Sebastien, I apologize, but I don’t follow the issue. What flaw are you reporting? Can you describe in detail the problem?
Also, if you think that this is not a publicly known issue, please see https://www.mozilla.org/en-US/security/#For_Developers <https://www.mozilla.org/en-US/security/#For_Developers> Thanks, Peter > On Sep 11, 2015, at 3:18 PM, Sebastien Bigras <[email protected]> wrote: > > Ive been working on a very large forensic case in US/Canada and Ive pin > pointed a major issue...There are people exploiting this flaw...Ive seen lots > of these bad certificates that shows up as good and are used to proxy data... > > Youve probable seen the ATP group using satellites... > > They also use the Microsoft Sysinternal tools like psexec and others to sign > their drivers because these tools are already signed by Microsoft... > > Ive seen a bot searching for DNSSEC non secure attributes. Most of the > organizations have secured downstream, but not upstream...so they exploit any > non secure attributes on top of them. Then leverage cross-side > scripting/cookie injection so the referrer is the good site but the real > access goes to the other site above (usually malicious..) > > Check facebook --> http://dnsviz.net/d/facebook.com/dnssec/ > > After they find a registrar for .com domains and can register > zzzz.com.facebook.com > > https://pir.org/products/find-a-registrar/ > > I used your crt.sh tool and found many... > > https://crt.sh/?q=1E%3ABD%3A89%3A4C%3A76%3A9F%3A24%3A84%3AF5%3A39%3A0F%3A24%3AF3%3A10%3A9E%3AB6%3A62%3A6F%3A75%3AE2 > > Subject: > commonName = *.opensrs.com > organizationalUnitName = Operations > organizationName = Tucows.com Co. > localityName = Toronto > stateOrProvinceName = Ontario > countryName = CA > > If you also take in consideration your file here > http://data.iana.org/TLD/tlds-alpha-by-domain.txt > > This one below is really bad for all OWA Outlook Web Access sites on > internet...Many, many use webmail has the name like webmail.company.com. > > processing ../certs/12.x.x.x/12.x.x.143/12.41.18.143.results > Violations: storemail,webmail > Valid: Yes > Root: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at > https://www.verisign.com/rpa (c)06, CN=VeriSign Class 3 Extended Validation > SSL SGC CA _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
