Re: [SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

On Wed, 5 Jan 2022 19:42:33 +0100 wrote: > On Wed, Jan 05, 2022 at 12:41:23PM -0500, Celejar wrote: > > [...] > > > The configuration I'm talking about is as follows: the browser makes > > ordinary, unencrypted DNS requests to the Pi-hole, over a trusted > > network > > If the browser decides

Re: [SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

On Wed, Jan 05, 2022 at 12:41:23PM -0500, Celejar wrote: [...] > The configuration I'm talking about is as follows: the browser makes > ordinary, unencrypted DNS requests to the Pi-hole, over a trusted > network If the browser decides to make the DNS requests over HTTPS (DoH [1], that's what we

Re: [SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

On Wed, 5 Jan 2022 18:20:23 +0100 wrote: > On Wed, Jan 05, 2022 at 08:43:23AM -0500, Celejar wrote: > > On Wed, 5 Jan 2022 06:10:48 +0100 > > wrote: > > > > > On Tue, Jan 04, 2022 at 04:05:11PM -0500, Celejar wrote: > > > > > > [...] > > > > > > > One way "to combine DoH with resolving 14,000

Re: [SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

On Wed, Jan 05, 2022 at 08:43:23AM -0500, Celejar wrote: > On Wed, 5 Jan 2022 06:10:48 +0100 > wrote: > > > On Tue, Jan 04, 2022 at 04:05:11PM -0500, Celejar wrote: > > > > [...] > > > > > One way "to combine DoH with resolving 14,000 addresses to 127.0.0.1" > > > is by using Pi-hole. Some peop

Re: [SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

On Wed, 5 Jan 2022 06:10:48 +0100 wrote: > On Tue, Jan 04, 2022 at 04:05:11PM -0500, Celejar wrote: > > [...] > > > One way "to combine DoH with resolving 14,000 addresses to 127.0.0.1" > > is by using Pi-hole. Some people have *millions* of domains blacklisted > > in Pi-hole: > > Pi-hole won'

Re: [SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

to...@tuxteam.de wrote: > On Tue, Jan 04, 2022 at 04:09:42PM -0500, Dan Ritter wrote: > > [...] > > > Here's what I do: > > > > My local DNS resolver offers DNS, DNS over TLS, and DNS over > > HTTPS. > > > > I supply a use-application-dns.net zone that returns NXDOMAIN. > > That tells browsers

Re: [SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

On Tue, Jan 04, 2022 at 04:09:42PM -0500, Dan Ritter wrote: [...] > Here's what I do: > > My local DNS resolver offers DNS, DNS over TLS, and DNS over > HTTPS. > > I supply a use-application-dns.net zone that returns NXDOMAIN. > That tells browsers to not use DoH. Oh, is it possible to tell th

Re: [SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

On Tue, Jan 04, 2022 at 04:05:11PM -0500, Celejar wrote: [...] > One way "to combine DoH with resolving 14,000 addresses to 127.0.0.1" > is by using Pi-hole. Some people have *millions* of domains blacklisted > in Pi-hole: Pi-hole won't help unles it also does HTTPS proxying (that means it would

Re: [SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

David Wright wrote: > On Tue 04 Jan 2022 at 19:37:34 (+0100), to...@tuxteam.de wrote: > > On Tue, Jan 04, 2022 at 01:19:37PM -0500, Michael Stone wrote: > > > > [...] > > > > > And this is why putting stuff into /etc/hosts is basically never the right > > > answer. :) > > > > Eye, beholder and

Re: [SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

On Tue, 4 Jan 2022 20:58:27 +0100 wrote: > On Tue, Jan 04, 2022 at 01:33:18PM -0600, David Wright wrote: > > On Tue 04 Jan 2022 at 19:37:34 (+0100), to...@tuxteam.de wrote: > > > On Tue, Jan 04, 2022 at 01:19:37PM -0500, Michael Stone wrote: > > > > > > [...] > > > > > > > And this is why putti

Re: [SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

On Tue, Jan 04, 2022 at 10:34:48AM -0800, James H. H. Lampert wrote: On 1/4/22 10:19 AM, Michael Stone wrote: And this is why putting stuff into /etc/hosts is basically never the right answer. :) Au contraire! Among other things, the host table is the best possible place to block access to c

Re: [SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

On Tue, Jan 04, 2022 at 01:33:18PM -0600, David Wright wrote: > On Tue 04 Jan 2022 at 19:37:34 (+0100), to...@tuxteam.de wrote: > > On Tue, Jan 04, 2022 at 01:19:37PM -0500, Michael Stone wrote: > > > > [...] > > > > > And this is why putting stuff into /etc/hosts is basically never the right > >

