Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

VerySign Class 1 Authority - bogus SSL certificate?

From: Chris van der Pennen <chris () sw gotdns org>
Date: Wed, 2 Jun 2004 07:39:31 +0930 (Cen. Australia Standard Time)
I've been getting SSL certificates from various websites recently that are
apparently from a "VerySign Class 1 Authority" - note the 'y' in VerySign.
The certificate expired 6 December 2002.

The data in Issued To and Issued By are identical.

This smells very much like an SSL hijack attempt - can anyone shed some
light on the situation?

Chris

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: