PSA: Just got a reddit.com redirect attempt

I tried to log in as usual, tor to https://pay.reddit, minial scripts on reddit.com only allowed as needed for login. Instead of the usual, I got a security warning. The regular "This Connection Is Untrusted. You have asked to connect securely to reddit.com but we can't confirm that your connection is secure". Now I was about to just shut down the browser, reset tor and go in again when it struck me. That's actually very weakly worded. I could conceivably, if I didn't know better, think that meant "You're doing something fishy, like using TOR. You sure about this?". That's not at all what it means.

"we can't confirm that this connection is secure. Do you understand the risks?" means, in non-evasive language "I don't know who the fuck you talking to, but it ain't reddit.com. That cool?". If you're curious, click Technical Information. I got this, for instance:

https://infotomb.com/9b92i.png

akamaihd.net not being reddit.com and all, no, I'd rather not talk to them or, you know, give them my login info. Risks not understood.

There's no real way to prevent seeing these. Anyone can run an exit node and even legit ones are only as protected as they feel like mustering. It's not a big deal though, if you connect to someplace major (gmail, msn, whatnot) via tor you'll probably spot one now and again. The only guarantee you have tor to clearnet is https and a certificate from the site you intend to connect to. You can click the little padlock and see that GANDI SAS said so, if you want to keep clicking you can see that usertrust and thereby Comodo says so. That's legit, it's actually reddit. If it says otherwise, it's not an accident, someone is lying.

TL;DR While it may seem obvious, if you attempt to log into anything on the clearnet via tor and get a certificate warning, BAIL! Shut your browser and TOR (just to be on the safe side as you've recently spoken to someone who did their best to attack you - they probably had nothing but a lame redirect but why find out), start them over from scratch and try again.


Comments


[10 Points] Hashbangg:

As a netsec professional it warms my heart to see people taking security so seriously.

That said, this (most likely) isn't actually a problem. Akamai is a very widely used content deliver network (CDN). Popular websites use CDN services because they usually have data centers all over the world and will typically pick the one nearest the user to serve the content, and thus the user gets a faster browsing experience.

In this case, probably due to some random session issues, you we're served up the SSL cert for Akamai's domains instead of reddit's when you visited www.reddit.com. This likely is not an actual security issue, but an over abundance of caution never hurts.

Just thought I'd chime in before 'OMG REDDIT IS LE'


[-1 Points] dopelessfopefiend:

Yesterday I was getting a cirtifacate error