RE: Verysign

["Robert Guess" <tcguesr () tcc edu>]

Valdis,

I am suprised that you don't know this one!  "Verysign" is Ettercap
0.6.x's default SSL MITM Certificate. They are dealing with a very lazy
attacker... one who doesn't bother to create their own certs.  I do like
your comment "Given how little *real* security a signed cert creates,
it's probably not worth worrying about."  Funny stuff.

Best regards,

Rob

<snip>
> I've been getting SSL certificates from various websites recently
that are
> apparently from a "VerySign Class 1 Authority" - note the 'y' in
VerySign.
> The certificate expired 6 December 2002.

> The data in Issued To and Issued By are identical.

> This smells very much like an SSL hijack attempt - can anyone shed
some
> light on the situation?

Valdis spracht:

"Or some webserver package that builds a self-signed certificate so SSL
works
without having to pay Verisign, and does so in a "cute" manner that
users are
likely to accept the cert without thinking about it. It's probably NOT
a hijack
attempt unless you have *OTHER* evidence of that (phishy-looking
redirect
javascript on the page, etc....)

Given how little *real* security a signed cert creates, it's probably
not worth
worrying about."
</snip>

Robert Guess
Instructor, Information Systems Technology
Tidewater Community College
(757) 822-5022

()  ascii ribbon campaign 
/\  against html email 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html