3

Sometimes when I visit a website using HTTPS, I get a warning sign next to the URL in my browser (see screenshot; look for yellow/orange arrow) and I wonder if this marks a potential threat or an attack:

enter image description here

The browser gives the reason "This website does not provide information about its owner" (I actually get this in German. The original is "Diese Website stellt keine Informationen über den Besitzer zur Verfügung.". I've marked this message on the screenshot for you. The screenshot also shows details about the certificate that I see there.

This also happens with renowned websites, e.g. it just happened for mail.google.com. Therefor, I'm absolutely sure that there is no problem with the HTTPS-certificates of these websites on the server side. So what's wrong here? Is there a man in the middle attack or did someone tinker with the CA certificates that my browser trusts?

I use MacOS 10.8.5 with Firefox 27.0.1.

Daniel S.
  • 131
  • 3
  • It's a lengthy piece, but the answer is in here: http://security.stackexchange.com/a/20833/10863. Under the section "How to crack SSL," subsection "in detail," paragraph 2, it is explained what causes this warning sign. – Luc Mar 17 '14 at 18:48

1 Answers1

5

Look at the "Technische Details". It says that part of the site were not transferred with encryption, so called "mixed content". And that's the reason for the warnings sign. Maybe you find out where these unencrypted content comes from by looking at the media tab.

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434
  • Addendum: Those "mixed content" warnings are often caused by embedded images which are loaded via normal http. This is likely to happen in your email web interface when you read HTML emails which load images from a 3rd party website. – Philipp Mar 18 '14 at 09:01