On Tuesday, March 17, 2015 4:49:54 PM walt wrote:
> I get a certificate verification error when visiting https://www.att.com
> using firefox-36.0, but not when using chrome-41.0.2272.76.
> 
> Anyone else see the same with firefox-36?
> 
> BTW, I tried the latest firefox in a Win7 virtual machine and I was
> shocked to see that firefox was updating itself when I was logged in
> as an unprivileged user (i.e. *not* an Administrator).  Are the idiots
> at M$ *really* that stupid?  They've learned nothing, apparently, since
> Win 95 :(
> 
> BTW, the Win7 firefox also flagged an error when visiting the web site
> I mentioned above, but the error was displayed so subtly that I would
> have missed it if I hadn't been looking for it specifically.  Very bad
> behavior.
> 

Technically the issue is with att's SSL certificate. It may be that they got a 
cheap certificate (meaning it's provides encryption but the CA did not verificy 
that ATT is a legit company) or it may be an issue with the certificate.

It doesn't give any warning for me, it just shows an exclamation next to the 
address and the latest chromium does the same (it shows a triangle) and it 
gives you more info: "The identity of this website has been verified by Verizon 
Akamai SureSever CA G14-SHA1 but does not have public audit records."

If you're concerned about it contact AT&T and let them know.


-- 
Fernando Rodriguez