I'd guess you're seeing one or more of:

• DNS reverse not working
• Caching
• Poor attempt at port forwarding

Your browser is trying to talk to www.bank.com via HTTPS, but the IP it's talking to doesn't reverse-map to www.bank.com, or there's a different SSL certificate of a cache or forwarding server, that kind of thing.
If you're at all techie, I'd turn on the browser's Developer Console, activate the Network tab, and browse for a while. You ought to be able to get a clue about what's happening by looking at the raw traffic.
posted by spacewrench at 4:01 PM on February 27, 2019 [1 favorite]

It really does mean what it says. For whatever reason, the SSL certificate that is being used is not passing the "sniff test" with your browser.

In most cases, we hope, this is due to a misconfiguration on the server side of the connection. Many web sites are served by more than a single webserver or load balancer, and a misconfiguration on any of these could result in a warning. This can include using the wrong certificate, or failing to include a required intermediate certificate, or having an expired certificate.

In some cases, this may be due to interception of traffic. This can be relatively innocuous, such as your local antivirus program trying to inspect web traffic for viruses and other bad things. However, it can also be a sign that your ISP or some other third party on the Internet is intercepting traffic, potentially decrypting and re-encrypting it. Interception of this sort is used to capture login and password details, and this is very bad.

The safest bet, by far, is to obey the web browser's suggestion. There's been an uptick of traffic interception events on the Internet by nefarious parties, usually through rogue BGP announcements or DNS hijacking. Your web browser is doing well by warning you of a problem.

If you're curious, there's usually an advanced tab of some sort that will allow you to dig deeper into the exact issue that your browser is complaining about. You will not be able to resolve it on your own, most likely, but it may be interesting or useful to capture a screenshot and share it here. Some of the contributors here muck around with SSL and will be able to explain what might be happening, given a specific example.

AT&T Internet is typically provided by DSL, and DSL can be damn erratic. This is likely to be a completely separate issue. If you are having problems reaching any site at all, that's an AT&T issue, and might be due to your DSL modem, your DSL line to AT&T, or AT&T's network itself. The only part of that you really have influence over is the DSL modem. You should observe the lights on the modem to identify what "normal" looks like so that you can identify what's not.
posted by jgreco at 4:03 PM on February 27, 2019 [3 favorites]

It would help a lot to know what browser you have and what add-ons you have. Also you use a VPN? And an outside chance; are you using your computer near a WiFi network you can log into but don't regularly? (Ie, a coffeeshop downstairs?)

The behavior you're describing should never ever happen. It's a symptom of something very serious going wrong. Unless you have some reason to think you are a target it's very, very unlikely that someone is deliberately hijacking your web browser. (Hackers don't attack random people in this way.) But you might have some malware, or you might have some fairly broken network set up that's causing problems.
posted by Nelson at 4:52 PM on February 27, 2019

So there's several things at play here. 1.) Site could be misconfigured, best figured out by seeing if it happens consistently on the same site and the same links. 2.) Some bad something on your computer. Give a run of MalwareBytes on your computer to rule that out. 3.) Check the time and time zone on your PC, and match the time against time.gov . If for some reason you're running a minute behind or more (it should be much more than that, but SSL handshake is weird about time anomalies) get your time / time zone corrected.

When it flips to giving you grief about getting back to safety, and it lets you click for details, if you can either post what it says in those details in here, or email them to me (address on profile) I/we can take a look at which failure it is and hopefully diagnose better.
posted by deezil at 5:13 PM on February 27, 2019 [1 favorite]

I'm going to have to disagree with Nelson's line about being targeted. There are definitely network level attacks happening that are hijacking IP ranges or changing DNS. These do not always happen as a globally visible change, and are often short-duration events. Nelson's implication is that you aren't likely to be attacked because you're not a high value target. Fine, that's fundamentally true, but it's a pointless argument. Spammers spam billions of e-mails on the off chance that they con some sucker. These network attacks are similar. Some may be targeting very specific traffic. Many are doing more generalized data capture. If they can just get people to ignore the warnings and capture your login and password to certain kinds of web sites, that's worth it to them.

krebsonsecurity.com

blogs.akamai.com

theregister.co.uk

Please do not make the mistake of thinking that it's unlikely someone is deliberately hijacking your web browsing. This is definitely going on. If it happens to Google, and even a super-tech-savvy company like the big G can't adequately defend against it, think of how well your bank, your employer's online resources, your e-mail provider, etc., are positioned to defend against this.

