Re: [Discuss] My Bank's Web Site is Behaving Oddly

2016-05-12 Thread Derek Martin
On Sat, May 07, 2016 at 08:25:29AM -0400, Matthew Gillen wrote: > On 5/4/2016 5:37 PM, Kent Borg wrote: > > -kb, the Kent who admits he doesn't know how https works through Akamai > > and the like. > > It doesn't. Akamai is a TLS termination point. They have the private > keys of any domain they

Re: [Discuss] My Bank's Web Site is Behaving Oddly

2016-05-07 Thread Dan Ritter
On Sat, May 07, 2016 at 01:27:46PM -0400, Kent Borg wrote: > On 05/07/2016 01:05 PM, Dan Ritter wrote: > >x509 certs don't care about IPs; the browser matches the cert's CN (Common > >Name) against the domain name it was requesting. > > That makes sense. > > So it should be possible to do an

Re: [Discuss] My Bank's Web Site is Behaving Oddly

2016-05-07 Thread Kent Borg
On 05/07/2016 01:05 PM, Dan Ritter wrote: x509 certs don't care about IPs; the browser matches the cert's CN (Common Name) against the domain name it was requesting. That makes sense. So it should be possible to do an anti-DDos service with tons of IP addresses, but still forward on in

Re: [Discuss] My Bank's Web Site is Behaving Oddly

2016-05-07 Thread Dan Ritter
On Sat, May 07, 2016 at 12:46:32PM -0400, Kent Borg wrote: > On 05/07/2016 08:25 AM, Matthew Gillen wrote: > >On 5/4/2016 5:37 PM, Kent Borg wrote: > >>-kb, the Kent who admits he doesn't know how https works through Akamai > >>and the like. > >It doesn't. Akamai is a TLS termination point. They

Re: [Discuss] My Bank's Web Site is Behaving Oddly

2016-05-07 Thread Kent Borg
On 05/07/2016 08:25 AM, Matthew Gillen wrote: On 5/4/2016 5:37 PM, Kent Borg wrote: -kb, the Kent who admits he doesn't know how https works through Akamai and the like. It doesn't. Akamai is a TLS termination point. They have the private keys of any domain they are proxying for, so they can

Re: [Discuss] My Bank's Web Site is Behaving Oddly

2016-05-07 Thread Matthew Gillen
On 5/4/2016 5:37 PM, Kent Borg wrote: > -kb, the Kent who admits he doesn't know how https works through Akamai > and the like. It doesn't. Akamai is a TLS termination point. They have the private keys of any domain they are proxying for, so they can act as the TLS endpoint. Once your connection

Re: [Discuss] My Bank's Web Site is Behaving Oddly

2016-05-04 Thread Joe Polcari
Actually I was on a VPN so maybe that's why Sent from my iPhone > On May 4, 2016, at 7:39 PM, John Hall wrote: > > >> On Wed, May 4, 2016 at 6:24 PM, Joe Polcari wrote: >> same answer – what’s the point? > > Hey! Your queries showed that comcast has

Re: [Discuss] My Bank's Web Site is Behaving Oddly

2016-05-04 Thread John Hall
On Wed, May 4, 2016 at 6:24 PM, Joe Polcari wrote: > same answer – what’s the point? Hey! Your queries showed that comcast has faster dns now. Comcast was also faster for me for this same query. My results (google/comcast): (45 msec / 22 msec), were both faster than your

Re: [Discuss] My Bank's Web Site is Behaving Oddly

2016-05-04 Thread Kent Borg
On 05/04/2016 07:21 PM, Joe Polcari wrote: The domain did not expire. It was renewed in 2015 for 2 years. Look at the Whois output. Hmmm, I don't know what I saw on Friday (did I see a global whois update timestamp, that happens always?), but I saw it exactly 1-year before the new (I

Re: [Discuss] My Bank's Web Site is Behaving Oddly

2016-05-04 Thread Joe Polcari
The domain did not expire. It was renewed in 2015 for 2 years. Look at the Whois output. Sent from my iPhone > On May 4, 2016, at 6:53 PM, Kent Borg wrote: > >> On 05/04/2016 05:51 PM, John Hall wrote: >> Are you using your ISP's DNS ? Is it comcast? > > Various. I did

