Weird problem with hotel internet last night

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I regularly stay at a hotel and use their free wireless internet. Last
night, any time I connected to an https web site, I got a warning from
my browser that the certificate was not trustworthy because it is self-
signed. I clicked on "show details", and the certificate was signed by
the hotel.

I called reception, and they had no idea what I was talking about.
They gave me a 'phone number for their IT support, so I called them.
First line support had no idea what I was talking about either, they
just said "Click on Accept, does it work? What's the problem? If it
works, why worry?" but eventually I got them to pass the call on to a
technical person. When he called me back, he did seem to understand
me, and I went through a few checks with him loading local IP web
pages, refreshing, flushing cache etc., then he said he would
investigate further and get back to me.

About half an hour later, the message stopped appearing, and when I
got through to an https web page, I could click on the browser's
padlock symbol and I got a Thawte certificate.

Phil Hibbs.

Re: Weird problem with hotel internet last night

Quoted text here. Click to load it

Benign possibility: it's possible the provider implemented an inline
browsing proxy appliance with SSL decryption.  Perhaps they turned off
SSL decryption after the complaint?   Unlikely, I'd imagine, as you
have to pay good money for SSL decryption on these devices and one
complain it unlikely to chase anyone off that.  Also, it'd be a
strange choice for a hotel to deploy SSL decryption in an environmen
where they can't distribute a client cert to make it rather silent.

The more likely malicious possibility: someone was using an ssl mitm
attack on the hotel network and decided to close up shop for the

Site Timeline