| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 08 Sep 2011 17:31:32 -0400
From: Valdis.Kletnieks@...edu
To: JT S <whytehorse@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Western Union Certificate Error
On Wed, 07 Sep 2011 21:40:54 +0700, JT S said:
> I recently got this error "You attempted to reach
> www.westernunion.com, but instead you actually reached a server
> identifying itself as wumt.westernunion.com. This may be caused by a
> misconfiguration on the server or by something more serious.
Now, if the server had a cert that said 'www.net-pirates.ru', it would be
a pretty easy guess what the problem was. However, both the intended
destination and the server claim to be in westerunion.com, which limits
*slightly* the number of different things that could have gone wrong.
So the question is: which is more likely, that you got hit by a DNS hijack
for www.westernunion.com that sent you to some other server that had a
malicious cert for the wrong hostname, or that WU's infrastructure is messed up
and they installed certs on the wrong machines?
Hint: It's probably the second - most black hats clued enough to do the DNS
hijack part of it are also clued enough to do their homework and make sure the
cert matches the hijacked address. :)
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists