Getting Ebay Payment Security Warnings

Discussion in 'Mac Basics and Help' started by Bazzy, Apr 25, 2015.

  1. Bazzy macrumors regular

    Joined:
    Jun 8, 2009
    #1
    Hi All,

    I tried to pay for an item on ebay UK via their normal checkout process - the various "Pay Now" & "Proceed To Checkout" links that automatically redirects to Paypal UK. I have never had a problem before with this.

    I normally run the Safari Browser & when attempting to now pay, I get a security warning saying the site could not be trusted. I then went to Firefox & tried there in case there was an issue with my Safari Browser and/or settings but got a similar warning that it was not advisable to proceed.

    I spoke to an ebay rep who asked me to download Google Chrome & try to pay on that. Having done so, I am still getting the warning on Chrome too so I have concluded that it cannot be anything with my computer and/or the 3 browsers.

    I ran an Avast anti virus scan & all seemed OK although there were some files it was unable to scan.

    Does anyone know why this might be happening & how to resolve it? I have attached images of the types of warnings recieved from all 3 browsers in the hope that they might provide some insight. I have no idea why I am getting these warnings all of a sudden.

    Many Thanks,
    Bazzy!

    Screen Shot 2015-04-15 at 15.57.00.png

    Screen Shot 2015-04-15 at 21.21.38.png

    Screen Shot 2015-04-15 at 21.33.45.png
     
  2. aquajet, Apr 25, 2015
    Last edited: Apr 25, 2015

    aquajet macrumors 68020

    Joined:
    Feb 12, 2005
    Location:
    VA
    #2
    This is occurring because you have Avast installed. Some anti-virus software, Avast included, have the capability to intercept data that is sent to and from an SSL/TLS connection, such as any HTTPS enabled website. This is done because normally the communication between such sites and your computer is encrypted and cannot be scanned; Avast accomplishes this by intercepting the initial SSL/TLS handshake on behalf of your web browser, decrypting the information and scanning it, then re-encrypted and handing of the connection to your browser. Avast will reissue all SSL/TLS certificates from any website using its own certificate authority (CA) that is installed on your computer when Avast was installed (the Avast untrusted CA as shown in your screenshots). This whole scheme is also called "man in the middle-ing" your browser communications.

    Precisely what you are seeing is a warning that the site certificate for checkout.payments.ebay.co.uk (specifically the certificate that is issued and signed by Avast and which encrypts your browser's connection to the Avast software) is signed by the unknown Avast CA. I suspect to fix this problem, you probably will need to go into your keychain access and look for the Avast CA in your System Roots certificate store, then set it to always trust. But a better idea would be to disable this feature in Avast entirely as frankly it compromises your HTTPS connections.

    Here's more information about the feature from Avast themselves:

    https://www.avast.com/no-no/faq.php?article=AVKB190
     
  3. Bazzy thread starter macrumors regular

    Joined:
    Jun 8, 2009
    #3

    Hi,

    So very grateful for your kind help in identifying the problem! It is strange that Avast is causing the issue as it never has done before for the many months I have had it so I am a little confused why now all of a sudden it has decided to do so?!

    I tried to follow your advice but the guides in the link you provided gave instructions for the Windows version which have different options than the Mac version so I cannot apply the guides.

    I called Avast on their Free phone help line but the guy was just interested in selling me a mac overhaul & maintenance package. He directed to to a guide for the mac but again, it is based on an older version of Avast which has different panes & options. I must also admit, I am a novice at these things so do not want to mess anything up & sometimes find the technical aspects a little challenging.

    I cannot find how to disable the https(?) connections feature you mentioned from the various options from the web shield pane as it is not there but there are some others - I have posted an image to show them - can/should I adjust any of these instead to solve the problem?

    Many Thanks
    Bazzy!

    Screen Shot 2015-04-26 at 18.33.26.png
     
  4. Bazzy thread starter macrumors regular

    Joined:
    Jun 8, 2009
    #4
    Hi Again,

    Unable to make progress with Avast by myself, I went ahead & uninstalled it via the Avast Uninstaller as required - just got fed up/frustrated.

    Believing the root cause was now eliminated, I did a restart, opened up Safari & logged into ebay UK. I assumed that as Avast was no longer in my system & could not generate false certificates, that I would be able to proceed & pay as normal.

    Unfortunately, I am still getting a security warning. I clicked on the "Show Certificate" option & there was a large amount of info on there & no mention of Avast. I do not know what it all means but I took three screen shots that cover all the information & have posted them in order to show the entire contents of the entire certificate.

