[ale] ssl hijacking attempt
Dow Hurst
dhurst at kennesaw.edu
Mon Jun 24 19:52:41 EDT 2002
Can you post the link you were following? Was it a link to a site on
your own box or an external link?
An external site setup to establish an additional SSL tunnel would be
evaluated by your browser's list of certificates. Your browser might
have had the new certificate authentication process piped thru your
current tunnel and assumed it was from your machine and not the external
machine. I am guessing here. Anyone want to criticize the logic? Have
you tried visiting the site directly and not thru the tunnel?
Dow
John Wells wrote:
>I use squirrelmail through ssl to send and receive mail. Today, while
>already logged in to my mail system, I clicked a link. The Accept/Reject
>certificate box popped up, which was odd because I had *already*
>established an SSL connection.
>
>Examining the certificate, I noticed that it said it was issued from
>"VerySign Certificate Authority" and was originating from my box. I can
>only assume that it was someone trying to hijack my ssl connection.
>
>Problem is, I can't really find a lot of good info on ssl hijacking...as
>far as how it's done and how to prevent it. I'm assuming this doesn't
>necessarily mean that whoever did this has hacked my box, as it wouldn't
>seem to make a lot of sense to go through the trouble if you are already
>in.
>
>Anyway, I'm really interested in how this was done. If anyone can point
>me in the right direction, I'd appreciate it.
>
>Thanks!
>John
>
>
>
>
>---
>This message has been sent through the ALE general discussion list.
>See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
>sent to listmaster at ale dot org.
>
>
>
>
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list