Error message
I have already sent you the exact information that depicts what is happening! What I got back from you is question after question trying to figure out what the problem is! Pages of absolute junk that have nothing to do with my problem! What does it take to get through to you people?! You sent me a reply that asks me a question: "Does it work if you allow to go to the HTTP version of the website as in some cases a redirect only works via HTTP and you will eventually end up on a secure HTTPS site?"...but your email is unable to be replied to and you offer no way to tell you my answer! If I am reading your question right, the answer is "YES".
I was able to figure out how to get your system to upload the error image and it is here within. The snip says it pertains to a website called "Western Journal", but I have gotten the error message on other sites as well. I repeat, from my original missive, although it claims to only be able to go to a non-HTTPS site, when I choose to go to that site, it shows in the address box, "HTTPS". Have I been hacked? In 25 years of using a computer, I have never seen this error message that seems to contradict itself. Please help and let me reply to you emails. Wayne Ollick, [edited email from public] @outlook.com
Ezalaki modifié
All Replies (5)
No, you haven't been hacked. Something's wrong with their redirect system.
PS. You can answer here, on https://support.mozilla.org/questions/1386326 .
Thank you very much for your quick and direct reply! Quick question...when you say, " Something's wrong with their redirect system."...who exactly is "They"? Would it refer to my email provider (Outlook)? Since it happens to more than one website, it cannot be the websites fault. If you are saying that it is Outlook's fault, can you tell me how to contact their support help?
Many thanks, again!
Wayne O.
Hi Wayne, it's hard to read the URL in your screenshot, but it looks like it might have been a link in a bulk email (starts with click). Those links often runs through a click tracking script. Once you open that URL, the tracking server takes note for the sender's records and then redirects Firefox to the real page. Based on your report, the server hosting the real page supports secure connections, but the server hosting the tracking script does not.
I don't know why HTTPS wouldn't be available for the tracking server, since I'm sure they want that to be as invisible as possible. ?!
Anyway, I assume this link did not relate to something personal/sensitive that you need to keep from your service provider. If the link WAS for something sensitive, then it would be better to NOT use an insecure link and instead go directly to the site and find what you need there.
Thanks, jscher2000, I am confused, though, as to just who you are. Do you work for Mozilla or just a volunteer for them? It is so strange to me (I am 81) that, in today's world, you can't easily speak to a rep from a company like Firefox and get an immediate straight answer. Just one thing, if I choose to ignore the supposed warning and go to the HTTP site (which is actually an HTTPS site), am I in any danger from an outside source? I wish I could fix it but that does not appear to be possible, if I read you right.
Thanks again.
Wayne
Overviewer said
Thanks, jscher2000, I am confused, though, as to just who you are. Do you work for Mozilla or just a volunteer for them?
Volunteer. There's not enough budget to staff this forum solely with employees.
Just one thing, if I choose to ignore the supposed warning and go to the HTTP site (which is actually an HTTPS site), am I in any danger from an outside source?
The main difference is what your service provider and any other intermediaries can see on an HTTP connection instead of an HTTPS connection:
HTTP (not encrypted): intermediaries can see the full page address, the full request content (what you sent, such as a search query or form submission), and the full response content (what you receive back)
HTTPS (encrypted): intermediaries can see the site name (for example, www.mozilla.org) but not the full page address, can't read the request content, can't read the response content.
So that's why I say your level of concern should depend on whether you need your interaction with the site to be private.
There is one other thing: if you get the error page that Firefox can't verify the server, then it could be an impostor, but that error screen looks very different from the one you got. Secure connection failed and Firefox did not connect