Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

jparker402

macrumors 6502a
Original poster
Jun 7, 2016
556
54
Bellevue, NE
I am using a MacBook Air with Big Sur. And I have MSN.com as my homepage on Safari (think I got that correctly). This morning for about half the time I try to bring up Safari I get this:
Screen Shot 2021-08-10 at 8.26.34 AM.png


Any ideas as to what is happening and how to cure it? Oh, and I have not accepted the invitation to visit the website via the link.
 

poked

macrumors 6502
Nov 19, 2014
267
150
I am using a MacBook Air with Big Sur. And I have MSN.com as my homepage on Safari (think I got that correctly). This morning for about half the time I try to bring up Safari I get this:
View attachment 1816827

Any ideas as to what is happening and how to cure it? Oh, and I have not accepted the invitation to visit the website via the link.
It’s not an httpS site: https://www.google.com/amp/s/www.pa...-security/your-connection-is-not-private/amp/

if you go to that website, you’ll probably get this: https://support.apple.com/en-us/HT208672 (on your browser as well)
 

jparker402

macrumors 6502a
Original poster
Jun 7, 2016
556
54
Bellevue, NE
Interesting! Wondering why this only started popping up this morning? And according to the second link you provided, I think I am not to enter any data. Would that apply to any site I enter through my Safari/MSN combo? If so, what must I do?
 

Boyd01

Moderator
Staff member
Feb 21, 2012
7,915
4,837
New Jersey Pine Barrens
You should use the https link to MSN - it should not give that message

https://www.msn.com

It may be possible to still use an old bookmark or link that accesses the non-encrypted version of the site. I tried to force that but couldn't get it to happen, so it's possible there was some kind of brief mis-configuration of the msn servers.

Anyway, check the bookmark you are using for MSN and make sure it begins with https and not just http. But the error message you got is just a warning that you're using a non-encrypted connection to a website. The risk involved with this could vary depending on the site. A non-encrypted connection *might* allow a bad guy to intercept your communications. So, for example, if you are entering passwords or credit card numbers on such a site, that could be very risky. If it's just somebody's personal website with photos and you don't need to log in, the risk would be very low however.

You will find that virtually all major websites have switched to https connections long ago.
 

jparker402

macrumors 6502a
Original poster
Jun 7, 2016
556
54
Bellevue, NE
Under Safari Preferences I have homepage set to https://www.msn.com/?inst=1. As far as I know, this is where it has always been: before and now after this cautionary message. Does that address look correct? It has the "s" at the end of the https; have now idea what the /?inst=1 is.
 

mi7chy

macrumors G4
Oct 24, 2014
10,529
11,175
If you remove the ?inst=1 from your homepage preference do you still get it on private WIFI? If so, something is suspect and I would start thinking if device is compromised. If using public WIFI make sure to use a reputable VPN. Also, is the device work provided or managed?
 
Last edited:

jparker402

macrumors 6502a
Original poster
Jun 7, 2016
556
54
Bellevue, NE
Had some time out while wife's nursing crew visited, followed by lunch and a nap. I have not yet changed the address to MSN, but do notice that I am no longer getting that message. Going to wait awhile to see if it reoccurs, though am sorely tempted to remove the /?inst=1 part off the end of the link.
 

Boyd01

Moderator
Staff member
Feb 21, 2012
7,915
4,837
New Jersey Pine Barrens
I'll confess, I did not really look at the details in your error message earlier, sorry. Here's an article about this, it is a change in Safari under Big Sur, going back about a year. I'm guessing that one or more of the MSN servers have not been updated to the new TLS and maybe it's just "luck of the draw" that you will hit one?


I sort of doubt that anything "fishy" is going on there, most likely just a server with old software. But then again, you never know... ;)
 

mi7chy

macrumors G4
Oct 24, 2014
10,529
11,175
I never got that message earlier doing several shift refreshes to that url on MBA M1 running Big Sur so that kind of rules out load balancing to misconfigured server. Looks like sign of a MITM attack but if it stopped then maybe the attacker took a break.
 
  • Wow
Reactions: Boyd01

jparker402

macrumors 6502a
Original poster
Jun 7, 2016
556
54
Bellevue, NE
Still using MSN.com (Bing) as my homepage on Safari. Starting today whenever I type in a site to go to, I get this:
Screen Shot 2021-09-16 at 5.01.34 PM.png

If I go down to the bottom and click on "visit this website", I can still get through (which I did just now to get MacRumors up). Anyone have any idea what Microsoft or whoever just did? Is going ahead and I guess using whatever TLS 1.0 or TLS 1.1 putting me in any great danger? Thanks!
 

