[Crypto-chi] Man-in-the-Middle Attack?

Wed Jul 22 04:19:02 UTC 2015

Hey Brian,

But why does the certificate come up fine in Firefox? (Certificate
Pinning?) Was the cert you looked at from Firefox or the Tor Browser?

Thanks,
eviljoel

On 07/21/2015 09:46 PM, Brian Kroll wrote:
> They totally botched the certificate set-up in IIS by not installing the
> certificate in IIs 6.0 correctly (there is a wizard to do it), and also
> they are using a wild-card cert with no authority chain. >_<
> 
> //Brian
> 
> 
> eviljoel:
>> Hey All,
> 
>> So I was looking into attending B-Sides Las Vegas which is at the
>> Tuscany hotel. I tried accessing the following URL over Tor to inquire
>> about room availability:
> 
>> https://www2.tuscanylasvegas.com/smsworld/wc.dll?smsWorld~Availbox~&wsi=port
> 
>> I get a certificate error: sec_error_unknown_issuer
> 
>> I tried accessing the site using several different Tor circuits and got
>> the same thing.
> 
>> However, I tried the same URL outside of Tor and get a certificate
>> signed by GoDaddy.com. Is this a man-in-the-middle attack or is there
>> some legitimate reason for this?
> 
>> Thanks,
>> eviljoel
> 
> 
> 
>> _______________________________________________
>> cryptoparty-chi mailing list
>> cryptoparty-chi at groups.sshchicago.org
>> http://groups.sshchicago.org/listinfo/cryptoparty-chi
> 
> _______________________________________________
> cryptoparty-chi mailing list
> cryptoparty-chi at groups.sshchicago.org
> http://groups.sshchicago.org/listinfo/cryptoparty-chi
> 

-- 
Let me teach you encrypted e-mail. Joel's PGP fingerprint:
A2BE 2D12 24D1 67CA 8830  DDE7 DFB3 676B 196D 6430

-- 
Let me teach you encrypted e-mail. eviljoel's PGP fingerprint:
A2BE 2D12 24D1 67CA 8830  DDE7 DFB3 676B 196D 6430

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://groups.sshchicago.org/pipermail/cryptoparty-chi/attachments/20150721/4c82c1d8/attachment.sig>