[tor-bugs] #5686 [EFF-HTTPS Everywhere]: Many rules fail to initiate rewrite to https & some that do produce insecure sessions

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Fri Apr 27 23:05:42 UTC 2012 

#5686: Many rules fail to initiate rewrite to https & some that do produce
insecure sessions
----------------------------------+-----------------------------------------
 Reporter:  torcoascor            |          Owner:  pde
     Type:  defect                |         Status:  new
 Priority:  normal                |      Milestone:     
Component:  EFF-HTTPS Everywhere  |        Version:     
 Keywords:                        |         Parent:     
   Points:                        |   Actualpoints:     
----------------------------------+-----------------------------------------
 Navigating to symantec.com, www.symantec.com, mcafee.com, ibm.com,
 www.mcaffee.com, npr.org, www.npr.org, nytimes.com, www.nytimes.com among
 many others results in "This website does not supply identity
 information". For some the site icon in a larger area appears that would
 suggest secure occasion occurs briefly. Examples that rewrite to https
 successfully include eff.com, torproject.org, adobe.com, mozilla.com.
 Entering full url https://full_host_name will establish a secure session
 for many of those that otherwise fail to rewrite. For npr.org gets
 rewritten to https://www.npr.org but doesn't connect in https scheme.
 Correct rules show in the HTTPS Everywhere control most of time but for
 some such as oracle.com the only rule identified is 2o7.net Navigating to
 https://www.oracle.net does not result in secure scheme but oracle logo
 appears to left of url. computerworld.com behaves similarly except that
 it's rule and 12 others including 2o7.net appear in the control list.
 lenovo.com and symantec.com both appear at first to have a secure
 connection which then is replaced by insecure but has been rewritten as
 https://www.lenovo.com/us/en/.

 Disabled all addins and navigated to several of the sites where the https
 rewrite appeared to have happened and the results were as follows: IBM -
 secured, Oracle - not secured, NPR - not secured, NYTimes - not secured
 and Lenovo - not secured. Using Chrome without the beta HTTPS Everywhere,
 IBM - secured; Lenovo, NPR, NYTimes, Symantec - connection secure but
 other resources partially secured; McAfee - not secured.

 Symptoms sound like virus/trojan but have run latest version of Microsoft
 msert.exe which found no infections. Norton as shown below is always on
 with real time protection and full scans daily.

 Any ideas about what is going on welcome.

 Environment: Windows 7 Ultimate SP1 w Norton Internet Security 19.7.0.9 on
 workstation behind SPI router/firewall; Firefox 12.0 w all Addons disabled
 except: HTTPS Everywhere 2.0.2, Norton Toolbar 2012.5.3.7, Norton
 Vulnerability Protection 10.1.0.68 - 3, Secure Login 0.9.9, Following
 plugins current: Flash, Java, MS Office, Nitro PDF 7.3, Acrobat 10.1.2.45
 not current: GoogleUpdate disabled, Silverlight.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5686>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list