5

The first time each day that I attempt click on the 'Mail' link from the Yahoo home page, my browser (Seamonkey) throws up a dialog with the title 'Secure connection failed'.

The content in the dialog reads - 

ak1s.abmr.net:443 uses an invalid security certificate
This certificate is only valid for search.dnsadvantage.com

Error code: ssl_error_bad_cert_domain

(if somebody could guide me, I'll attach the certificate from dnsadvantage here)

I have no idea why dnsadvantage.com is entering the picture ... instead of going to the target URL https://login.yahoo.com/config/login_verify2?.intl=us&.src=ym

After I cancel the dialog, the page continues to load but now shows the certificate for Yahoo.

I'm concerned somebody may be trying to retrieve the credentials for yahoo.

Why does the browser present the certificate from dnsadvantage.com instead of yahoo.com?

Everyone
  • 387
  • 3
  • 11

2 Answers2

8

The deal is that dnsadvantage.com is being used as at least one of your name servers and ak1s.abmr.net had a failed dns lookup (oops). dnsadvantage provides free DNS lookups in exchange for doing a MITM attack for domains that it cannot find. The page that it serves for these failed lookups is search.dnsadvantage.com and it displays google ads.

So try going some domain that doesn't exist like dsjfiohefoehf.com, and you should see a dnsadvantage advertisement. If you don't, then only one of your DNS lookup servers is from dnsadvantage, so you might only see an ad on ~1/3rd of failed dns lookups.

rook
  • 47,238
  • 10
  • 96
  • 182
  • 4
    And: don't click through the warning! You may see this the first time each day because the address for the site you are trying to visit is not in the DNS cache. Refresh the page until you get to the right place. (Unfortunately, since these kind of DNS services don't follow standards, your browser/resolver may cache the response (for 10 minutes) so you may need to restart your browser and/or wait until the bogus response's TTL expires.) – bstpierre Dec 22 '11 at 13:02
2

Chances are an advertisement is trying to load and it's getting redirected to the given URL which has the wrong certificate set up.

You could try using wireshark or fiddler to figure out what is connecting to the URL. You could also open the page source and search for 'ak1s.abmr.net'.

Steve
  • 15,263
  • 3
  • 39
  • 66