Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Sergey2011-09-07 00:30:58
gmail
Sergey, 2011-09-07 00:30:58

Google Chrome → HTTPS → Gmail - SSL problems?

Hello!

I decided to turn to the habra community for advice.

I'm using the latest version of Google Chrome v13.0.782.220 and noticed a questionable feature when working with Gmail. Immediately after authorization, the browser establishes a secure connection chrome_14679_greenhttps_en.png, but as soon as I open a letter from [email protected] (aka PrivatBank), the icon immediately turns gray − chrome_14679_yellowhttps_en.png.

Connecting to a website securely chrome_14679_greenhttps_en.png

1f912ee5.png

Google Chrome detected vulnerable content chrome_14679_yellowhttps_en.png

3aec07f8.png

Help from Google : www.google.com/support/chrome/bin/answer.py?answer...

Do you think this is due to the content of the email? The letter contains standard information and two images. I tend to believe that this is a jamb on the part of Privatbank.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
B
burdakovd, 2011-09-08
@zapara

In this case, it's because of the pictures.
The email links to images via http, not https.
An attacker sitting on the wire and intercepting your traffic can peep and change these pictures, and the browser will not notice this. This will change the appearance of the page without permission. Actually, this is the browser for you and wrote in its warning.
If the js was transmitted unencrypted, then it would be even worse (some sites do this!), An attacker could modify the js for insidious manipulation, but then the icon would be crossed out in red.
Solution: do not display pictures.
Or display images, ignore the gray color, but then you risk the following scenario: if suddenly gmail (by mistake) starts transmitting CSS over bare http (you won't notice this, because the icon was already gray because of the images), an attacker will be able to take advantage of this, change the appearance of the control and information elements of the interface and force you to perform certain actions with the mail.

Report
S
Sergey, 2011-09-07
@zapara

Clicking on "This sender's pictures will always be displayed. Do not display from now on ." solves the problem of changing the icon status: imageimage

Report
S
Sergey, 2011-09-07
@bondbig

Yes, this situation occurs because the page has mixed content, https+http. Most often these are pictures/frames in emails.

Similar questions
M
Michael2015-10-28 15:09:29
Not receiving emails from gmail.com? 2Reply
B
BearOff2011-11-11 13:53:31
New Gmail interface - the "leave feedback" block does not disappear 7Reply
F
FFNull Dev2011-11-19 11:46:58
Help with Gmail 2Reply
E
easyman2015-11-11 13:35:56
Why does someone add my mail as recovery mail to GMail? 2Reply
C
casualfatboy2012-02-26 10:28:24
pop3 - quick web check 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question