I am sorry to bother you all but I am quite certain something suspicious is happening in my building.
I live in a graduate student dorm at University of Hawaii and our wifi network changed recently. The network now is listed as "unsecured". When I am visit email and other sites of mild significance, I receive a message that the connection is not secure. There have been other issues such as when I log out of email and receive confirmation that I am signed out, but then I simply click back in the browser and I am right back in my email and I can access each folder as if I never logged out.
Perhaps I am overreacting but something doesn't seem right. I am very eager to learn what exactly is happening and what I can do to resolve the issue.
I apologize for any inconvenience and look forward to hearing from the community.
I genuinely believe the individuals responsible for the network have intentionally made these changes for some nefarious reason.
I'm not sure what they can get or see from doing so but this is why I have taken steps to post here because something is definitely not right.
Or someone set up a pineapple to perform a man in the middle. The only way to fully protect yourself if you don't control the network is to get and utilize a vpn service. Then it doesn't matter what type of network you are connected to.
Adam - Thanks for the suggestion. I thought the same thing but when I began using a VPN, strange things occurred.
I downloaded Tunnelbear for Mac OS at 11:04 PM and in my downloads folder, found the "TunnelBear.zip" file. After unzipping the file, "TunnelBear.app" also appeared in my downloads folder but the time of creation/modified was16 hours earlier, at 7:37 AM?
Then, while using the VPN, a limited number of locations come with the free version, which is the version I was using. However, when I checked my IP address from a web search the IP address that appeared was from a location not included in the free version and not the location I chose.
Any thoughts regarding these 2 things Adam?
I just looked up what a "pineapple and man in the middle attack" are and I have to say this seems very similar to some of what I am experiencing.
I noticed around 20 or so un-encrypted wireless networks suddenly appeared and from what I have been reading this is a common with this sort of attack. Check this out, one of the networks is actually named "Pineapple Head"!
I'm still learning about this but how does one stop the Pineapple Attack?
One easy way to tell if you are accidentally connected to a Pineapple type device instead of the actual network is by going to a secure https webpage. When doing that you would get a warning about the certificate not matching if you are connected to a Pineapple device. If you do not get a warning and the web page loads properly with the certificate then you should be fine.
Regarding the dates on your file. The download date will always be different than the .app's creation date. The .app's creation date is typically when the application was compiled if I recall correctly.
Your whole situation is basically the do's and dont's of connecting to an unsecured/uncontrolled wifi network. Basic security hygiene is best n that type of environment.
1. Make sure your computer is completely up to date and that your firewall and any other AV protection products are enabled.
2. Do as little as possible, avoid banking and other credentialed sites if possible although technically they should be https
3. If you don't want the network to see all of the websites you visit etc then I'd suggest using TOR or a VPN solution to hide/encrypt that.
The does very much sound like a man in the middle attack or the admins have setup some form of DPI-SSL which they haven't configured correctly.
Your query regaridng the creation date o nthe app I wouldn't be worried, that will be the date and time the developer last updated the app. The creation date is when the file was originally created not when it appeared on your system.
Another quick tip is to always make sure you verify the security of the certificate on your browser. Whenever you visit an HTTPS page (which is most of them now), ensure you have the little lock symbol next to the URL and that it is green (if you are using Chrome) or not barred (looking at your screenshot above). As a rule of thumb, if it doesn't have the lock, do not input any personal information like email address, passwords, bank details, etc..
For common websites like Microsoft.com you can also go deeper and verify the certificate by clicking on the lock and check who has issued it. The issuers are always the same (Verisign, Comodo, Entrust, etc.).
Aside from that, I agree with everybody here and it does look like an attack aimed at capturing your information.
Hope this helps!