82

When I connected to Starbucks's Wi-Fi, I got a security alert from MS Outlook that looks like this:

suspicious certificate

I looked up secure.datavalet.io, but there's no mention of this thing anywhere. This does not appear when I use my mobile, home, or work Internet. Is there anything I can do to trace/verify this thing?

Rodrigo de Azevedo
  • 242
  • 2
  • 13
Nomenator
  • 799
  • 1
  • 5
  • 6
  • 33
    It is most likely they are trying to show you some promotion and/or login page to the wifi and doing it the wrong way. You can check this by going to some https secured but unimportant site and allow it. You will see what they are trying to show you. – Peter Harmann Apr 25 '18 at 16:45
  • @Adonalsium I didn't think to make a screenshot of that, but it was a completely ordinary path for a COMODO certificate. For all purposes, this certificate is absolutely legitimate. Peter Harmann mentions forwarding to the public wifi login page, and I think this is correct, because I traced the traffic, and that was where it came from/to. – Nomenator Apr 25 '18 at 16:56
  • 14
    Another way is to access a http (non-secure) site. I like to use http.badssl.com – Jon Apr 25 '18 at 21:40
  • 11
    Or good ol' `example.com` – mgarciaisaia Apr 26 '18 at 19:55
  • Or `curl https://www.google.com/ --insecure > secret.htm` – VarunAgw Apr 27 '18 at 09:15

1 Answers1

212

As @Adonalsium mentions in the comments, Data Valet manages the Starbucks public WiFi. They're trying to redirect you to the "agree to terms" page to login to the WiFi. Go to a page in a web browser that is not protected by ssl (neverssl.com is great for this), and it will redirect you to the portal page so you can agree, and then this will go away.

The error is the security on your system working as intended, by blocking the connection to a server that isn't the one you were trying to connect to. When it asks something like "Do you want to proceed?", answer "No" or whichever answer will cancel the connection, to avoid sending secrets like authorization tokens to an untrusted server. Login to the portal as mentioned above, and then try again.

The name for the mechanism that redirects you to the terms page and doesn't let you go anywhere else until you agree is Captive Portal. Captive Portals are a common and annoying pattern for "protecting" public WiFi access points, but they have the annoying fault that they essentially need to conduct an attack against your connection to work.

nbering
  • 3,988
  • 1
  • 21
  • 22
  • 1
    Comments are not for extended discussion; this conversation has been [moved to chat](https://chat.stackexchange.com/rooms/76740/discussion-on-answer-by-nbering-is-starbucks-spoofing-me). – Rory Alsop Apr 29 '18 at 10:57
  • 3
    TIL neverssl.com - thank you! Increasingly difficult to find a non-SSL "obvious" site to use for this purpose in the current climate of "make everything obscured behind SSL whether it needs to be or not ahem" – Lightness Races in Orbit Apr 30 '18 at 10:38
  • @LightnessRacesinOrbit I also use http://www.example.com/ . – Charles Apr 30 '18 at 13:52