Dell support shows broken encryption

Board for discussions around the Basilisk web browser.

Moderator: satrow

Post Reply
User avatar
Smokey20
Fanatic
Fanatic
Posts: 155
Joined: 2014-06-09, 06:06
Location: Hawaii

Dell support shows broken encryption

Post by Smokey20 » 2019-06-24, 02:00

On current Basilisk 2019.06.8 (10 Pro ver 1803) version Dell Support MOST (but not all) pages show broken encryption. That is particularly bad because you enter your service tag number there. I was even able to see OTHER DELL USERS service tags and other private information.

The previous Basilisk version which I still had on my other computer (8 Pro) does NOT have this problem. I updated on that computer to the current version and the encryption is broken now on it also.

https://www.dell.com/support/home/us/en/04/
Attachments
Left image is Basilisk, right image is Fx 60.7.2 ESR.
Left image is Basilisk, right image is Fx 60.7.2 ESR.
Sunday, June 23, 2019 15;04;07001.png

pintorama
Apollo supporter
Apollo supporter
Posts: 31
Joined: 2018-01-20, 23:46

Re: Dell support shows broken encryption

Post by pintorama » 2019-06-24, 04:13

I don't know if this will resolve things in Basilisk, but Dell has issued a patch for its Support Assistant: https://www.dell.com/support/article/th ... ty?lang=en . It would seem you should install this regardless of the issue with Basilisk.

User avatar
Smokey20
Fanatic
Fanatic
Posts: 155
Joined: 2014-06-09, 06:06
Location: Hawaii

Re: Dell support shows broken encryption

Post by Smokey20 » 2019-06-24, 04:59

Thanks, but I have been purchasing Dell Small Business computers since 1999. The Decrapifier was originally name DELL Decrapifier. So, I know all about the junk that comes on Dell computers (even Pro versions from Small Business). Support Assist is awful except for those home users who refuse to learn about their computers. I always remove all of that especially since Dell is actually worse than Microsoft in taking away user control. I don't need to worry about PC Doctor buggy junk as it is not on my computers. I agree though that anyone who insists on keeping PC Doctor Dell Support Assist on their computer should immediately install the patch.

This problem I am seeing on both Windows 10 Pro machine and Windows 8 Pro machine is unrelated to Support Assist. I see this problem ONLY on current Basilisk and NOT on earlier versions of Basilisk, or on Fx60.x ESR, Waterfox or Vivaldi.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 25021
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Dell support shows broken encryption

Post by Moonchild » 2019-06-24, 11:14

I don't see anything wrong with the dell website.
The "Broken encryption" indicator means that whatever is negotiated with the browser in you situation is too weak to be considered a secure connection. Since the cipher is AES-GCM, and the protocol is TLS 1.2, that shouldn't be the case.

UPDATE: I went to the specific page in your URL and it contains scripts/active content that are loaded over an insecure connection (mixed content). If you allow that mixed content, then you basically break the encryption which would result in what you see.
Attachments
dell1.jpg
"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne
Image

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 25021
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Dell support shows broken encryption

Post by Moonchild » 2019-06-24, 11:22

The specific errors are as follows:
13:15:33.014 Blocked loading mixed active content “http://127.0.0.1:8884/clientservice/isa ... 1374932366”[Learn More]
top.min.js:1:82461
13:15:33.046 Blocked loading mixed active content “http://127.0.0.1:8883/clientservice/isa ... 1374932367”[Learn More]
top.min.js:1:82461
13:15:33.102 Blocked loading mixed active content “http://127.0.0.1:8886/clientservice/isa ... 1374932368”[Learn More]
top.min.js:1:82461
13:15:33.116 Blocked loading mixed active content “http://127.0.0.1:8885/clientservice/isa ... 1374932369”[Learn More]
top.min.js:1:82461
13:15:33.541 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://i.dell.com/tlsdata. (Reason: missing token ‘sec_req_type’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel).
So for some reason the website wants to talk to something on your local machine and uses http to do so -- likely to interact with the proprietary Dell service software. Pale Moon will block that by default -- if you allow it, the encryption is considered broken (because it is).
"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne
Image

Post Reply