I saw someone mentioned on Ians blog that they had seen the HTTP requests
arrive too. Looking I did also (these two are in http access log) the two
in parent article are in ssl access log as I mentioned. Its not just SSL.
65.52.100.214 - - [16/May/2013:13:04:48 -0400] "HEAD
/Leghirs3cleQuiWruAg6fenfAryib7CajVisBeb8.php?user=foo&pass=yeahright HTTP/1.1" 200 -
65.52.100.214 - - [16/May/2013:13:37:26 -0400] "HEAD
/Leghirs3cleQuiWruAg6fengyarrUg5blettOlyurc7.html HTTP/1.1" 200 -
The real question is how. Is this happening on the server. Or is it
happening in the client, reporting URLs to mothership.
And how dare they also. Very double plus ungood, microsoft. Shades of the
Lotus Notes OU=MiniTruth CN=BigBrother (actual strings contained in the
binary for lotus notes to describe the certificate backdooring their email
security). http://cypherspace.org/adam/hacks/lotus-nsa-key.html
I wonder what else microsoft have backdoored of their many products with SSL
and other forms of encryption in them. Maybe the OS itself. People may
remember microsoft's own NSA key
http://cypherspace.org/adam/hacks/ms-nsa-key.html
- did they go the whole hog and just backdoor the OS? They issued some
non-denial denials at the time. But maybe its us who is being massively
naive here. Crypto-geekery while they've been having a decade long massive
backdooring party.
Adam
On Thu, May 16, 2013 at 09:52:24PM +0200, Adam Back wrote:
To my surprise I see this two entries in the apache SSL log:
65.52.100.214 - - [16/May/2013:13:14:03 -0400] "HEAD
/CuArhuk2veg1owOtiTofAryib7CajVisBeb8.html HTTP/1.1" 200 -
65.52.100.214 - - [16/May/2013:14:08:52 -0400] "HEAD
/CuArhuk2veg1owOtiTofAyarrUg5blettOlyurc7.php?user=foo&pass=yeahright HTTP/1.1" 200 -
I was using skype on ubuntu, my Ian on the other end was using MAC OSX. It
took about 45mins until the hit came so they must be batched. (The gap
between the two requests is because I did some work on the web server as the
SSL cert was expired and I didnt want that to prevent it working, nor
something more script like with cgi arguments as in the article).
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
