On Wed, 07 Sep 2011 21:40:54 +0700, JT S said: > I recently got this error "You attempted to reach > www.westernunion.com, but instead you actually reached a server > identifying itself as wumt.westernunion.com. This may be caused by a > misconfiguration on the server or by something more serious. Now, if the server had a cert that said 'www.net-pirates.ru', it would be a pretty easy guess what the problem was. However, both the intended destination and the server claim to be in westerunion.com, which limits *slightly* the number of different things that could have gone wrong. So the question is: which is more likely, that you got hit by a DNS hijack for www.westernunion.com that sent you to some other server that had a malicious cert for the wrong hostname, or that WU's infrastructure is messed up and they installed certs on the wrong machines? Hint: It's probably the second - most black hats clued enough to do the DNS hijack part of it are also clued enough to do their homework and make sure the cert matches the hijacked address. :)
Attachment:
pgpg2DM5XKj5J.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/