Re: [Discuss] My Bank's Web Site is Behaving Oddly

2016-05-04 Thread Kent Borg
On 05/04/2016 05:51 PM, John Hall wrote: Are you using your ISP's DNS ? Is it comcast? Various. I did manual lookups on 8.8.8.8, but at home I run my own DNS, on my phone I get T-Mobile's, at Linode I must be using theirs. So what is the difference between my bank using Incapsula to run its

Re: [Discuss] My Bank's Web Site is Behaving Oddly

2016-05-04 Thread Joe Polcari
John Hall Date: Wednesday, May 4, 2016 at 6:06 PM To: Joe Polcari Cc: Kent Borg, "discuss@blu.org" Subject: Re: [Discuss] My Bank's Web Site is Behaving Oddly On Wed, May 4, 2016 at 5:54 PM, Joe Polcari <j...@polcari.com> wrote: I’m actually inside comcast – no browser j

Re: [Discuss] My Bank's Web Site is Behaving Oddly

2016-05-04 Thread John Hall
On Wed, May 4, 2016 at 5:54 PM, Joe Polcari wrote: > I’m actually inside comcast – no browser jacking – pure unhindered network. > ​You could try resolv.conf setting your mahcine to use the google dns 8.8.8.8 , 8.8.4.4 I believe this will override setting returned by dchp

Re: [Discuss] My Bank's Web Site is Behaving Oddly

2016-05-04 Thread Joe Polcari
In fact there is a javascript on their login page with a named copyright holder that encrypts your login information before it’s even sent over ssl. Looks good to me. On 5/4/16, 5:53 PM, "Discuss on behalf of Joe Polcari"

Re: [Discuss] My Bank's Web Site is Behaving Oddly

2016-05-04 Thread Joe Polcari
I’m actually inside comcast – no browser jacking – pure unhindered network. From: John Hall Date: Wednesday, May 4, 2016 at 5:51 PM To: Joe Polcari Cc: Kent Borg, "discuss@blu.org" Subject: Re: [Discuss] My Bank's Web Site is Behaving Oddly Updates can take quite a

Re: [Discuss] My Bank's Web Site is Behaving Oddly

2016-05-04 Thread Joe Polcari
I just did a dig - the output indicates they have a private listing - that;s all. I looked at the site and it looks legit. I clicked through a lot of the pages and looked at the source - it all looks good. On 5/4/16, 5:37 PM, "Kent Borg" wrote: >On 05/04/2016 05:31 PM,

Re: [Discuss] My Bank's Web Site is Behaving Oddly

2016-05-04 Thread John Hall
Updates can take quite a long time to be disseminated, and also some DNS servers are just flat out terrible. Are you using your ISP's DNS ? Is it comcast? A few years ago I ditched comcast DNS for Google public DNS servers. I configure this in the router. IP v4 addresses are 8.8.8.8 and 8.8.4.4.

Re: [Discuss] My Bank's Web Site is Behaving Oddly

2016-05-04 Thread Kent Borg
On 05/04/2016 05:31 PM, Joe Polcari wrote: More than likely they got their domain back and DNS is updating How long should a "whois leaderbank.com" take to update? The output I get is still cloaked and that seems odd for a bank. And, shouldn't the certificate mention the bank? -kb, the

Re: [Discuss] My Bank's Web Site is Behaving Oddly

2016-05-04 Thread Joe Polcari
More than likely they got their domain back and DNS is updating On 5/4/16, 5:28 PM, "Discuss on behalf of Kent Borg" wrote: >On 05/04/2016 04:43 PM, Kent Borg wrote: >> The domain leaderbank.com is acting odd for me...

[Discuss] My Bank's Web Site is Behaving Oddly

2016-05-04 Thread Kent Borg
The domain leaderbank.com is acting odd for me... Last Friday the URL I paste to go to my bank (https://www.leaderbank.com) quit working. After some futzing, I tried switching form https and doing just http, and I got what looks like a parking page. I looked at the whois and the domain got