On 05/24/2014 04:47 AM, Lee wrote: > Well I think I found something! > > Could not verify this Certificate because the issuer is unknown > > Issued to > Common Name (CN Name of bank > Organization (O) DO-NOT-TRUST > Organizational unit (OU) Created by http://www.fiddler2.com > Serial Number D5:45:43:f3:bbe2:56:A7:40:D2:83:OF:2A:99:4D:19 > > Issued By > > Common Name (CN) DO_NOT_TRUST_FiddlerRoot > Organization (0) DO_NOT_TRUST > Organizational Unit (OU) Created by http://www.fiddler2.com > > Validity > Issued On 5/13/2014 > Expires on 5/12/2024 > > Fingerprints > SHA1 > 16:E2:6D"E2:99:FD:CO:B8:54:3F:39:7d:80:C1:2D:26:F1:AA:25:57 > MDS Fingerprint A9:41:5e:3a:b4:8E:D8:D6:95:8D:609:5c:82:55:11:07 >
Well... there is nothing nefarious about fiddler2.com itself. Fiddler is a free web debugging proxy for any browser, system or platform. Basically it's a developer's debugger tool. Just so 'Fiddler' fiddler2.com doesn't get a bad rap in the archives: <http://www.telerik.com/fiddler> <http://www.telerik.com/fiddler#KeyFeatures> <http://blogs.telerik.com/fiddler/posts/13-08-19/faq---certificates-in-fiddler> "By default, Fiddler intercepts insecure traffic (HTTP) but it can be configured to decrypt secure (HTTPS) traffic. In order to do so, the proxy executes a man-in-the-middle attack against the secure traffic; to achieve that, Fiddler must generate a root certificate and use that root certificate to generate multiple end-entity certificates, one for each HTTPS site which is being intercepted." You can see that it is used in real life: <http://hitmanpro.wordpress.com/2014/01/05/malware-served-via-yahoo-affected-millions/> "Below a screenshot of Fiddler showing the recorded drive-by infection, proofing that Yahoo was indeed infecting its visitors through a malicious iframe" <http://hitmanpro.files.wordpress.com/2014/01/yahoo-proof1.png> ... And the program itself doesn't contain any malware or virus: <http://fiddler.en.lo4d.com/virus-malware-tests> So you apparently got this installed by something you did, downloaded, or someplace you visited on the web. It is possible that a piece of malware may be trying to use the Fiddler proxy debugger to intercept your traffic. But, if that is the case it didn't work very well as the Fiddler generated certs were detected and blocked by SeaMonkey. (the other Lee was spot on in determining that you had a proxy problem) <http://superuser.com/questions/169303/why-are-my-browsers-suddenly-configured-to-use-a-proxy> You should run anti-malware & anti-virus checks to see if you can determine and eradicate whatever changed you to Fiddler proxy settings. _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