    I do not know what is now still causing the issue as it is not Avast anymore. I have no other anti virus/malware apps running & my time & date is correct set to the UK.

    What is causing this?

    Many Thanks
    Bazzy!


    Screen Shot 2015-04-27 at 01.45.14.png
    Screen Shot 2015-04-27 at 01.45.58.png
    Screen Shot 2015-04-27 at 01.46.47.png
     

    Attached Files:

  5. aquajet macrumors 68020

    Joined:
    Feb 12, 2005
    Location:
    VA
    #5
    Hi Bazzy,

    Well the good news is that it doesn't immediately appear that you're being man-in-the-middle-ed anymore. :)

    A couple of questions however:

    1. Which version of OS X are you using?
    2. Which version of Safari are you using?
    3. Do you see security warnings from other HTTPS sites (i.e. google.com)?
    4. Have you tried a different browser (i.e. Firefox or Chrome)?
     
  6. Bazzy, Apr 27, 2015
    Last edited: Apr 27, 2015

    Bazzy thread starter macrumors regular

    Joined:
    Jun 8, 2009
    #6

    Hi,

    1. Mavericks 10.9.5
    2. Safari Version 7.1.5 (9537.85.14.17)
    3. Not Generally, No.

    4. Before I uninstalled Avast, it was happening on the 3 browsers I tried - Safari which is normally used, Firefox & Chrome.

    After I deleted Avast, The issue was still present on Safari but I tried Firefox today & it did not produce a Security Warning this time & allowed me to make payment as per normal.

    I made another purchase on ebay just now & Chrome now also allows things to proceed as normal without any Security Warnings being generated. However, with Safari, I am still getting it for some reason.

    On another note, the reason I have not upgraded to Yosemite is that I am not sure if it is still working properly - I see that there seems still to be numerous issues affecting people far brighter than me which puts me off. Having said that - it seems like I might not have a choice as apparently I have read that Mavericks & previous OS X versions are subject to a malware threat that has only been fixed (somewhat) in Yosemite - I read that even though Apple say it is fixed, independent experts are saying that it has not so I do not know what to do!!

    Any idea why Safari is acting this way when Firefox & Chrome are now not?

    Many Thanks,
    Bazzy!
     
  7. aquajet macrumors 68020

    Joined:
    Feb 12, 2005
    Location:
    VA
    #7
    Well at least we're making some progress :)

    I wouldn't think it would matter, but I would try deleting any stored cookies in Safari. You can do this by going into Safari Preferences --> Privacy and click on Remove All Website Data. I do not have a 10.9 machine on hand so it might be slightly different; this is how it appears in 10.10. If that doesn't work could you post screen shots of the certificate error for the intermediate and root certificates (the two that say VeriSign Class 3, listed above the ebay site certificate).
     
  8. Bazzy thread starter macrumors regular

    Joined:
    Jun 8, 2009
    #8
    Hi,

    I tried what you requested yesterday & deleted cookies & the issue was happening & Safari & Chrome but not in Firefox. I had to run for errands so thought I would get the screenshots next time I tried.

    However upon doing so today, strangely, the warnings now no longer appear in any of the 3 browsers! No idea why but I hope it stays that way.

    I have noticed that on Safari, I do not get a padlock or http/https icon that appears on either Firefox or Chrome on a some sites - for example, Google. Is that an issue - does it mean Safari is not secure?

    I did some reading about this issue & it seems that causes can be varied but some suggested an incorrectly set clock either on the mac or on the router. The time on my MBP is correct & I have a Time Capsule that I use as a router which is connected to a old Thomson Router/Modem. I checked the time on the Thomson Router/Modem & it is reading some date in 1970!! Can that be an issue - it must have been like that from day one & has never been an issue until very recently.

    I also read that the issue for many was with expired certificates in Keychain. I looked at my Keychain & there seems to be some certificates that have expired & other that state that the root certificate is not trusted - including those that start with "com.apple".

    There is a bunch of stuff & certificates in Keychain that I do not recognise & did not know were there & what they do including foreign language ones. Also multiple certificates with the same sort of times & dates that are the same for things like emails, apple id's, time capsules, etc - so many there it looks like a mess but what it all means or refers to is beyond me.

    Could it be that with the expired & untrusted root certificates there might be causing some issues?

    Many Thanks,
    Bazzy!
     

Share This Page