Weird question for y'all. Every now and then - not even every day - I'll be on a site, doesn't matter which one, and I'll click a link or click something and it'll pop up a Javascript warning saying "The server at [corporate intranet proxy server] and port [port] wants your username and password." I'll hit cancel, and it'll change to a page saying my Internet access can't continue until I supply credentials. But it doesn't actually do anything, I hit Back and click the link again and it's fine.
Pretty sure I'm not being phished. This happens on legit sites. Here, wikiHow, Google News - that's pretty much all I check at work. And the local news site.
Once I put in the credentials required to log on to the computer itself. It's the only login/pass I can think of that qualifies. (We have to change our password every so often, and we've changed it since.) In any case, it said it was wrong.
I've seen this on their Internet Explorer as well. So I'm in no way trying to say it's a Firefox Portable program. I just figure, y'all might know about private networks. Me, I know next to nothing. I do know that Portable Firefox or any other browser won't work at work without the LAN settings copied from Internet Explorer, though. So I know we use a proxy server. Could the proxy server itself be requesting credentials? If so, why would it do that, if hitting cancel wouldn't suspend access?
I suppose IT would be the people to ask, but my department does not have communication with that department. We have a number to call when things don't work. This hardly qualifies. I suppose if I have an inquiry that does qualify and the IT person seems nice and not in a hurry, I can throw it out there and see what kind of response I get, but I certainly don't want to waste their time when it really isn't a problem.
Seems to me something isn't configured right somewhere.
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
>Could the proxy server itself be requesting credentials? If so, why would it do that, if hitting cancel wouldn't suspend access?
Otto Sykora
Basel, Switzerland
Do a packet capture with Wireshark. For all you know, your browser could've submitted the NTLM Authentication credentials when you reclicked the link.
There's a network.automatic-ntlm-auth.trusted-uris setting that you could meddle with to ensure Firefox trust the URL used for the proxy's authentication. Until you look at the Wireshark captures, this may/not be the case
Not sure I should be using Wireshark at a work PC if I understand what it does. I'd hate for IT to see it in the logs or whatever monitoring systems they may have and get the wrong idea.
What does it mean that my browser could have submitted the credentials? I can see Firefox being able to capture the name of the local user (just look at %APPDATA, for one) but the password?
And are you saying if I add the proxy I use to that about:config string it should solve the problem?
Can you get a "screen shot" next time the situation appears? It reduces any tendency for IT to blow it off as a problem that can't be reproduced. And it may be familiar once they see it. Or unfamiliar and they do a serious spyware hunt.
You can get that "Lightscreen Portable" utility on this site in case "Prnt Scn" doesn't work out.
Of course, don't overlook a hand-held digital or cellphone camera.
Bh2ooo
Yeah, I can get one, to show up here (just gotta obscure part of the URL). I don't talk to IT here, so it's not like I'd show it to them.
I do have (and love) LightScreen.
If I can get a portable spyware scanner, I'd do it myself. I think their network is fairly secure, though. Actually, they did have a spyware app up here a few months ago, but I got rid of it the old fashioned way. They have AdAware SE Plus on one of the intranet folders, and it's installed on other computers in the office. The updater is broken, so I downloaded the final defs for it. They stopped supporting SE back in April, so the last defs are dated March 30. Still, it's better than nothing, though if I could get Spybot portable, I'd like to run that, since its defs are more recent. Guess I could install the latest AdAware, do them a favor, but it's like the one rule they have, don't install anything. They don't even care what I look at online, they just said they have certain sites blocked. Gaming sites mostly. Ironically not YouTube. I'm sure you get the impression by now I don't do much complaining about the arrangement.