Now, of course, this isn't the only possibility. Every other thing mentioned so far in this thread is also a possibility. Lots of good advice. Best bet is to get a screenshot of the certificate detail and what it's complaining about.
posted by jgreco at 6:32 PM on February 27, 2019 [2 favorites]

I'm guessing you're using Chrome based on the "back to safety" wording. Clicking the "Advanced" button on Chrome's HTTPS error page shows a description of the problem and some reasons why it might be happening. Sharing that description here would be helpful—as others have mentioned, there are a lot of reasons why these errors can happen.
posted by panic at 6:42 PM on February 27, 2019 [2 favorites]

It often means that the developer included a site resource without the "s" in the "https://" . Images, style sheest, javascript calls, etc...

This exact behavior can, and frequently is, cause by completely innocuous reasons.
posted by humboldt32 at 6:44 PM on February 27, 2019 [2 favorites]

First thing I would do is to check Network Settings on my 'puter and change the DNS to 8.8.8.8 (one of Google's DNS servers) instead of whatever DNS server my ISP provided me. Other non-ISP provided DNS servers also apply here.

It's true that DNS has been under more-attack-than-usual recently. Bad DNS would give these messages. Malicious attempts or collateral damage (you) would give these sorts of messages. And what they want you to do is "Click OK" and boom! you've been redirected and Man In The Middle (MITM)'d.

AT&T are a bunch of (*#%&(*&)(#Q*&)(#*@ but that's a different thing.

Give your OS (Windows/Mac/Etc). Dump us some detailed error messages. This shouldn't be happening all of the sudden unless there's some wide-spread problem.
posted by zengargoyle at 7:46 PM on February 27, 2019 [1 favorite]

My best guess is that one of the resources being loaded on those specific pages are referenced, specifically, via a http:// URL instead of an https:// URL; any HTTP resource on an HTTPS page is enough to get it marked as non-secure. However, all of the websites you mentioned should be smart enough to avoid this happening on the reg (but big enough that I can see this happening as a one-off until they are made aware). (Source: used to work in website QA.)

I'd also recommend changing your main DNS to Google's; 8.8.8.8. You can search how to do that for your browser.

For Hulu: do you use free Hulu? I'm Canadian so don't know how Hulu works, but is it possible you are seeing ads that are referencing http resources? If you click the link that caused you problems again, does it work?
posted by flibbertigibbet at 2:43 AM on February 28, 2019 [1 favorite]

Developers and web admins are used to seeing this message when something has gone wrong with the SSL certificate for a particular web site (most likely a certificate has expired). However if you are seeing the problem on a range of sites then it points to an issue with your DNS server not being trusted.

I'd recommend the security advice given in mefite Samsara's profile about issues such as this - in particular his recommendations to use an alternative DNS provider such as OpenDNS. There are also some other checks that you might want to consider on your system on that list.
posted by rongorongo at 3:14 AM on February 28, 2019

My experience is that many DSL/cable modems are configured to use DNS to send browsers to the modem's own internal services when the connection glitches. The browser is expecting something from hulu; what it gets is AT&T's custom "I can't find this page" error. The browser sees this, doesn't trust the modem, and gives its own error message.

Many modems are vulnerable to drive-by attacks, so not trusting the modem in this case is likely a good idea, even if it's a false alarm much of the time.

You can probably check this yourself using nslookup or dig. If either return an address in the range 192.168.x.x or 10.x.x.x as an answer to a query, you're probably being redirected to a local web server. traceroute might help as well to see if requests are getting out of your local network.
posted by GenderNullPointerException at 6:34 AM on February 28, 2019 [1 favorite]

nslookup/dig will (usually) tell you what the computer thinks is the right IP address for the name, and how it's getting that address. traceroute will print messages showing how many hops it takes to get to a remote server. It will frequently time out but it should say whether your traffic is getting out of your apartment at least.
posted by GenderNullPointerException at 6:56 AM on February 28, 2019

This thread is closed to new comments.