Full Disclosure mailing list archives
RE: Verysign
From: "Robert Guess" <tcguesr () tcc edu>
Date: Thu, 03 Jun 2004 13:42:02 -0400
Valdis, I am suprised that you don't know this one! "Verysign" is Ettercap 0.6.x's default SSL MITM Certificate. They are dealing with a very lazy attacker... one who doesn't bother to create their own certs. I do like your comment "Given how little *real* security a signed cert creates, it's probably not worth worrying about." Funny stuff. Best regards, Rob <snip>
I've been getting SSL certificates from various websites recently
that are
apparently from a "VerySign Class 1 Authority" - note the 'y' in
VerySign.
The certificate expired 6 December 2002.
The data in Issued To and Issued By are identical.
This smells very much like an SSL hijack attempt - can anyone shed
some
light on the situation?
Valdis spracht: "Or some webserver package that builds a self-signed certificate so SSL works without having to pay Verisign, and does so in a "cute" manner that users are likely to accept the cert without thinking about it. It's probably NOT a hijack attempt unless you have *OTHER* evidence of that (phishy-looking redirect javascript on the page, etc....) Given how little *real* security a signed cert creates, it's probably not worth worrying about." </snip> Robert Guess Instructor, Information Systems Technology Tidewater Community College (757) 822-5022 () ascii ribbon campaign /\ against html email _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Verysign Robert Guess (Jun 03)