casperes1996

macrumors 604
Jan 26, 2014
7,576
5,753
Horsens, Denmark
Still using MSN.com (Bing) as my homepage on Safari. Starting today whenever I type in a site to go to, I get this:
View attachment 1833354
If I go down to the bottom and click on "visit this website", I can still get through (which I did just now to get MacRumors up). Anyone have any idea what Microsoft or whoever just did? Is going ahead and I guess using whatever TLS 1.0 or TLS 1.1 putting me in any great danger? Thanks!
I cannot replicate this behaviour, but TLS is the encryption layer that facilitates “HTTPS” - i.e. when you see the little padlock in your browser. TLS 1.0 and 1.1 are older versions of the standard. In a quick examination, msn.com uses TLS 1.3

Does this occur if you go to URLs directly, not through a search engine?
Are you going through any intermediate connections - proxies, VPNs, anything like that?
 

jparker402

macrumors 6502a
Original poster
Jun 7, 2016
556
54
Bellevue, NE
I cannot replicate this behaviour, but TLS is the encryption layer that facilitates “HTTPS” - i.e. when you see the little padlock in your browser. TLS 1.0 and 1.1 are older versions of the standard. In a quick examination, msn.com uses TLS 1.3

Does this occur if you go to URLs directly, not through a search engine?
Are you going through any intermediate connections - proxies, VPNs, anything like that?
Not sure I know how to go to the URLs directly. And I don't use any proxies, VPNs or the like. And I must confess to not looking for the little padlock like i should, though it does not come up now with this new development. Guess I need some coaching! Do know that I am getting tired of all the extra effort to just bring up websites I have used forever. The problem I mentioned earlier as the moderator kindly pulled up seemed to have gone away, but I guess only to reoccur now in a slightly different form.
 

jparker402

macrumors 6502a
Original poster
Jun 7, 2016
556
54
Bellevue, NE
Did just now discover that if I go to a New Private Window the warning message does not come up! What is this all about???
 

casperes1996

macrumors 604
Jan 26, 2014
7,576
5,753
Horsens, Denmark
Not sure I know how to go to the URLs directly. And I don't use any proxies, VPNs or the like. And I must confess to not looking for the little padlock like i should, though it does not come up now with this new development. Guess I need some coaching! Do know that I am getting tired of all the extra effort to just bring up websites I have used forever. The problem I mentioned earlier as the moderator kindly pulled up seemed to have gone away, but I guess only to reoccur now in a slightly different form.

To go to a URL directly just type it into the address bar. For example,


Are you on your own, private home network or are you on a public wi-fi?
 

jparker402

macrumors 6502a
Original poster
Jun 7, 2016
556
54
Bellevue, NE
I am on a wifi that is wired into our apartment building by, I believe Cox Cable. It is managed by the corporation that owns/manages the apartments. (And it has very weak and spotty reception which the apartment management can do nothing about.)
 

casperes1996

macrumors 604
Jan 26, 2014
7,576
5,753
Horsens, Denmark
The situation persists! What must I do to end the problem?

Connect your Mac to your phone’s network and try to replicate the behaviour. If you still get the behaviour. Report back here. If you do not get the behaviour using your phone operator’s network on your laptop doing the exact same thing, contact whoever’s responsible for the building’s IT, citing potential security concerns and explaining the situation
 
  • Like
Reactions: Boyd01

jparker402

macrumors 6502a
Original poster
Jun 7, 2016
556
54
Bellevue, NE
What is my "phone's network"? If you mean ethernet, I will have to look up how that is done; instructions are not included in my MacBook Air manual. I will check on-line. And I suspect I will have to find somewhere to order a cable. Why can't this all be done on wi-fi, he moaned!
 

Boyd01

Moderator
Staff member
Feb 21, 2012
7,915
4,837
New Jersey Pine Barrens
I think he was suggesting that you use your phone as a mobile hotspot for your computer so that you would be connected to the internet over the phone's cellular network. That would allow you to determine whether the sketchy wifi your landlord provides is the problem. :)

If you have an iPhone, this can be done with bluetooth, wifi or USB using the lightning cable from the phone.

 

casperes1996

macrumors 604
Jan 26, 2014
7,576
5,753
Horsens, Denmark
What is my "phone's network"? If you mean ethernet, I will have to look up how that is done; instructions are not included in my MacBook Air manual. I will check on-line. And I suspect I will have to find somewhere to order a cable. Why can't this all be done on wi-fi, he moaned!
Exactly what Boyd01 suggests; No cable needed
 

phrehdd

macrumors 601
Oct 25, 2008
4,440
1,401
I am using a MacBook Air with Big Sur. And I have MSN.com as my homepage on Safari (think I got that correctly). This morning for about half the time I try to bring up Safari I get this:
View attachment 1816827

Any ideas as to what is happening and how to cure it? Oh, and I have not accepted the invitation to visit the website via the link.
Try simply adding the "s" to http manually in the link. Type in for the address - https://www.msn.com and see if the problem still shows up.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.