[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] RE: Verysign
- To: <full-disclosure@xxxxxxxxxxxxxxxx>, <Valdis.Kletnieks@xxxxxx>
- Subject: [Full-Disclosure] RE: Verysign
- From: "Robert Guess" <tcguesr@xxxxxxx>
- Date: Thu, 03 Jun 2004 13:42:02 -0400
Valdis,
I am suprised that you don't know this one! "Verysign" is Ettercap
0.6.x's default SSL MITM Certificate. They are dealing with a very lazy
attacker... one who doesn't bother to create their own certs. I do like
your comment "Given how little *real* security a signed cert creates,
it's probably not worth worrying about." Funny stuff.
Best regards,
Rob
<snip>
> I've been getting SSL certificates from various websites recently
that are
> apparently from a "VerySign Class 1 Authority" - note the 'y' in
VerySign.
> The certificate expired 6 December 2002.
> The data in Issued To and Issued By are identical.
> This smells very much like an SSL hijack attempt - can anyone shed
some
> light on the situation?
Valdis spracht:
"Or some webserver package that builds a self-signed certificate so SSL
works
without having to pay Verisign, and does so in a "cute" manner that
users are
likely to accept the cert without thinking about it. It's probably NOT
a hijack
attempt unless you have *OTHER* evidence of that (phishy-looking
redirect
javascript on the page, etc....)
Given how little *real* security a signed cert creates, it's probably
not worth
worrying about."
</snip>
Robert Guess
Instructor, Information Systems Technology
Tidewater Community College
(757) 822-5022
() ascii ribbon campaign
/\ against html email
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html