Re: [SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

On 1/4/22 11:33 AM, David Wright wrote: In fact, I was quite shocked when I just tried DNS over HTTPS for a couple of minutes. The 10-day weather profile that I screenshoot every day was plastered in popups. Anyone know how to combine DoH with resolving 14,000 addresses to 127.0.0.1? Also, does

Re: [SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

On Tue 04 Jan 2022 at 19:37:34 (+0100), to...@tuxteam.de wrote: > On Tue, Jan 04, 2022 at 01:19:37PM -0500, Michael Stone wrote: > > [...] > > > And this is why putting stuff into /etc/hosts is basically never the right > > answer. :) > > Eye, beholder and things. I've got a couple of them like

Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

Jan 4, 2022, 18:19 by mst...@debian.org: > And this is why putting stuff into /etc/hosts is basically never the right > answer. :) > I think it's fine as long as one is aware of what one is doing. I should have caught it sooner but due to other circumstances I was under a false impression that

Re: [SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

On Tue, Jan 04, 2022 at 10:34:48AM -0800, James H. H. Lampert wrote: > On 1/4/22 10:19 AM, Michael Stone wrote: > > And this is why putting stuff into /etc/hosts is basically never the > > right answer. :) > > Au contraire! > > Among other things, the host table is the best possible place to bloc

Re: [SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

On Tue, Jan 04, 2022 at 01:19:37PM -0500, Michael Stone wrote: [...] > And this is why putting stuff into /etc/hosts is basically never the right > answer. :) Eye, beholder and things. I've got a couple of them like so: # Pest: 127.0.0.1 www.google-analytics.com 127.0.0.1 ajax.google.com

Re: [SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

On 1/4/22 10:19 AM, Michael Stone wrote: And this is why putting stuff into /etc/hosts is basically never the right answer. :) Au contraire! Among other things, the host table is the best possible place to block access to certain unwanted domains. For example, if you add these entries: > 0.

Re: [SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

On Tue, Jan 04, 2022 at 01:09:06AM +0100, local10 wrote: Jan 3, 2022, 23:08 by d...@randomstring.org: Alright. Put this into your /etc/hosts temporarily: [...] OK, I understand now what the problem was. Quite a while ago I added a line into the /etc/hosts to fix a temp DNS issue and completel

Re: GUIs (was: Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com)

On Tue, Jan 04, 2022 at 08:50:23AM -0500, rhkra...@gmail.com wrote: > On Tuesday, January 04, 2022 12:58:45 AM to...@tuxteam.de wrote: > > [1] Don't you hate GUIs? Describing how to do a simple thing ends up in > >reams of difficult-to-understand text. > > +1 sometimes, but sometimes they offe

GUIs (was: Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com)

On Tuesday, January 04, 2022 12:58:45 AM to...@tuxteam.de wrote: > [1] Don't you hate GUIs? Describing how to do a simple thing ends up in >reams of difficult-to-understand text. +1 sometimes, but sometimes they offer a much easier way to do things with less learning required -- there is a tr

Re: [SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

On Tue, Jan 04, 2022 at 12:50:39PM +0100, local10 wrote: > Jan 4, 2022, 05:58 by to...@tuxteam.de: > > > Seems to work for me (currently). Are you still getting the error? > > > > > Not anymore, it has been solved:  > https://lists.debian.org/debian-user/2022/01/msg00096.html > > Thanks to eve

[SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

Jan 4, 2022, 05:58 by to...@tuxteam.de: > Seems to work for me (currently). Are you still getting the error? > Not anymore, it has been solved:  https://lists.debian.org/debian-user/2022/01/msg00096.html Thanks to everyone who responded.

Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

On Mon, Jan 03, 2022 at 11:01:34PM +0100, local10 wrote: > Hi, > > Am I the only one who's getting this error? When I go to the USPS.com[1] to > track a package I get this "Warning: Potential Security Risk Ahead" error ( > Error code: SSL_ERROR_BAD_CERT_DOMAIN ). It's been like this for a couple

[SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

Jan 3, 2022, 23:53 by loca...@tutanota.com: > Jan 3, 2022, 23:08 by d...@randomstring.org: > >> Alright. Put this into your /etc/hosts temporarily: >> >> 152.195.33.23 www.usps.com tools.usps.com www.usps.gov >> >> That's unlikely to be an optimal IP from their CDN, but it is >> currently working

Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

Jan 3, 2022, 23:08 by d...@randomstring.org: > Alright. Put this into your /etc/hosts temporarily: > > 152.195.33.23 www.usps.com tools.usps.com www.usps.gov > > That's unlikely to be an optimal IP from their CDN, but it is > currently working. > That fixed it, I got the USPS tracking page to lo

Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

# host usps.com usps.com has address 56.0.134.100 usps.com mail is handled by 10 usps-com.mail.protection.outlook.com. # host tools.usps.com tools.usps.com is an alias for cs1799.wpc.upsiloncdn.net. cs1799.wpc.upsiloncdn.net has address 152.195.33.23 cs1799.wpc.upsiloncdn.net has IPv6 address 2

Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

On 4/1/22 7:37 am, Jeremy Ardley wrote: On 4/1/22 7:27 am, local10 wrote: I have no problems accessing the www.usps.com , it's when I go to tools.usps.com that's when I have the issue: # host usps.com usps.com has address 56.0.134.100 usps.com mail is handled by 10 us

Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

Jan 3, 2022, 23:37 by jer...@ardley.org: > If you are running IPV6 > Not running IPV6. Regards,

Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

On 4/1/22 7:27 am, local10 wrote: I have no problems accessing the www.usps.com , it's when I go to tools.usps.com that's when I have the issue: # host usps.com usps.com has address 56.0.134.100 usps.com mail is handled by 10 usps-com.mail.protection.outlook.com. # host

Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

Jan 3, 2022, 22:42 by jer...@ardley.org: > I too have no problems. > > My best guess is the OP DNS has been compromised. A simple check such as > using the host command should produce > > host usps.com > usps.com has address 56.0.134.100 > usps.com mail is handled by 10 usps-com.mail.protection.o

Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

local10 wrote: > Jan 3, 2022, 22:29 by d...@randomstring.org: > > > Costco is definitely not the US Postal Service. > > > > No argument here. > > > > flush caches. Restart Firefox. Check your net connection. > > > > I've done this a number of times. The connection is direct, no proxy. Alrigh

Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

Jan 3, 2022, 22:29 by d...@randomstring.org: > Costco is definitely not the US Postal Service. > No argument here. > flush caches. Restart Firefox. Check your net connection. > I've done this a number of times. The connection is direct, no proxy. Regards,

Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

Jan 3, 2022, 22:30 by m...@allums.com: > Did you click on a phishing link? > > Mark Allums > No, I have some USPS.com tracking links bookmarked and they were working fine until about two weeks ago. Could it be perhaps related to the Firefox upgrade from 78esr to 91esr? Regards,

Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

local10 wrote: > Jan 3, 2022, 22:11 by robe...@debian.org: > > > The site works fine for me. > > > > In FF, click on 'SSL_ERROR_BAD_CERT_DOMAIN', which should take you to > > the full error output. Then click 'Copy text to clipboard' and paste > > the full text into an email. Someone on the lis

Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

On 4/1/22 6:36 am, Charles Curley wrote: On Mon, 3 Jan 2022 23:01:34 +0100 (CET) local10 wrote: Am I the only one who's getting this error? I am not. Vivaldi (vivaldi-stable, 5.0.2497.32-1, amd64) on bullseye. The cert looks like: Common Name (CN)*.usps.com Organization (O)U

Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

Jan 3, 2022, 22:16 by loca...@tutanota.com: > Jan 3, 2022, 22:11 by robe...@debian.org: > >> The site works fine for me. >> >> In FF, click on 'SSL_ERROR_BAD_CERT_DOMAIN', which should take you to >> the full error output. Then click 'Copy text to clipboard' and paste >> the full text into an ema

Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

On Mon, 3 Jan 2022 23:01:34 +0100 (CET) local10 wrote: > Am I the only one who's getting this error? I am not. Vivaldi (vivaldi-stable, 5.0.2497.32-1, amd64) on bullseye. The cert looks like: Common Name (CN)*.usps.com Organization (O)United States Postal Service Organizational

Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

Did you click on a phishing link? Mark Allums On 1/3/22 16:16, local10 wrote: Jan 3, 2022, 22:11 by robe...@debian.org: The site works fine for me. In FF, click on 'SSL_ERROR_BAD_CERT_DOMAIN', which should take you to the full error output. Then click 'Copy text to clipboard' and paste th

Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

Jan 3, 2022, 22:11 by robe...@debian.org: > The site works fine for me. > > In FF, click on 'SSL_ERROR_BAD_CERT_DOMAIN', which should take you to > the full error output. Then click 'Copy text to clipboard' and paste > the full text into an email. Someone on the list ought to be able to > help d

Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

On Mon, Jan 03, 2022 at 11:01:34PM +0100, local10 wrote: > Hi, > > Am I the only one who's getting this error? When I go to the USPS.com[1] to > track a package I get this "Warning: Potential Security Risk Ahead" error ( > Error code: SSL_ERROR_BAD_CERT_DOMAIN ). It's been like this for a couple

Firefox: Warning: Potential Security Risk Ahead for the USPS.com

Hi, Am I the only one who's getting this error? When I go to the USPS.com[1] to track a package I get this "Warning: Potential Security Risk Ahead" error ( Error code: SSL_ERROR_BAD_CERT_DOMAIN ). It's been like this for a couple of weeks for me so it looks really strange that the USPS has fixe