I came across a curiosity the other day that I’m still not able to solve, but here you go…

Recently, when logging in to facebook, the following message appeared on my iPhone:

I thought… Ok, in light of all the recent hacks, maybe someone miraculously hacked my iPhone and is trying to steal my facebook details (not that they are worth anything, but anyway).

So I took an almost maiden iPad here in the office and tried the same thing again and came across this picture

WTH???

I could not reproduce the same thing with any other device or browser. I tried IE, Firefox, Chrome on a PC, Android phone, … I could not reproduce this… On an iOS device, it doesn’t happen all the time, but I can fairly reliably reproduce…

With all the information I have, I am absolutely sure that this is the right certificate… I double checked all the details, including the serial number and the SHA-1 hash. This is definitely the correct certificate.

User Interface

But the real issue that I have is that there is no way in the world anyone can actually make sense of any of the presented information…

The world is abuzz at the moment with cloud offerings… more and more people will transact online… the traditional computer won’t exist anymore and we will only store things online if things go the way google pushes them.. But we can’t really solve the most basic security  issues?

The right action to do is to block this as its impossible to ascertain whether this is the right site… (leaving aside the fact for the moment that it is the right site!!!)

For completeness, here are the screens that are visible when you click on “Details”.

And one iPad picture with the serial number and the signature

And lastly the confirmed correct certificate. (actually raises a good question: how do you undeniably confirm this?)

Does anyone know what’s happening here? Is this a bug in iOS? session-renegotiation?