[Crypto-chi] Man-in-the-Middle Attack?
Brian Kroll
brian at fiberoverethernet.com
Wed Jul 22 02:46:44 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
They totally botched the certificate set-up in IIS by not installing the
certificate in IIs 6.0 correctly (there is a wizard to do it), and also
they are using a wild-card cert with no authority chain. >_<
//Brian
eviljoel:
> Hey All,
>
> So I was looking into attending B-Sides Las Vegas which is at the
> Tuscany hotel. I tried accessing the following URL over Tor to inquire
> about room availability:
>
> https://www2.tuscanylasvegas.com/smsworld/wc.dll?smsWorld~Availbox~&wsi=port
>
> I get a certificate error: sec_error_unknown_issuer
>
> I tried accessing the site using several different Tor circuits and got
> the same thing.
>
> However, I tried the same URL outside of Tor and get a certificate
> signed by GoDaddy.com. Is this a man-in-the-middle attack or is there
> some legitimate reason for this?
>
> Thanks,
> eviljoel
>
>
>
> _______________________________________________
> cryptoparty-chi mailing list
> cryptoparty-chi at groups.sshchicago.org
> http://groups.sshchicago.org/listinfo/cryptoparty-chi
>
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJVrwQAAAoJEFjBjkteF9VaJgIQALZ4xjV/SCP3H1smKtNsqcHZ
YZJvrkKMXPaikbX1hsZKSp/ggKazwbRKfXu3OUYNNCumWbY4nQYtUrf6KoenRvEF
YX7mH9jlwGUMycz+TEkKn7R7qYORsmSvcSysKoJ/R8Mo7j5mpvn8Ri9viCYVNByO
Mi7MtQi6pph4dAR6Av9UBNlEHw2pHk78HdFj4GNehF/6muWKNtY/N1kCkLaijmpH
5O8EthHCkZBa2HgL69tqmIctQdIAa1OwPCsjG0aSV90LZfzQsI+81Ml6j4tzd5a4
HBlCs8CJtQHiE0IU27gP5JUlmAZGofe/vThEQIWnI43ACXesHIunF4i01luwoUhu
Rfov7jEy/r1DQB9mgT3gY6Ct734uKEQKNPNJPT67PlymzQPyN1lZavnp70DdxPlK
gWOoPtO/3lCIE3O8SodzO/gX/sBLsbSS22k/efzjOaPG+ID/1KWbqF0WJ6DI8UtG
zq6bfP9337IIQ27+g/F6i5uFJVdE2kS7/loFuLIQ2Yh0LlemdNX8utjUNr71Qsmb
EqWCLj0RujJpHooZXmE7XmXjy1kqMauT4KKrzIWcL4H3BS0jsQkGI2nkUJZz0D/9
kDVxk22hCGrjQ83M+cUkhEs6oNWukEMVxNKayjkPy+HvkhnpvzTSJB5F/i7ooLZU
tyR5PUa+SvJqyei5DkWE
=Lz/h
-----END PGP SIGNATURE-----
More information about the cryptoparty-chi
mailing list