stonybrook.edu/about-us/ ... urityError
Safari 3.x

When this happen with Safari, you will get an error message like " safari can't verify the identity of the website "..cs.sunysb.edu"

This is normal and in order to continue you can just click on "Show Certificate" which will show an another window basically asking you to trust the certificate. At this point, you can do the following:

Check the "Always Trust ..." checkbox.
(Optional) Expand "Trust" and "Details" and verify that it says "Always Trust" in the Trust section.
Click "Continue".
If prompted, login with your local username and password and click "OK".
There have been reports of Safari hanging after making this change so if this happens just "Force Quit" and you should be fine after that. This is a one time fix. Adding the security exception will eliminate the error for future browsing.
I've also seen the answer to reset date and time in System Preferences. Some say to uncheck set automatically, wait a while, then recheck it.

Re: What is this?

Posted: Sat Dec 10, 2016 2:59 pm
by Stephen Hart
This Apple discussion recommends Malwarebytes https://www.malwarebytes.com/mac/
https://discussions.apple.com/thread/77 ... 0&tstart=0
I've read about this app previously, from several sources, so I think it's safe.

If you want another site that seems very unlikely to contain bogus information, try the U.S. Army Medical Research and Materiel Command:

http://mrmc.amedd.army.mil/index.cfm?pageid=ssl

Like others, they say to
1. Click Show Certificate
2. Check to confirm that (1) the "Common Name (CN)" matches the site you're attempting to reach, and (2) that the certificate expiration date hasn't passed.
3. Proceed, which will create a certificate and should permanently take care of the problem for that site.

Re: What is this?

Posted: Sat Dec 10, 2016 4:23 pm
by jest2dogs
The common name on the alert is shown as "*doto.mi.com".
That does not at all match "marinetraffic.com" nor "nytimes.com".
Also, when certificate is showing I cannot get off that tab until I clear the certificate alert from the screen. That is, if Safari is up with several tabs (other sites), I cannot move between them if the "alert" is showing on one of the tabs.

Re: What is this?

Posted: Sat Dec 10, 2016 4:36 pm
by jest2dogs
I just deleted the cookie for"doto.mi.com" in Safari preferences.

When I reconnected to marinetraffic.com the alert immediately reappeared. That site seems to be the trigger site this week as the "alert" has appeared many times before, unrelated to the marine site.

I should add that when the "alert" appears, clicking on the "cancel" button, rather than the "continue" or "show certificate" buttons, closes the alert and I then have full access to the site.

And I have utilized the malware program and restarted my computer. Thanks. Let's see what happens and when.

-Jesse