81

When I connected to Starbucks's Wi-Fi, I got a security alert from MS Outlook that looks like this:

suspicious certificate

I looked up secure.datavalet.io, but there's no mention of this thing anywhere. This does not appear when I use my mobile, home, or work Internet. Is there anything I can do to trace/verify this thing?

Improve this question
5
  • 33
    It is most likely they are trying to show you some promotion and/or login page to the wifi and doing it the wrong way. You can check this by going to some https secured but unimportant site and allow it. You will see what they are trying to show you.
    – Peter Harmann
    Commented Apr 25, 2018 at 16:45
  • @Adonalsium I didn't think to make a screenshot of that, but it was a completely ordinary path for a COMODO certificate. For all purposes, this certificate is absolutely legitimate. Peter Harmann mentions forwarding to the public wifi login page, and I think this is correct, because I traced the traffic, and that was where it came from/to.
    – Nomenator
    Commented Apr 25, 2018 at 16:56
  • 14
    Another way is to access a http (non-secure) site. I like to use http.badssl.com
    – Jon
    Commented Apr 25, 2018 at 21:40
  • 11
    Or good ol' example.com
    – mgarciaisaia
    Commented Apr 26, 2018 at 19:55
  • Or curl https://www.google.com/ --insecure > secret.htm
    – user32902
    Commented Apr 27, 2018 at 9:15

1 Answer 1

Reset to default
211

As @Adonalsium mentions in the comments, Data Valet manages the Starbucks public WiFi. They're trying to redirect you to the "agree to terms" page to login to the WiFi. Go to a page in a web browser that is not protected by ssl (neverssl.com is great for this), and it will redirect you to the portal page so you can agree, and then this will go away.

The error is the security on your system working as intended, by blocking the connection to a server that isn't the one you were trying to connect to. When it asks something like "Do you want to proceed?", answer "No" or whichever answer will cancel the connection, to avoid sending secrets like authorization tokens to an untrusted server. Login to the portal as mentioned above, and then try again.

The name for the mechanism that redirects you to the terms page and doesn't let you go anywhere else until you agree is Captive Portal. Captive Portals are a common and annoying pattern for "protecting" public WiFi access points, but they have the annoying fault that they essentially need to conduct an attack against your connection to work.

Improve this answer
3
  • 1
    Comments are not for extended discussion; this conversation has been moved to chat.
    – Rory Alsop
    Commented Apr 29, 2018 at 10:57
  • 3
    TIL neverssl.com - thank you! Increasingly difficult to find a non-SSL "obvious" site to use for this purpose in the current climate of "make everything obscured behind SSL whether it needs to be or not ahem"
    – Lightness Races in Orbit
    Commented Apr 30, 2018 at 10:38
  • @LightnessRacesinOrbit I also use example.com .
    – Charles
    Commented Apr 30, 2018 at 13:52

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .