Avast Blocking Access

[senac]

Hi, from Portugal

I don't use HTTPS Everywhere and I am also getting several popup's warning me that web shield has blocked the pages I am loading, because "ssl (various  numbers).cloudflaressl.com are not valid certificates". It happens when loading different pages and URL's are not identified on the popup's. For now, I unchecked HTPPS verification on Avast Web Shield while waiting for a permanent fix.

Best regards 

[DavidR]

This is not exclusively linked to either XP or HTTPS Everywhere, it is just that HTTPS Everywhere is more likely to come across this type of notice given it is forcing HTTPS of a site which isn't geared up for it and avast would be looking for a valid certificate.

It just so happens that the greatest majority of these notifications are going to relate to cloudflaressl, because they have the highest percentage of ssl certificates issued to dodgy sites.

[polonus]

Hi senac,

I have to agree with my forum friend, DavidR, in this respect and let me an example
to illustrate what DavidR means here, look for instance at: -https://edublogs.org and -http://edublogs.org
from the HTTPS Everywhere Atlas.
Edublogs – free blogs for education - Blogs and... padlock icon
-edublogs.org
Alerts (1)
Insecure login (1)
Password will be transmited in clear to -http://edublogs.org/
Infos (3)
Secure login (2)
Password will be transmited securely to -https://edublogs.org/wp-login.php?ref=login
Password will be transmited securely to -https://edublogs.org/wp-login.php

64% of the trackers on this site could be protecting you from governmental and big corportionall snooping.
Tell edublogs.org to fix it.
Unique IDs about your web browsing habits have been insecurely sent to third parties, here as xid.

to -Google
-larryferlazzo.edublogs.org
-Google
-studentchallenge.edublogs.org
-bergseyeview.edublogs.org
-missblessings.edublogs.org
- local.adguard.com (this because I have Adguard beta installed, and beta testing it - data come anonymized)
-Yahoo!
-Yahoo!
-s.swiftypecdn.com
-Google
-Google
-englishblogmmg.edublogs.org
-www.googletagmanager.com
-Quantcast
-ecx.images-amazon.com
-www.mustbebuilt.co.uk (This because I have builtwith extension installed in Google Chrome).
Encryption (HTTPS) (1)
Communication is NOT encrypted
See: https://www.eff.org/https-everywhere/atlas/domains/edublogs.org.html
Netcraft Risk Rating: http://toolbar.netcraft.com/site_report?url=https://edublogs.org

And as we see again  bulk hoster like Cloudflare is involved
because it is giving less pro-active security as one should expect. 

polonus (volunteer website security analyst and website error-hunter)

[glnz]

I now have HTTPS Everywhere off - disabled.  But it happened again just now on Wall Street Journal's website.
Apparently something in this page triggered it:
http://www.wsj.com/articles/russian-egyptian-teams-search-for-evidence-at-sinai-crash-site-1446383507
Note that this page is UNsecured - http, not https.
(If you want to see the same WSJ page and you are not a paying subscriber, try this: http://on.wsj.com/1NjjwBp .)
Can DavidR and polonus tell what is triggering this?

[polonus]

Hi glnz,

And again it seems cloudflare is at the culprit of this with 41% tracking on the page going on in an insecure way via
cdnjs.cloudflare.com __cfdui going to some 22 third parties!
Probe of Russian Plane Crash in Egypt’s Sinai P... padlock icon
www.wsj.com
Infos (1)
Encryption (HTTPS) (1)
Communication is NOT encrypted
Statistics
Images   0   External JS   0
Background images   0   External CSS   0
Objects (Ex: Flash...)   0   IFrames   0

Privacy Badger could block -djcs-prod.s3.amazonaws.com

-cdnjs.cloudflare.com

-d3qdfnco3bamip.cloudfront.net

There is nothing regulated where ids tracking third party spooks is concerned, you can opt out but honoring your wishing is not guaranteed. Your best bets are decent adblocking and  script blocking.

