is my gmail being eavesdroped by local isp or government??

hi.
i use latest version of opera.i go to gmail.com and i'm sure the address starts with https:// but opera tells that it's an insecure connection.then when
i use vpn and my ip is changed then when i go to gmail.com every thing is okay and it tells me that it's a secure connection.
is somebody like gov or my isp trying to eavesdrop my email
i have attached the picture:
http://s15.postimage.org/lg0hsh87v/image.png
and also here:
http://s15.postimage.org/b780mnk63/image.png
what should i do?
is somebody eavesdropping me?

 

Hi & welcome to Wilders

Has this just started happening ?

Some HTTPS pages include portions which are only HTTP. Quite why they do that ? What do you see as you Actually log in ?

It "should" be all HTTPS then.

 

Yeah I've gotten that too. I'd like a answer too.

 

Looking at the pictures it looks like a CRIME or BEAST attack scenario (google those two names). Gmail or Opera is using TLS 1.0 which is proven to be broken. It could also be an attack on the SHA1 or RSA authentication (RSA got hacked so this could be part of the problem, the keys are in the wild maybe) part of the certificate.

I'll research some more and get back to you. But if I would have to say, your getting Man In The Middle attacked.

 

thanks.i'm looking forward to your answers.
what should i do to prevent that?
by the way when i connect to vpn and load gmail.com ,then opera says connection is secure and every thing is okay.and then when i disconnect vpn,then again opera says connection is secure and it's okay until i clear the opera cache.is it secure to disconnect vpn and use opera that way or it's insecure??

 

For now just for safety i'd use only your VPN only to read your email. I doubt they can attack you while using a VPN, if it's encrypted like it should be you should be OK for now, do you know what type of encryption your VPN uses?

I'd also consider changing browser or having a separate browser for reading mail.

BTW what country are you located in?

ALSO update your modems firmware please, and patch your system if you haven't already.

 

I don't know Opera, but judging from http://my.opera.com/community/forums/topic.dml?id=1482592 it seems as though you *might* simply be running into a mixed content issue. Regardless, you need to get to the bottom of *exactly* what "Insecure connection" and "The server attempted to apply security measures, but failed" could mean.

By exploring the page and its content you may be able to identify something that is being loaded via HTTP. You could also sniff your network when loading the page, verifying that the destination hosts/addresses are appropriate for the gmail context and also looking for HTTP requests. Wireshark

 

Same message on my PCs with Opera & Gmail [I've tried it on 2 different PCs from 2 different countries on Ubuntu & W7]. If I reload the page the security icon will become yellow for secure.

I have a Gmail account only for testing, so, unless someone is that dumb to try to spy something I don't use, I think there's just another bug in Opera [not so unusuall for them, I think they are kings at this chapter].

 

Well mine was on Firefox so it's not just Opera. It could be a error but my gut says otherwise, when there is smoke there is usually fire...

 

My Firefox & Chrome are saying that the connection is encrypted on gmail.

Anyway. I made an "updgrade" to 12.10 and it seems Gmail is working fine in Opera. The connection is encrypted.

 

Yeah it's not everytime you log in to Gmal just every so often.

 

More likely... by black hats. I've seen this as well on AIM's mail servers. The mail servers themselves are compromised, there's nothing you can do on your end (other than make sure you force encryption via a VPN, etc...).

Also avoid going to the site by opening a bookmark... do a search and click on the link.

And always take notice of if the connection is encrypted or not before you sign in. If it's not, try to reload the page or re-do the search until it is.

I don't think it's a BEAST SSL crack, but rather a sophisticated redirect method. It even eludes NoScript.

 

Yeah it does elude Noscript. I think I can say I was being MiTM. Not sure what attack method is being used though. I'll do some digging.

 

This is Opera related.

Re-install.

Use another browser.

Wait for an update that solves Opera's age old lookup problem.

Get a better line (doubtful).

 

I've seen this happen on both IE & Firefox too, and am certain it could happen on any browser.

 

It's not only Gmail, I've gotten waning's while visiting Reddit. I don't believe these are browser issues. Someone , somewhere is watching, and is up to naughty stuff.

 

Gmail uses TLS 1.1.

Other browsers?? Missed that.

Well, again, it could be mixed content or a redirection--what browser errors are we talking about now. Could also be your browser timing out due to latency. Perhaps, improperly maintained keys or file corruption. But this is a known Opera error, guys. One that was at least corrected by one person here already by re-installing (updating). I suggest you all at least try it. You are dealing with something that is delicate and has many variables.

Or.

It's the Illuminati elite doing a very bad job of intermittently cracking your Reddit on a global scale for the past 10 odd years (how long people have been complaining about Opera handshakes borking).


I like sleuth stuff too. But parsimony's a wicked wench.

& not suggesting to just assume meaningless errors when seeing https warnings, but this all seems a bit much. If this is so wide spread, you'd see it hit Trusteer and Webroot etc which double checks certs and keys if someone hasn't examined this directly already.

EDIT:
Thought this story sort of relevant: ==http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10838484

 

I have never seen this happen with my Opera browser, I always check to see if the connection is secure before I log onto a site, will watch for it, I would not log in if I saw that, would run every scan I could think of, to try to find the culprit....