Virus problems with gnxp?

Share on FacebookShare on Google+Email this to someoneTweet about this on Twitter

Received this email:

It appears your website has been compromised. When visiting (as opposed to regular http) Firefox prompted me with a message that the security certificate for snakeoil.dom has expired. After some googling I found out it is likely an authentication certificate for a virus.–

I didn’t have the same problem. I’m in a hurry, but I assume this is a client side issue? There isn’t an SSL certificate for this website.

Update: See this.



  1. This is definitely server side. Contact your webhost and let them know.

  2. Yes, server side. I get the message too. 
    But it might be innocent – it appears in a standard Cisco example.

  3. Yes, it looks like it’s the standard default setting when you don’t really support encryption: 
    Now we can build and install the web server and the SSL certificates. 
    $ make 
    $ make certificate 
    This step interactively generates a certificate for your server. These are used in cryptographic negotiations with your web clients. See Resources for where to find more information on SSL. In the meantime, these are my suggested answers to the questions (you’ll have to adjust some parameters) 
    Signature Algorithm ((R)SA or (D)SA) [R]: R 
    1. Country Name (2 letter code) [XY]: US 
    2. State or Province Name (full name) [Snake Desert]: Ohio 
    3. Locality Name (eg, city) [Snake Town]: Cleveland 
    4. Organization Name (eg, company) [Snake Oil, Ltd]: Home 
    5. Organizational Unit Name (eg, section) [Webserver Team]: Parents 
    6. Common Name (eg, FQDN) [www.snakeoil.dom]: 
    7. E-mail Address (eg, name@FQDN) [www@snakeoil.dom]: 
    8. Certificate Validity (days) [365]: 365 
    STEP 3: Generating X.509 certificate signed by Snake Oil CA [server.crt] 
    Certificate Version (1 or 3) [3]: 3 
    Encrypt the private key now? [Y/n]:n 
    While the certificate process correctly notes this certificate should not be used on a production system, for home use it should be fine. Basically, there is no trust mechanism in place, so the certificate could be a forged one, allowing an attacker to listen to sensitive information. However, since it is just you and signing a certificate can be expensive, we’ll work with these certificates. If you want to host, say, a commerce site on your web server, you should definitely get it signed by a recognized authority.

  4. I wrote the aforementioned email to Razib. So, how is it that standard default settings for authentication certificates got labeled as a trojan created by Israeli hackers?

  5. I’m getting serious weirdness while trying to post replies to the Jared Diamond thread.

  6. spike, don’t use my name.

  7. B.B wrote: “So, how is it that standard default settings for authentication certificates got labeled as a trojan created by Israeli hackers?” 
    I don’t know where that originated, but I can tell you how it originated: Somebody made it up and posted it somewhere, for reasons best known to him (or her). The reasons aren’t hard to guess, though . . .