See tracking the trackers report attached.

polonus (volunteer website security analyst and website error-hunter)

[polonus]

This tracking "when URLs don't change", see above attached tracking the trackers report is having bad web rep:
Tealium ->   : https://www.mywot.com/en/scorecard/tealium.com?utm_source=addon&utm_content=popup
-> -http   vir.wsj.net   /wsjart/dpm/scripts   analytics   key=d17b1f8b25ec094c665abcbced19b685d34a5737   505   662   2015-11-02 13:31:01   (tealium\.hs\.llnwd\.net|\.tiqcdn\.com|\.tealiumiq\.com)   -http://tags.tiqcdn.com/utag/wsjdn/wsjarticles/dev/utag.js   Tealium   with  TrustE sealed negative rating.

pol

[senac]

Hi DavidR and Polonus
Thank you both for your replay.

Polonus:
I thank you for the example you gave me but I'm sorry to say I haven't enough skills to understand it, to me it is as if it was written in Chinese language , anyway, I unchecked HTPPS verification on Avast Web Shield, as I said before, and so far I didn´t get more warnings but I am a little worried about the danger it can give to my system's security.
Best regards

[bob3160]

Hi DavidR and Polonus
Thank you both for your replay.

Polonus:
I thank you for the example you gave me but I'm sorry to say I haven't enough skills to understand it, to me it is as if it was written in Chinese language , anyway, I unchecked HTPPS verification on Avast Web Shield, as I said before, and so far I didn´t get more warnings but I am a little worried about the danger it can give to my system's security.
Best regards

On access and on demand are still protecting you from anything that gets to your computer.

[senac]

Hi, bob3160
Thank you for making me feel much safer now. 
Regards

[bob3160]

Hi, bob3160
Thank you for making me feel much safer now. 
Regards

My pleasure.

[Eddy]

HTTPS scanning has changed in version 2016, you may want to update and see if the problem is still there in this latest version

[polonus]

Hi senac,

To put it in more simple wordings...

Eddy is right here and I have just summed up the tiniest tracking wormhole that is going on there (this is my speciality and my passtime). All not something you can do anything about or have to worry about as it happens anyway all the time and all of the time, just the nature of the Interwebs. I gave this info just for the record. I think we are still a far, far way off from when we can say the Internet is working in a more secure way.

In my country, the Netherlands, kids are now being trained at school to get an Internet license to learn to surf more securely on the Interwebs, efforts that come a bit little and a bit late this education. As a trained teacher I like such initiatives.

And always remember there are parties that can cash in big time because of the general public's ignorance and they won't hurry to bring about big changes, as it is against their vested interests...

polonus (volunteer website security analyst and website error-hunter)

[senac]

To Eddy and polonus

Just before read Eddy's post, I noticed the 2016 update to Avast, I did it, rechecked HTPPS verification on Avast Web Shield and so far everything seems to be running OK.

Once again, thanks for your kind help

[REDACTED]

I have read most of the problems with certificate invalid SS/334328 cloudflaressl.com as I have the same problem.   There is one site that recently I cant open and that is Ryanair official website.  I used to be able to open it so I dont know why now I cant.   I dont understand really anything about pcs but maybe someone can explain step by step how to sort out this problem.  I have XP.

[DavidR]

I have read most of the problems with certificate invalid SS/334328 cloudflaressl.com as I have the same problem.   There is one site that recently I cant open and that is Ryanair official website.  I used to be able to open it so I dont know why now I cant.   I dont understand really anything about pcs but maybe someone can explain step by step how to sort out this problem.  I have XP.

First we need to know what avast version you are using, if it isn't the latest version (2016.11.1.2245) then you need to update the program.

Right click the avast tray icon and select about avast - that will tell you what the version number is. If it isn't the latest, then from that window click the Update option to the left. Now select the Program Update option.

I have XP and latest avast free version, no issue with browsing/scanning https sites.

No problem connecting to -https://www.ryanair.com/gb/en/