- BlackBerry Storm vs. the iPhone
- 2008 IT industry graveyard
- Top 10 worst uses for Windows
- Economic crisis means double duty for IT pros
- BlackBerry Storm, RIM's first touchscreen device, rolls in
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Sometimes life gets too interesting. That’s when you blow a day tracking down some weird, esoteric issue, which was exactly what happened to us a couple of weeks ago after a story was posted in Gibbsblog.
The post concerned the surprising appearance of a warning by Firefox that a certificate had been presented by a Web site and the certificate’s issuer (otherwise called the certificate authority) was unknown. This meant the certificate couldn’t be verified, which meant that the site couldn’t be trusted, hence the warning.
This was odd because the certificate in question was for the Navy’s Warfighter Response Center and the issuer was the U.S. Department of Defense. The problem was that the page actually requested was a Google search result rather than the Navy site. As the search term entered into Google had been “binary explosives” it seemed plausible that some kind of monitoring was going on.
<aside>The reason we were looking for “binary explosives” was to find a story written just after the recent security brouhaha over passengers carrying liquids onto aircraft. The story in question was from The Register and is a “must read.”</aside>
Unfortunately, as interesting as being monitored might have been, the idea of some kind of conspiracy between Google and the Defense Department to watch what people search for was unlikely for two reasons.
First, would the spies show their hand by allowing an authentication certificate to load? Hardly. Second, could such a conspiracy remain hidden? Of course not.
Anyway, another question remained: How was it that a Web page for the Navy was being loaded when a page of Google results was being returned? The answer? Precaching.
Precaching (also called prefetching) is a technique used by the Firefox browser to speed up the loading of Web sites. If the feature is enabled, when a Web page is loaded the URLs in the page are collected. The browser then launches multiple threads and the contents of each of those URLs are loaded into a cache before you might ask for them.
What was happening in this case was one of the entries returned by the search was this, and because it is a Secure-HTTP connection the site presented its certificate when the precaching subsystem tried to access the page. As the Defense Department isn’t included in Firefox’s list of certificate authorities by default, and because we were configured to see the warnings, that’s what happened. Except the precaching wasn’t done as we thought by Firefox.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (2)
Look for black helicopters. By Anonymous on January 2, 2007, 3:07 pmLook for black helicopters.
Reply | Read entire comment
This Week in Gearhead: The Perils of PrecachingBy Mark Gibbs on December 18, 2006, 2:06 pmThis week in Gearhead we discovered that unexpected things were happening when we searched for "binary explosives." We suspected that we were being monitored ---...
Reply | Read entire comment
View all comments