Full Disclosure mailing list archives

Re: VerySign Class 1 Authority - bogus SSL certificate?

From: Nicola Del Vacchio <nicola () delvacchio it>
Date: Wed, 02 Jun 2004 19:26:58 +0200

it seems to me the fake certificates that a tool like ettercap iussues.

compare whith this (fake) verificate.

cheers
nicola del vacchio
security consultant 
genova italy
nicola () delvacchio it



Il mer, 2004-06-02 alle 18:45, Valdis.Kletnieks () vt edu ha scritto:

On Wed, 02 Jun 2004 07:39:31 +0930, Chris van der Pennen <chris () sw gotdns org>  said:

I've been getting SSL certificates from various websites recently that are
apparently from a "VerySign Class 1 Authority" - note the 'y' in VerySign.
The certificate expired 6 December 2002.

The data in Issued To and Issued By are identical.

This smells very much like an SSL hijack attempt - can anyone shed some
light on the situation?


Or some webserver package that builds a self-signed certificate so SSL works
without having to pay Verisign, and does so in a "cute" manner that users are
likely to accept the cert without thinking about it. It's probably NOT a hijack
attempt unless you have *OTHER* evidence of that (phishy-looking redirect
javascript on the page, etc....)

Given how little *real* security a signed cert creates, it's probably not worth
worrying about.

Attachment: fake-verisign-ca1.cer
Description:

Attachment: signature.asc
Description: Questa parte del messaggio è firmata

Current thread:

VerySign Class 1 Authority - bogus SSL certificate? Chris van der Pennen (Jun 01)
- Re: VerySign Class 1 Authority - bogus SSL certificate? Sebastian Krahmer (Jun 02)
- RE: VerySign Class 1 Authority - bogus SSL certificate? Aditya, ALD [Aditya Lalit Deshmukh] (Jun 02)
- Re: VerySign Class 1 Authority - bogus SSL certificate? Valdis . Kletnieks (Jun 02)
  - Re: VerySign Class 1 Authority - bogus SSL certificate? Nicola Del Vacchio (Jun 02)