A quick epilogue to this one.

I'm using Tor here, this could have been a bad exit node - I had though incidents when restarting tor fixed a hack observed on a webpage, but also it got to the point where this did not fix the problem, but this could have been malware installed on the computer at that point.

I have anyway tightened up on security procedures in terms of so-to-speak physical access to the machine (and it's I think worth noting here that TEMPEST technology would enable someone to know when you have an admin. console open). Also I've plonked the browser into a sandbox.

I am though still getting https pages showing 'this page contains unencrypted content errors', note though only on first visiting the page (notwithstanding Firefox's default setting to only show this once), the second visit to the page and the error is not there (the Moz. developer Javascript page being one such page, also a gmail Webware email - as I am using a sandbox I'm going to have to figure how to save these pages so no html for now).

---------- Post updated at 10:48 PM ---------- Previous update was at 01:27 PM ----------

Continuing this thread as a log.

I believe my SSL VPN passphrase was compromised in this last install - I felt uneasy after realising that I had left it lying around on my Android mobile for far too long (I use the mobile to set the passphrase), and intermittently more often than not when I opened Firefox the default first use page had CSS information missing; also the sandboxed browser was showing signs of hacking otherwise (nuisance hacks).

The issues from today I think are:

1) Are mobiles secure, I've found myself only being able to log into the website of my VPN providers once or twice before the Android browser refuses to load the page; however a workaround is to use the mobile formatted page provided as an option to a google mobile search. This worked fine for me for a while, but I have just found today the Android browser is reporting certificate errors when I try to login to the VPN provider's website (cert. not issued by a valid authority I think if I remember correctly - and this is all from the point of a completely reset handset accessing the mobile's own data network).

2) (a) VPN providers could do to provide a way for the passphrase to be set by uploading a file, so that the phrase can be set without being displayed on the screen. (b) Also, as iVPN does, an option to set the passphrase once and have to reset if you need to be reminded, i.e., set once, no possible way to find out what it is afterwards, and certainly not display it openly on the screen when you login (AceVPN I am talking about you (c) VPN providers as well could do to include a list of symbols their passphrases cannot include to facilitate scripts autogenerating a strong key. (d) I think VPN providers could put more effort into providing secure ways to set the VPN passphrase: dedicated mobile apps perhaps (that can be MD5 sum checked prior to launching), a ssh login, etc. (NB While on the subject of VPNs, I have found a udp port more secure than TCP, so if a VPN provider can always make one available (TorVPN omits this).)

(A note on the Android, recently started reporting errors while connecting to the App Store, which is usually the first or second thing most people would do after resetting the 'phone.)

---------- Post updated 12-05-11 at 11:36 AM ---------- Previous update was 11-05-11 at 10:48 PM ----------

Past 24 hrs:

- A twitter user https page gives a this page contains nonencrypted content error - looking at the source there is no obvious content that might cause this in what the user has tweeted (a few http:// links, but that is all), and the error is no longer there 12 hours later, with however only a few additional tweets to the page. (This user I might add is the main organiser of a current legal action by a community against local civic administrators.)

- SELinux sandbox bug, the mouse pointer, instead of traversing between the sandboxed browser and desktop, becomes stuck in the sandbox window (the window has to be closed at that point (though the browser may have fixed itself once when this happened if I remember correctly); possibly a link between the above type of error and this occuring - FF 3.6.17, SL6, TWM).

---------- Post updated at 02:58 PM ---------- Previous update was at 11:36 AM ----------

The google inbox itself reporting an unencrypted content in page error - I was already logged in to gmail in one tab, but opened a second gmail window in another tab, this error appearing.

---------- Post updated at 02:58 PM ---------- Previous update was at 02:58 PM ----------

The google inbox itself reporting an unencrypted content in page error - I was already logged in to gmail in one tab, but opened a second gmail window in another tab, this error appearing.

---------- Post updated at 03:01 PM ---------- Previous update was at 02:58 PM ----------

(Note the double post above was not a result of my double clicking the submit button - the post was taking a good while to submit for some odd reason but I did patiently wait.)

---------- Post updated 13-05-11 at 02:48 PM ---------- Previous update was 12-05-11 at 03:01 PM ----------

Quick update, in the next 24 hrs:

- A computer criminal has figured out how to close my Internet connection down (has to be restarted) - annoying little sods!
- At one point FF went haywire: clicked on the google docs link, which opened up docs about half a dozen times in new tabs, every time I closed one a few more opened; the browser took over control of the keyboard itself, injecting junk characters text boxes, selecting random control keys. This only happened the once though.
- Someone seems to have figured a way to crash the browser also (one repeated attack of this late last night).

I'm still assuming at this point that the computer itself has not been compromised (i.e., no hacking outside of the sandbox). I've tightened up openvpn a touch, and procedures for protecting the physically machine when accessing an admin. login, but there is a limited amount of time I have to become a system admin. and security engineer - so by no means as much security work as could be done.

(And by way of a footnote - I managed to get some work done! For anyone interested in personal cash flow forecasting and cyclic income and outgoings calculations: http://bit.ly/moneygoround)

---------- Post updated at 03:13 PM ---------- Previous update was at 02:48 PM ----------

In short, the problem is to figure how I'm still getting incidents of MITM style data injection over a SSL vpn to a https webpage! (I can't do any more to make the physical machine itself more secure either - so I am assuming this is not the problem, and I'm not running any dodgy software otherwise; besides which none of the hacks experienced at the moment are permanent - restarting the browser in its sandbox has essentially been all that is needed to fix things.) The only reason I myself can think of for this is if the page on the webserver itself has been compromised - which I think can be ruled out.