CenturyLink's hamfisted security ignoring domain aliases in SSL cert Alternate Names
Gather around all for the tragic story of quadruplespace.com and its shorter alias, quadspace.tv!
A client informed me that CenturyLink is giving him a warning that my site "appears to be risky":
-04-26 at 12.08.51 PM.png">71921
When you click "Continue anyway" and if you're using Safari on a Mac, then you get this second even more idiotic warning from Safari, freaking out our potential customers by suggesting we may be trying to "steal your personal or financial information":
-04-25 at 12.40.18 PM.png">71929
Apparently the content of CenturyLink's warning is loaded from mcafee.com, and thus Safari is confused because the SSL cert for *.dock.shp.mcafee.com "does not match input" which is our quadspace.tv. Well duh! Of course that's not going to match! Way to go McAfee!
-04-26 at 1.38.39 PM.png">71933
CenturyLink has no problem with quadruplespace.com, only the alias quadspace.tv.
So my guess is that they are ignoring the Alternate Names section of my cPanel SSL cert which has the single Common Name of
-
Hey there! Thanks for posting this - that's definitely no fun. It would be worth reaching out to them directly to see if they can adjust that, because as you said, it is likely affecting more than just your one user. 0 -
Haha it is almost never worth reaching out to a major telecom. :-) Nevertheless, I did have a chat with them. They said they were not able to replicate the issue and to have my client contact them. He did, and here are the last three lines of the transcript to demonstrate how that went: Gail F (4/27/2021, 11:13:31 AM): your line with us is safe you have mcAfee security but the website you created not sure how to handle that, did you check it with your business associate who made that? [My Client] (4/27/2021, 11:14:02 AM): It's legit, so why am I getting this message? Gail F (4/27/2021, 11:15:26 AM): that's also i'm wondering because what we handle is your line status, so far no issue but automatically your security will do it's job if there is any problem. Not only did Gail have terrible grammar, but more importantly had zero comprehension of what her own company's anti-phishing tech is doing. So, I am forced to delete the quadspace.tv alias and recreate as its own separate account? And it would seem that every cPanel user needs to know about this? You know how end users are. They see a warning like that and they simply don't visit the site and they do not report it. And surely this isn't affecting just my site, but any cPanel user with one or more aliases and end users who are CenturyLink customers, which is a lot! 0 -
Well, I guess I'm more interested in "where" the CenturyLink stuff is being implemented. It's definitely not server-side, so if it's something in the user's browser, there isn't much we can do about that except posts like this to raise awareness. 0 -
Since the content of CenturyLink's warning is loaded from mcafee.com, that seems like it's being injected via their router or network. That I am the only who's reported this so far doesn't mean it's not a widespread problem that simply isn't being reported by end users. In my opinion this is huge enough that, unless someone high up the chain of command within CenturyLink can be contacted directly to change their hamfisted anti-phishing tech, aliases are effectively now obsolete! There should be a thorough investigation and if what I'm saying is confirmed, an announcement about it to all cPanel users. Meanwhile, any other solution for me other than deleting the alias and recreating as its own separate account? 0 -
Oof, so it's in the modem itself? That's interesting. I don't have any other workarounds on my end except doing what you've mentioned already. 0 -
Update! CenturyLink's documentation was misleading. It's not in the modem itself. It is merely McAfee software that is bundled with CenturyLink accounts. And I found what I hope will be the solution here: sites@mcafee.com about that. Will update here again if they reply! 0 -
Nice! 0
Please sign in to leave a comment.
Comments
8 comments