On 5/23/06, Dude VanWinkle <[EMAIL PROTECTED]> wrote:
I guess you would hijack their machines with a bug that would edit the local cache, refresh the cache, then report to you about the websites the victim's machine had visited, and you could request an ssl cert for those sites.
If you can get this far, why not just trojan IE and be done with it? http://isc.sans.org/presentations/banking_malware.pdf
The only problem I see with this scenario from a freessl perspective is that they require verification in the form of an email sent to [EMAIL PROTECTED] or from an email sent to the admin from the upstream DNS provider. This would be a little tricky to get around as you would have to munge freessl's DNS records.
This implies that you trust every server that relays the e-mail. Regards, Brian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
