Firefox warning message

[stillsearching]

I've just had a strange error message appear in Mozilla Firefox, regarding a security certificate for a site I wasn't accessing! I had several windows open at the same time, but I think it seemed to appear whilst trying to logon to my hotmail. For info, i'm running XP on a laptop. Here's the message:

'You have attempted to establish a connection with "secure.footprint.net". However, the security certificate presented belongs to "www.gendcom.info". It is possible, though unlikely, that someone may be trying to intercept your communication with this web site. If you suspect the certificate shown does not belong to "secure.footprint.net", please cancel the connection and notify the site administrator.'

Now, I've looked up gendcom.info and it's the French national military police force, which is slightly worrying! Anyone know why this message may have appeared for no apparent reason? Any advice greatly appreciated! Thanks.

[ByTeWrangler]

Greeting's

Finally someone having the same problem anyway for more info you might want to read :


1. http://www.antionline.com/showthread...hreadid=274682

2.http://www.antionline.com/showthread...710#post894710

[brokencrow]

I got the same thing logging into Hotmail using Opera. I doubt it's anything to be alarmed about. M$'s probably handling certificates manually in non-IE browsers. Hotmail uses a lot of java, almost as much as this site. Who knows what they've coded in there. But, hey, it is Hotmail!

As for the whois on gendcom.info, I didn't turn up anything (neither Ripe nor Internic). Where did you get the French police force bit? The IP address (194.112.114.91) I picked for gendcom belongs to a French & German telecom from what I can tell. The whois on secure.footprint.net belongs to an outfit out of NC: Savvis. Probably under contract to the Redmond bunch.

Just my two bits...

p.s. -- I see where you got "die polizei" bit. He-heh, I didn't think to load it in a browser. Relax, Big Brother's only watching.

[nihil]

Did you check the certificate?

Yes Gendcom.info is the French National Gendarmerie

The telco is Cable & Wireless Europe. This is a very old British outfit as it happens I used to use them for long distance, then for all my domestic phone & cable stuff. They changed their name to Mercury Telecommunications and later became ntl which is what they trade as now, in the UK.

This is the user:

Domain ID2702446-LRMS
Domain Name:GENDCOM.INFO
Created On:10-Jun-2003 08:15:14 UTC
Last Updated On:10-Jun-2005 15:25:19 UTC
Expiration Date:10-Jun-2006 08:15:14 UTC
Sponsoring Registrar:Transpac (R203-LRMS)
Status:OK
Registrant ID:C3269618-LRMS
Registrant Name:gendarmerie nationale
Registrant Organization:gendarmerie nationale
Registrant Street1:1 boulevard Theophile Sueur
Registrant Street2:
Registrant Street3:
Registrant City:rosny sous bois
Registrant State/Province:
Registrant Postal Code:93110
Registrant Country:FR
Registrant Phone:+1.33153654457
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant **********************@mgn.net
Admin ID:C4852723-LRMS
Admin Name:Le Colonel Geraud Nicolas
Admin Organization:GENDARMERIE NATIONALE
Admin Street1:1 Bld Theophile Sueur
Admin Street2:
Admin Street3:
Admin City:Rosny Sous Bois
Admin State/Province:
Admin Postal Code:93110
Admin Country:FR
Admin Phone:+33.153654470
Admin Phone Ext.:
Admin FAX:+33.153654983
Admin FAX Ext.:
Admin ********************@gendarmerie.org
Billing ID:C2083298-LRMS
Billing Name:Oleane Hostmaster
Billing Organization:France Telecom Transpac
Billing Street1:13 rue de Javel
Billing Street2:
Billing Street3:
Billing City:PARIS
Billing State/Province:
Billing Postal Code:75015
Billing Country:FR
Billing Phone:+33.153951400
Billing Phone Ext.:
Billing FAX:+33.153951401
Billing FAX Ext.:
Billing ****************@oleane.net
Tech ID:C4852724-LRMS
Tech Name:Le Capitaine Chateau Jean Pascal
Tech Organization:GENDARMERIE NATIONALE
Tech Street1:1 Bld Theophile Sueur
Tech Street2:
Tech Street3:
Tech City:Rosny Sous Bois
Tech State/Province:
Tech Postal Code:93110
Tech Country:FR
Tech Phone:+33.153654459
Tech Phone Ext.:
Tech FAX:+33.153654475
Tech FAX Ext.:
Tech *************************@GENDARMERIE.ORG
Name Server:NS4.OLEANE.NET
Name Server:NS5.OLEANE.NET
Name Server:

So:

1. You are a French paedophile and have been rumbled.
2. The Gendarmerie have been owned.
3. Someone has screwed up the certificate.
4. It is one of those "internet things"

I guess I would e-mail the Gendarmerie and ask what is going on................after all thay are the investigators, and they have the authority to get information from Telcos and ISPs

Bon chance mon ami

[brokencrow]

Wouldn't #3 and #4 be the same thing, nihil?

[nihil]

Wouldn't #3 and #4 be the same thing, nihil?

Not as I meant it there. #3 would be a straight "clerical error" whilst there could be specific internet problems, or (more likely) a mixture of errors?

I don't see how a straight clerical error could link hotmail to the Gendarmerie, but I had to include it as a vague possibility.............obviously if it happened all the time it would be spotted immediately?

[stillsearching]

Well I was hoping that it was just one of those 'internet things', but maybe there is more to it having read your responses. With reference to your comment regarding the "Gendarmerie have been owned", what does this mean? It just seems strange that this certificate error is appearing in the last couple of days (and continues to appear), when I login incorrectly into Hotmail. I guess I will just have to try and contact the French and ask them, although it doesn't look as though there's a complete email address in the info you listed. Thanks for your responses though. If you have any other clues or advice, I'd be glad to hear them!

[brokencrow]

I really wouldn't worry about it. There is NOTHING private in your Hotmail account. Take it from a guy who had an email lifted years ago only to have it end up over at the eff-bee-eye...

[nihil]

Hi,

I think you take the "name" and replace the "******'s" with it in front of @gendarmerie.org

There is a colonel and a captain........................I guess that you use the full title as seen.

[DjM]

Posted on SANS this morning:

For a brief time this morning (in the US), the SSL certificate for Hotmail was broken. It gave the SSL certificate for www.gendcom.info, which seems to be a legitimate site that uses SSL. The Hotmail SSL certificate was quickly fixed. After researching, I discovered that both organizations use Savvis webhosting. So I'm thinking this was a technical glitch at Savvis.

SANS

Cheers: