I as just forced by Thunderbird to accept a new security certificate, but no info for why was provided. Has this been required by Mozilla? Or am I hacked?
I just logged into Thunderbird (2018/05/03), as usual, and for the very first time I was presented with a pop-up dialog box that prompted me to accept a new security certificate. I have never seen this behavior before. Is this something that Mozilla has recently required? Could it have been from my email service provider, and if so, why was there nothing identifying them as the originator of this request? Finally, how do I dump this certificate if it is bogus, and how do I get past the demand that I accept the certificate?
Chosen solution
Well, I think I have this situation sorted out. The certificate presented to me had to be either from TB or from my email service provider. It appears that is was not TB, but it was from my email service provider. It looks like they installed a "Zimbra Collaboration Server", and accepting the cert was required to continue using their service. Yes, I should have taken the time to ensure that I wasn't accepting trouble, but life can be imperfect and I was very rushed, so I did what I had to get to a needed email before a meeting. For what it's worth, looking at the servers did help a bit, but the condescension was entirely unnecessary. Good BOFH impression, though.
Read this answer in context 👍 0All Replies (6)
I as just forced by Thunderbird to accept a new security certificate
No you were not forced to do anything. That you did accept the certificate without looking at the details is how folks get hacked and also how they get malware installed. You have heard I hope about social engineering in the process of distributing malware. You have just demonstrated it.
It is a shame you did not actually look at the certificate. These security certificates are issued through a chain of trust arrangement and Thunderbird has a data base of trusted issuers. That you saw the certificate request indicates that the certificate was not issued in the chain of trust, was expired or was in some other way suspect. If the certificate was false, you have probably already been hacked, or your employer has been. simply clicking to accept that could have been all that was required to let in one of the crypo lockers where the encrypt your hard drive and ransom it's contents back to you.
SO options > Advanced > Certificate. Click on the Manage certificates button. In the certificate manage window select the servers tab. Hopefully the server is listed there so you can view the certificate and make an informed decision if it is ok. Most are. However you need t make an informed decision based on who issued it, and when it expires.. It is worth noting that there are a number of anti virus vendors wthat ask you to install certificates so they can decrypt your communication nd scan the contents. Just be aware that these companies have not undertaken the expensive audit processes that those who are trusted certifying authorities have. SO they are prime candidates for government backed back doors into your encrypted communication. You might be of the view you have nothing to hide, but that does not change the risk, and it does not say which government. These companies are multi nationals mostly so it could be any government that has jurisdiction over one of the national offices.
That .
I say that I was forced as the only other option was to discontinue my use of my main email address. I did look for an alternative. I did look for further information. I do wish that I had screen-captured the dialog box, but I did not. Is there a way to find out which certificate was involved? Is there a log file that would capture such an event?
I gave you instruction to use options to get to the certificate manager. Do you also need instructions on how to find the appmanu icon on the right of the toolbar? (t is the one with the three horizontal bars.
Finding the certificate manager is easy. The list of servers all look valid. The list of authorities/certificates however is huge, and I see no indication of what might be an invalid cert. Furthermore, I see no indication of a date when they were added, so I don't know how to pin down which cert it was that I encountered earlier today. That is why I asked if there were a log file that could show me when it was accepted, hopefully paired with the name of the cert or authority.
Chosen Solution
Well, I think I have this situation sorted out. The certificate presented to me had to be either from TB or from my email service provider. It appears that is was not TB, but it was from my email service provider. It looks like they installed a "Zimbra Collaboration Server", and accepting the cert was required to continue using their service. Yes, I should have taken the time to ensure that I wasn't accepting trouble, but life can be imperfect and I was very rushed, so I did what I had to get to a needed email before a meeting. For what it's worth, looking at the servers did help a bit, but the condescension was entirely unnecessary. Good BOFH impression, though.
AllanJohnstone said
It appears that is was not TB, but it was from my email service provider. It looks like they installed a "Zimbra Collaboration Server", and accepting the cert was required to continue using their service.
If they did an install and you had to accept a certificate, then they are doing it wrong. While it is fairly common for folk that are doing something to a price. But really unacceptable just the same.
I googled BOFH, so with that knowledge I am happy now. PEBKAC is what the BOFH would suggest is the issue. bye now.