I'm a Virgin Cable customer and i've recently noticed that if I visit www.national-lottery.co.uk using Virgin DNS, on my Virgin connection - I get a certificate warning - the certificate has changed from the one that National Lottery provide to one provided by 'adviva.net'

This doesn't happen if I use non-virgin DNS, or use an internet connection that's not the one at home.

I'm in the IT industry, so am pretty sure that nothing weird's going on - I called Virgin about it and the person on the other end of the phone even said their SSL certificate was from adviva.net

So what does this mean? Virgin are intercepting my SSL communications with certain websites (is my online banking safe?) - this is outrageous! Does anyone know anything about this?

Lottery uses a VERISIGN certificate (I don't have an account but that's what I get when I go into a secure area like account registration)

Yeh it's still a valid Verisign certificate, but from aviva.net rather than the national-lottery one I see on other connections/DNS/browsers

The browser's detecting an organization mismatch rather than a self-signed certificate, it does it on my Nexus One (when using home wi-fi/VPNed) and my home PC

I admit that it's weird it's tied into DNS, rather than a straight man-in-the-middle on Virgin's part - but my current train of thought is that perhaps DNS is a trigger for the man in the middle system that injects this erroneous certificate - I acknowledge that after the Phorm debacle Virgin might be spying on my http traffic - but my https? As I say, outrageous

My Verisign is registered to camelot/national-lottery.co.uk and not aviva.net..

On VMB 10Mb connection via the standard DNS

My Verisign is registered to camelot/national-lottery.co.uk and not aviva.net..

On VMB 10Mb connection via the standard DNS

Same here

That's interesting, surely it's not cable only - especially as the virgin support staff's certificate was provided by adviva.net - but it definitely was, I was speaking to the support person's manager when they said the certificate was from adviva - what are your virgin dns servers? I'll compare them to mine

Standard 194.168.4.100 & 194.168.8.100

Mine says verisign.

194.168.4.100
194.168.8.100

Looks like a spyware scan is in order.

Well i'm VPNed in from my Nexus One, which presumably has no issues like this - directly into my VPN-supporting router at home, which presumably doesn't have any adware issues as it's a router. And the Nexus sees the certificate issues.

AND there's this thing where virgin support have an adviva.net certificate - so this is all very strange.

All this convinces me that it's nothing on my side, but why doesn't everyone experience a similar issue?

EDIT: Perhaps i'm in some sort of trial group?

Actually, this sounds like a your PC thing to be honest. Virgin Media look like they use Verisign certs for their public SSL sites.

Adviva are an advertising mob by the looks - don't suppose you've installed something odd on your PC?

See router ^ it's on my phone and random laptops when VPNed into my home router - also happens from all sorts of different machines on my home wireless AND was confirmed as happening by the Virgin support staff on their machines - maybe they're in the trial group as well?

Have you tried viewing any other SSL sites other than the national lottery?

Just a thought, but to display content from another website (IE ads) on a SSL webpage, wouldn't the external site have to provide SSL and a certificate as well to prevent most web browsers from complaining?

It works perfectly on my Virginmedia connection so not a network issue, so try one of the settings below.

Try using the Virginmedia proxy settings just click HERE (http://www.cableforum.co.uk/board/34773822-post18.html)

Or try the new Virginmedia DNS settings just click HERE (http://changesettings.virginmedia.com/)

It appears Virgin are man in the middling, if my machine is A and the lottery is C - they're adding a B which relays between the two and silently replaces information - this would require an SSL certificate from a reputable source (like Verisign) which I believe some browsers blindly accept, saying that IE8 at home doesn't take it when i try to goto national-lottery either so i'm not sure which browsers they're hoping to fool

However, as he is talking SSL, a proxy shouldn't affect it anyhow

Masque! You're a member of staff? Can you check your SSL certificate @ www.national-lottery.co.uk? The member of staff I spoke to on the phone said that was issued for the adviva organisation rather than the national lottery as you'd expect.

It's actually fixed now, this issue has been happened and confirmed multiple times by me for over 2 weeks - half an hour after i'm off the phone with Virgin Support complaining about it and it stops happening - this is all really really fishy

Masque! You're a member of staff? Can you check your SSL certificate @ www.national-lottery.co.uk? (http://www.national-lottery.co.uk?) The member of staff I spoke to on the phone said that was issued for the adviva organisation rather than the national lottery as you'd expect.

It's actually fixed now, this issue has been happened and confirmed multiple times by me for over 2 weeks - half an hour after i'm off the phone with Virgin Support complaining about it and it stops happening - this is all really really fishy
I am not in work at the moment so unable to check.

But check out the post above with the new DNS servers.

Yeh I just have my router set to automatically pick them up, which i assume means they're up to date - i tried with the 194.168.4 and .8 settings mentioned here with the same results (when it was still happening) - when I switch to Google's DNS it stopped happening, and switching back caused it to happen again etc.

I know it sounds unusual from a computer perspective - but it's confirmed by Virgin in my eyes thanks to the technical support staff

I also suggest you verify what you're actually connected to as well as making sure you're resolving things correctly - don't use the proxies unless you really feel you have to (they mask what you're actually connected to by, er, proxying)

I.e. go to the national lottery site in your web browser and at the same time in a DOS box run a

netstat -a 1 | find "https" (or more reliably netstat -an 1 | find "443")

then taking those addresses work out what they actually are (running with the -n flag speeds things up a bit in case of short lived connections, but complicates tying up what you're actually connected to)

So, nslookup x.x.x.x should give you a name - it jolly well ought to something like

Non-authoritative answer:
Name: www.lb.national-lottery.co.uk
Address: 213.146.190.182
Aliases: www.national-lottery.co.uk

Mine gets Camelot Group PLC verified by Verisign on Firefox on Windows 7 on Virgin Media 20meg by the way

Mine gets Camelot Group PLC verified by Verisign on Firefox on Windows 7 on Virgin Media 20meg by the way


Ditto