Valdis, I am suprised that you don't know this one! "Verysign" is Ettercap 0.6.x's default SSL MITM Certificate. They are dealing with a very lazy attacker... one who doesn't bother to create their own certs. I do like your comment "Given how little *real* security a signed cert creates, it's probably not worth worrying about." Funny stuff.
Best regards, Rob <snip> > I've been getting SSL certificates from various websites recently that are > apparently from a "VerySign Class 1 Authority" - note the 'y' in VerySign. > The certificate expired 6 December 2002. > The data in Issued To and Issued By are identical. > This smells very much like an SSL hijack attempt - can anyone shed some > light on the situation? Valdis spracht: "Or some webserver package that builds a self-signed certificate so SSL works without having to pay Verisign, and does so in a "cute" manner that users are likely to accept the cert without thinking about it. It's probably NOT a hijack attempt unless you have *OTHER* evidence of that (phishy-looking redirect javascript on the page, etc....) Given how little *real* security a signed cert creates, it's probably not worth worrying about." </snip> Robert Guess Instructor, Information Systems Technology Tidewater Community College (757) 822-5022 () ascii ribbon campaign /\ against html email _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
