Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




6 posts

Wannabe Geek


# 208799 28-Feb-2017 11:21
Send private message

I have recently moved into rural broadband area, so received a new Huawei B315s modem from Wireless Nation. With an external aerial we get reasonable performance (30/10), but about 2 weeks after installing we all started getting some odd messages: 

 

> "Please reset your gmail passwords" - appeared to all users using either a private gmail domain (richard@xxx.co.nz) or abc@gmail.com. Applies to all devices - IOS, windows 10, android. The dialogue box is a valid email client dialogue. 

 

> Security alerts: "outlook.office365.com - information you exchange with this site cannot be viewed...however there is a problem with the site's security certificate". The security certificate associated with this dialogue is called mobile.wifi and is registered by Huawei in China.... - snapshot of the error here: 

 

 

 

 

> a similar alert occurred on our autodiscover record as well. 

 

Not being a security speicalist I did some digging and wonder if the modem is implementing a proxy in the network, and so effectively performing a man in the middle attack, routing my email via their servers? 

 

So I change the network - implemented my Fritzbox as the main router and DNS server, using the Huawei just as a gateway, but on the same LAN segment (I could not easily setup a DMZ as I use the Fritz for VoIP). Unfortunately the same recurred - and when the error hits the PC slows down to almost stationery. I reject the certificate and in many cases this causes the modem to go into a spate of intermitent internet disconnections.....

 

So to my question:

 

Firstly has anyone else come across this? 

 

Secondly am I correct in my understanding - and if so are Vodafone / Spark / Wireless Nation aware of this? Is there a secure solution? 

 

 

 

Thanks

 

Richard


Create new topic
1358 posts

Uber Geek
+1 received by user: 319


  # 1727597 28-Feb-2017 11:53
Send private message

Do you come across certificate issues browsing to secure sites in general?, e.g. internet banking or even just Google?

 

 

Sometimes it is just trying to redirect you to the modem interface when your broadband connection is down, that is a feature that some modems have, but agree the way it is implemented is a bit dodgy.

 




6 posts

Wannabe Geek


  # 1727599 28-Feb-2017 11:57
Send private message

I have only come across the certificate error with email and once when using terminal services - the server certificate was hijacked in the same way. Internet was up and working fine at the time. I have not done much SSL browsing apart from this so will keep an eye out for that. 


 
 
 
 


2531 posts

Uber Geek
+1 received by user: 753

Trusted
Lifetime subscriber

  # 1727613 28-Feb-2017 12:17
Send private message

yitz: Do you come across certificate issues browsing to secure sites in general?, e.g. internet banking or even just Google? Sometimes it is just trying to redirect you to the modem interface when your broadband connection is down, that is a feature that some modems have, but agree the way it is implemented is a bit dodgy.

 

Smart question.  Yes I would go to your internet banking login page and check the certificate in the browser to ensure it is the bank's certificate and not a Huawei certificate and report back.

 

Lenovo, another Chinese company, have been caught out with installing dodgy SSL certificates and intercepting traffic.  Googling Lenovo SSL should give you sufficient information if you were interested in looking briefly at this.





"4 wheels move the body.  2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams



6 posts

Wannabe Geek


  # 1727826 28-Feb-2017 17:27
Send private message

I checked the certificate on a few sites - and when the SSL error is not displaying, they seem correct. I will need to wait for another occurrence of the SSL error to recheck then. This highlights that it is intermittent - which seems strange. 

 

 

 

Thanks. 


1358 posts

Uber Geek
+1 received by user: 319


  # 1727849 28-Feb-2017 17:59
2 people support this post
Send private message

Could it simply be that your broadband is dropping out?

 

 

You should log a fault / get them to check this (they should be able to tell you from their end). While you are at it let them know about the issues you are having with certificates too.

3982 posts

Uber Geek
+1 received by user: 1687

Subscriber

  # 1727862 28-Feb-2017 18:23
Send private message

yitz: Could it simply be that your broadband is dropping out? You should log a fault / get them to check this (they should be able to tell you from their end). While you are at it let them know about the issues you are having with certificates too.

 

I would wonder if its just an internal DNS resolver redirecting queries when it can't reach an external server - like a Fritzbox does for example.




6 posts

Wannabe Geek


  # 1727865 28-Feb-2017 18:32
Send private message

I wondered about DNS - so have set the Fritz to provide DNS and resolved that to Wireless Nation DNS 1 and 2. We have no noticeable outages at the time this occurs - and what is curious is that the SSL is not targeted internally at all but specifically at a certificate that does exist and is registered to Huawei. When doing a tracert to the specific DNS targeted they resolve correctly and follow an expected path.


116 posts

Master Geek
+1 received by user: 25

Subscriber

  # 1727965 28-Feb-2017 21:35
Send private message

You typically see the certificate change like that, during content inspection.  So not necessarily unwarranted, but normally unwanted as you lose the ability to inspect the actually cert.  If there are no content inspection settings, Try setting DNS to Google DNS 8.8.8.8 , 8.8.4.4

 

 

 

 


Infrastructure Geek
4057 posts

Uber Geek
+1 received by user: 195

Trusted
Microsoft NZ
Subscriber

  # 1727996 28-Feb-2017 22:11
Send private message

you see this on hotel systems, public internet access, any other wifi that has a redirect to some sot of "I accept", "Get connected" or other start page.  Usually once you OK the page then you're home free.  

 

 

 

I'm going to guess that this was a one-off, a redirect as part of the initial setup of the wireless modem.  With skinny and the same modem, first stop was a page to log in and activate the router.





Technical Evangelist
Microsoft NZ
about.me/nzregs
Twitter: @nzregs


416 posts

Ultimate Geek
+1 received by user: 171

Subscriber

  # 1728271 1-Mar-2017 13:01
Send private message

richeeseman:

 

 

 

> "Please reset your gmail passwords" - appeared to all users using either a private gmail domain (richard@xxx.co.nz) or abc@gmail.com.

 

 

 

 

 

 

This was a mistake on Google's account a short bit ago and possibly not related to the certificate issues. 

 

 

 

https://news.google.com/news/story?ncl=d3-NGpI54_i7pkMIjk_1MIm-nElOM

 

 

 

It would be good to check them still 


Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Video game market in New Zealand passes half billion dollar mark
Posted 24-May-2019 16:15


WLG-X festival to celebrate creativity and innovation
Posted 22-May-2019 17:53


HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07


Techweek starting around NZ today
Posted 20-May-2019 09:52


Porirua City Council first to adopt new council software solution Datascape
Posted 15-May-2019 12:00


New survey provides insight into schools' technology challenges and plans
Posted 15-May-2019 09:30


Apple Music now available on Alexa devices in Australia and New Zealand
Posted 15-May-2019 09:11


Make a stand against cyberbullying this Pink Shirt Day
Posted 14-May-2019 20:23


Samsung first TV manufacturer to launch the Apple TV App and Airplay 2
Posted 14-May-2019 20:11


Vodafone New Zealand sold
Posted 14-May-2019 07:25


Kordia boosts cloud performance with locally-hosted Microsoft Azure ExpressRoute
Posted 8-May-2019 10:25


Microsoft Azure ExpressRoute in New Zealand opens up faster, more secure internet for Kiwi businesses
Posted 8-May-2019 09:39


Vocus Communications to deliver Microsoft Azure Cloud Solutions through Azure ExpressRoute
Posted 8-May-2019 09:25


Independent NZ feature film #statusPending to premiere during WLG-X
Posted 6-May-2019 22:13


The ultimate dog photoshoot with Nokia 9 PureView #ForgottenDogsofInstagram
Posted 6-May-2019 09:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.