"dean-dean" <email@example.com> wrote in message
> To turn off the warning, on the Advanced tab of Internet Properties (IE >
> Tools > Internet Options), uncheck "Warn about certificate address
> mismatch", under the section labeled "Security" (Apply, OK).
That won't correct the problem the original poster was talking about, and
it's bad security advice in general.
If a certificate doesn't match the name of the web site, then it's the wrong
certificate for the web site, and you should assume that your connection has
been redirected to another site that may be malicious. Don't turn off the
warning for that!
The fix for the poster's original question is for the web-site designers to
ensure that every included component on a secure page is served by a secure
link. As an example of why this is a bad thing, consider a web form with a
graphic at the top. If the form is delivered securely, but the graphic is
not, the graphic could be manipulated inline by a "man in the middle"
attacker to display instructions to the user - for instance, "Form not
working - please submit financial details to firstname.lastname@example.org
of using the form."
The user will see that they have a secured form, and will presume that the
graphic is reliable as coming from the vendor.
Working around this at the client side is not a good security solution.
Texas Imperial Software | Web: http://www.wftpd.com/
23921 57th Ave SE | Blog: http://msmvps.com/alunj/
Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our client software, WFTPD Explorer.