search

SafeExamBrowser / seb-win

Safe Exam Browser 2.x for Windows. IMPORTANT: This is the legacy version which isn't actively developed anymore.
https://safeexambrowser.org/windows/win_usermanual_en.html
69 stars 52 forks source link

Alert: moodle.zhaw.ch uses an invalid security certificate #62

Closed zhaw-degiosim closed 5 years ago

zhaw-degiosim commented 5 years ago

Alert after typing in password

When i try to connect to the test website after typing in the password, an alert is showing up (see screenshot). Problems with certificate. Other students have no problem connecting to this test/website.

screenshot: https://www.dropbox.com/s/lkxr454b40v8edr/20181206_123918.jpg?dl=0

Environment & Version

[ ] Mac [x] Windows

OS-Version: Windows 10 Pro Version 1803 (Build 17134.441) \ SEB-Version: 2.2.2

Steps to Reproduce

  1. open seb file from lecturer
  2. type in password
  3. SEB tries to load, shows error (screenshot)
danschlet commented 5 years ago

Probably you have Bitdefender installed? My advise: Get rid of this piece of sh...t software, it is snake oil, doesn't help against real security threads and IT CAN READ ALL YOUR INTERNET TRAFFIC, it qualifies itself as malware!

You can also switch off the feature to analyze https secured Internet traffic.

See https://sourceforge.net/p/seb/bugs/88/

Bitdefender performs a man-in-the-middle attack, it installs its own root certificate to be able to analyze https secured internet connections. Other browsers are manipulated by that, but SEB as a secure browser refuses to connect to the server as the connection is tampered. My advise: Uninstall Bitdefender immediately and demand a refund. BITDEFENDER CAN READ ALL YOUR SECRET internet traffic. There is a lot of so called security software which is in fact dangerous. These companies will tell you that you can trust their software and that they just want to protect you from malware. But common sense when surfing the internet and before opening files that are downloaded from sketchy websites is the better security than tools which hack all secure connections (even with your bank for example). I would never trust such tools... You can also disable Bitdefender before an exam or maybe the software has an option to disable scanning secure connections or at least for specific websites. If you do an internet search you'll find more information. https://superuser.com/questions/1267707/how-to-remove-bitdefender-root-certificate-from-firefox-thunderbird-chrome/1277842#1277842 https://www.reddit.com/r/AskNetsec/comments/2wt5fz/bitdefender_total_security_hijacking_browsers_ssl/

zhaw-degiosim commented 5 years ago

Thank you Sir, you resolved my issue! Problem was exactly like you described, uninstalled the software.

Thanks.