[ale] ssl hijacking attempt

[Dow Hurst]

Can you post the link you were following?  Was it a link to a site on 
your own box or an external link?

An external site setup to establish an additional SSL tunnel would be 
evaluated by your browser's list of certificates.  Your browser might 
have had the new certificate authentication process piped thru your 
current tunnel and assumed it was from your machine and not the external 
machine.  I am guessing here.  Anyone want to criticize the logic?  Have 
you tried visiting the site directly and not thru the tunnel?
Dow


John Wells wrote:

>I use squirrelmail through ssl to send and receive mail.  Today, while
>already logged in to my mail system, I clicked a link.  The Accept/Reject
>certificate box popped up, which was odd because I had *already*
>established an SSL connection.
>
>Examining the certificate, I noticed that it said it was issued from
>"VerySign Certificate Authority" and was originating from my box.  I can
>only assume that it was someone trying to hijack my ssl connection.
>
>Problem is, I can't really find a lot of good info on ssl hijacking...as
>far as how it's done and how to prevent it.  I'm assuming this doesn't
>necessarily mean that whoever did this has hacked my box, as it wouldn't
>seem to make a lot of sense to go through the trouble if you are already
>in.
>
>Anyway, I'm really interested in how this was done.  If anyone can point
>me in the right direction, I'd appreciate it.
>
>Thanks!
>John
>
>
>
>
>---
>This message has been sent through the ALE general discussion list.
>See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
>sent to listmaster at ale dot org.
>
>
>  
>


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.