[<prev] [next>] [month] [year] [list]
From: tcguesr at tcc.edu (Robert Guess)
Subject: RE: Verysign
Valdis,
I am suprised that you don't know this one! "Verysign" is Ettercap
0.6.x's default SSL MITM Certificate. They are dealing with a very lazy
attacker... one who doesn't bother to create their own certs. I do like
your comment "Given how little *real* security a signed cert creates,
it's probably not worth worrying about." Funny stuff.
Best regards,
Rob
<snip>
> I've been getting SSL certificates from various websites recently
that are
> apparently from a "VerySign Class 1 Authority" - note the 'y' in
VerySign.
> The certificate expired 6 December 2002.
> The data in Issued To and Issued By are identical.
> This smells very much like an SSL hijack attempt - can anyone shed
some
> light on the situation?
Valdis spracht:
"Or some webserver package that builds a self-signed certificate so SSL
works
without having to pay Verisign, and does so in a "cute" manner that
users are
likely to accept the cert without thinking about it. It's probably NOT
a hijack
attempt unless you have *OTHER* evidence of that (phishy-looking
redirect
javascript on the page, etc....)
Given how little *real* security a signed cert creates, it's probably
not worth
worrying about."
</snip>
Robert Guess
Instructor, Information Systems Technology
Tidewater Community College
(757) 822-5022
() ascii ribbon campaign
/\ against html email
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux