Hotmail "issue"?

[stockhausen]

I haven't used Hotmail for ages but I just tried logging in and got the following message:

An error occurred during a connection to mail.live.com. Invalid OCSP signing certificate in OCSP response. Error code: SEC_ERROR_OCSP_INVALID_SIGNING_CERT

• The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

Any idea why I would suddenly get an Online Certificate Status Protocol error? Is this recent, has something changed?

I have avoided Hotmail pretty much ever since they were hacked nearly 20 years ago; presumably they have subsequently gone overboard with security?

 

[nightmare99]

Using Firefox I presume, try another browser and it should work.

 

[stockhausen]

Firefox = YES
Why would that be an issue?
Microsoft "pimping" MSIE?

 

[pastymuncher]

I started getting this today as well, strangely enough also using Firefox. Try a few times and it eventually loads. Firefox is really cheesing me off lately and with all the constant changes is having problems with several websites. Sky Go still hasn't been updated to work with it since they removed Silverlight support either.

 

[V F]

It is now sorted. It was all over twitter.

 

[stockhausen]

It is now sorted. It was all over twitter.

What was the problem and what was the solution?

Incidentally, I have just tried again - it is not sorted - but I can access Hotmail using MSIE

 

[V F]

No idea but it was happening to me then I reloaded the Outlook sign in page in Firefox and up came the sign in page and could login. Before that I had to use Chrome since it kept spitting up that message.

https://answers.microsoft.com/en-us...ok-using/9f8dd00f-e4d8-4984-ac17-ecf85cacbac6

No, I didn't apply what the person had done.

 

[Rroff]

Still not sorted a bit of a pain really - its because Firefox is more strict about certain security aspects than other browsers in relation to this date issue and locks down unless you tweak the OCSP settings as per V_F's link - which isn't really an ideal fix :|

 

[V F]

Yeah, disabling things I do not think is wise as people will forget to enable them again.

It's not a Firefox problem. Lots of chatter in here with people who have no true clue as to the problem. And those of you using Opera and thinking you are still secure, you may not be. In fact, using any browser that gets around this means lower security. Firefox is the secure one on this.



When you try to load the site in another web browser, say Google Chrome or Internet Explorer, it loads fine and without any issues. That doesn't mean Firefox has a problem. The issue is an Invalid OCSP signing certificate owned by Microsoft.

If you check the OCSP range of the certificate, you will notice that it expired on May 28, 2017. While Firefox is strict when it comes to the information, Chrome and IE are not. Google's Chrome browser allows the connection, but considers the connection as insecure instead, while Firefox blocks it outright.

While turning off OCSP Stapling in the Firefox web browser will allow Firefox to connect, it is possible that disabling OCSP Stapling may affect the functionality of other websites that you visit, if they make use of the security feature.



So the reason some other browsers are not getting the error is they are loose with the security standard and allow you to connect to a site with an invalid out-of-date certificate -- that means less secure, not better or more secure. Firefox is strict to the date of the certificate expiring, and blocks the connection.

Some browsers are letting you in by lowering their security automatically. If you check the OCSP range of the certificate, you will notice that it expired on May 28, 2017. While Firefox is strict when it comes to the information, Chrome and IE are not. Google's Chrome browser allows the connection, but considers the connection as insecureinstead, while Firefox blocks it outright. Exactly how Edge or Opera set themselves, I don't know. But don't think that you are just as secure because you are able to connect to a site that has a certificate out of date. I'd say browsers that allow that are less secure.

 

[Rroff]

Seems like updated certificates or whatever are filtering through - some of their domains now work properly but others are still acting up in FF.

 

[stockhausen]

It beggars belief that following the recent WannaCry fiasco, some people are actually suggesting that getting round security checks is a sensible solution - UNBELIEVABLE!

Anti-Virus software steals CPU cycles and RAM - get rid of it, get rid of it today - you know it makes sense.
Applying patches takes time and might cause problems, revert to Windows '95 - you know it makes sense.
Your long-lost Uncle might have been the Nigerian Minister of Health, post your Bank Account Details on Facebook & Twitter - you know it makes sense.

 

[andshrew]

It beggars belief that following the recent WannaCry fiasco, some people are actually suggesting that getting round security checks is a sensible solution - UNBELIEVABLE!

Anti-Virus software steals CPU cycles and RAM - get rid of it, get rid of it today - you know it makes sense.
Applying patches takes time and might cause problems, revert to Windows '95 - you know it makes sense.
Your long-lost Uncle might have been the Nigerian Minister of Health, post your Bank Account Details on Facebook & Twitter - you know it makes sense.

To be fair, the additional SSL checks that Firefox does didn't protect people anyway as they just used another browser to access the web site while it wasn't working in Firefox (therefore exposing themselves to the malicious server had their SSL certificates actually been compromised).

It obviously needs some work on better handling of false positives, which is probably why the major browsers don't currently implement this the same way.

 

[V F]

Seems like updated certificates or whatever are filtering through - some of their domains now work properly but others are still acting up in FF.

The question is why did they allow it to happen in the first place?

 

[Rroff]

The question is why did they allow it to happen in the first place?

Someone on holiday and no one else knew to do it?

 

[Rroff]

Anti-Virus software steals CPU cycles and RAM - get rid of it, get rid of it today - you know it makes sense.

I never use active anti-virus - I scan downloads and periodically do a full system scan just incase. In 20 years of using Windows never been infected (unless some super sophisticated rootkit - but then that would have probably defeated AV anyhow) except by the 0day ad hijack that happened a few years back (infected via browsing guru3d site) which went through every mainstream browser and wasn't detected by any AV until they updated. Fortunately noticed the HDD going nuts when it should have been mostly idle and pulled the plug before it had got further than writing itself into OS startup.

 

[stockhausen]

It seems that Microsoft have finally got their act together over Hotmail and Firefox - power surge I expect

 

[wolfie138]

had this a couple times over the past weeks, if i use the outlook.live address, or whatever it is, it worked happily, so i'm assuming it's just MS messing about w/ stuff behind the scenes. a few days later, using hotmail.com worked fine again, then just last week it started doing the warning thing again.

 

[KIA]

Anti-Virus software provides a false sense of security

FTFY.

 

[TWiNKLeT0Es]

Sky Go still hasn't been updated to work with it since they removed Silverlight support either.

About time too its so dated and useless i wish more browsers started removing support for flaky dodgy security hole ridden addons pushing company's to improve.

Annoying as it can be with Firefox sometimes i see a good thing happening.

 

[V F]

About time too its so dated and useless i wish more browsers started removing support for flaky dodgy security hole ridden addons pushing company's to improve.

Annoying as it can be with Firefox sometimes i see a good thing happening.

I'm always puzzled in 2017 how people get paid for using and maintaining all this flawed out of date stuff. Supposed to be a world of technology wizards...