FlyerTalk Forums

FlyerTalk Forums (https://www.flyertalk.com/forum/index.php)
-   Air Canada | Aeroplan (https://www.flyertalk.com/forum/air-canada-aeroplan-375/)
-   -   Is anyone else getting this message? (https://www.flyertalk.com/forum/air-canada-aeroplan/673372-anyone-else-getting-message.html)

Rum & Coke Mar 20, 2007 10:48 am
Is anyone else getting this message?
 
When I attempt to retrieve my bookings on aircanada.com, I consistently receive the following warning message:

You have attempted to establish a connection with “www.google-analytics.com”. However, the security certificate presented belongs to “www.google.com”. It is possible, though unlikely, that someone may be trying to intercept your communication with this web site.

If you suspect the certificate shown does not belong to “www.google-analytics.com”, please cancel the connection and notify the site administrator.

Is anyone else getting this? And what does it have to do with Google anyway?

ogmios Mar 20, 2007 11:54 am
If you care, let AC.com know about that. There is probably a javascript file being referenced using https: in their code instead of http:, and that is probably the issue...

aaac Mar 20, 2007 12:46 pm
Google analytics is Google website that tracks the usage of webpages on the internet. It is what, among other functions, the ranking on Google pages when you do a search on Google site.

The error that you received is a warning from the certificate that was issued to Google website is being used by Google analytics website. It is quite OK, unless you don't trust Google at all.

Rum & Coke Mar 20, 2007 2:50 pm
Thanks for the responses.

I trust Google completely, and use it for virtually all my searches.

I'll reconsider if I find myself on Google Air within the next year or so. ;)

Wally Bird Mar 20, 2007 3:57 pm
Originally Posted by aaac (Post 7437272)
Google analytics is Google website that tracks the usage of webpages on the internet. It is what, among other functions, the ranking on Google pages when you do a search on Google site.
Isn't that only if you have the Google toolbar installed ? You can turn it off anyway in the options.

wombat Mar 20, 2007 3:59 pm
I would be careful about trusting Google too much.

Google retains data on all searches you do, and performs very sophisticated data mining. California's laws on retaining personally identifiable data was amended to specifically allow Google to be exempted. But I'm a paranoid IT security wonk...

However, I always find it interesting that people who have a poor view of corporations generally, will wholeheartedly trust some like Disney and Google.

ogmios Mar 21, 2007 6:54 am
Originally Posted by Wally Bird (Post 7438673)
Isn't that only if you have the Google toolbar installed ? You can turn it off anyway in the options.
Nope, not in this case. The problem, which I just experienced, is right there in their website:
PHP Code:
<!-- Google Analytics Tags -->
<script language="javascript">
if(location.protocol=='http:'){
    glink="<scr"+"ipt src='http://www.google-analytics.com/urchin.js'></scr"+"ipt>";
}else{
    glink="<scr"+"ipt src='https://www.google-analytics.com/urchin.js'></scr"+"ipt>";
}
document.write(glink);

</script>
<script type="text/javascript">
_uacct = "UA-230216-12";
urchinTracker();
</script>

<!-- Google Analytics Tags -->
src=https: should probably just be http, or they should find a url to urchin.js that is on *.google.com

fly_yag Mar 21, 2007 8:10 am
Originally Posted by Rum & Coke (Post 7436496)
When I attempt to retrieve my bookings on aircanada.com, I consistently receive the following warning message:

You have attempted to establish a connection with “www.google-analytics.com”. However, the security certificate presented belongs to “www.google.com”. It is possible, though unlikely, that someone may be trying to intercept your communication with this web site.

If you suspect the certificate shown does not belong to “www.google-analytics.com”, please cancel the connection and notify the site administrator.

Is anyone else getting this? And what does it have to do with Google anyway?

PHP Code:
if(location.protocol=='http:'){
    glink="<scr"+"ipt src='http://www.google-analytics.com/urchin.js'></scr"+"ipt>";
}else{
    glink="<scr"+"ipt src='https://www.google-analytics.com/urchin.js'></scr"+"ipt>";
}
Sorry but the https is correct in this case. The if-statement determines which protocol to use based on which type of website you are currently visiting.

The problem actually lies with Google not having their security certificate configured properly. You could try emailing them but I would imagine that they'll probably have this cleaned up pretty quick on their own.

ogmios Mar 21, 2007 1:35 pm
Originally Posted by fly_yag (Post 7442717)
PHP Code:
if(location.protocol=='http:'){
    glink="<scr"+"ipt src='http://www.google-analytics.com/urchin.js'></scr"+"ipt>";
}else{
    glink="<scr"+"ipt src='https://www.google-analytics.com/urchin.js'></scr"+"ipt>";
}
Sorry but the https is correct in this case. The if-statement determines which protocol to use based on which type of website you are currently visiting.

The problem actually lies with Google not having their security certificate configured properly. You could try emailing them but I would imagine that they'll probably have this cleaned up pretty quick on their own.
You'd think if Google intended https to be used they would by the SSL certificate, no?

YYZSFOShuttle Apr 18, 2007 2:07 am
Couldn't help stick my nose in...

Using mixed (http and https) content will end up with no padlock/SSL UI being shown, because the http: resource could be compromised and used for XSS. I don't think this is anything more than people simply making mistakes either for the URL being used, or for the cert configuration.

end browser-developer-rant


All times are GMT -6. The time now is 10:54 pm.


This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.