[SSL Observatory] Beaucoup Fake SSL Certs

Paul Ferguson fergdawgster at mykolab.com
Thu Feb 13 10:48:15 PST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Worth a read:

"Netcraft has found dozens of fake SSL certificates impersonating banks,
ecommerce sites, ISPs and social networks. Some of these certificates
may be used to carry out man-in-the-middle attacks against the affected
companies and their customers. Successful attacks would allow criminals
to decrypt legitimate online banking traffic before re-encrypting it and
forwarding it to the bank. This would leave both parties unaware that
the attacker may have captured the customer's authentication
credentials, or manipulated the amount or recipient of a money transfer."

"The fake certificates bear common names (CNs) which match the hostnames
of their targets (e.g. www.facebook.com). As the certificates are not
signed by trusted certificate authorities, none will be regarded as
valid by mainstream web browser software; however, an increasing amount
of online banking traffic now originates from apps and other non-browser
software which may fail to adequately check the validity of SSL
certificates."

Much more:

http://news.netcraft.com/archives/2014/02/12/fake-ssl-certificates-deployed-across-the-internet.html


FYI,

- - ferg



- -- 
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iF4EAREIAAYFAlL9E28ACgkQKJasdVTchbIg3QD9HfJ1OF+YUf5ItT9y41Pxo+m7
DAh0W0ZOFEG1FbVRFwYA/RFIFD4TbB0t9JspGCF4J+98ab79zy0ndMjhMn97wm1b
=RSw9
-----END PGP SIGNATURE-----


More information about the Observatory mailing list