Mainly, you can see one because it obfucates the microcode in your HOSTS
files. Another way is to log to HTTPS the source code (unless it is C#) to
a NON HTTPS website.

> For example, I just initiated a connection to my legimate router:

> https://192.168.1.1

> And it said (as it always does):

> "Security Error: Domain Name Mismatch"

> It went on:

> "You have attempted to establish a connection with 192.168.1.1.

> However, the security certificate presented belongs to Linksys.

> It is possible, though unlikely, that someone may be trying to

> intercept your communications with this web site.

> It gave the recommendation:

> "If you suspect the certificate shown does not belong to

> 192.168.1.1, please cancel the connection and notify the

> site administrator?

> Obviously this whole situation is a false alarm.

> Does anyone have an example of a situation we can go to in order to see

> what a "real" SSL forgery looks like to the user as they try to log into

> their email web site?

Sure, take this URL.

http://tinyurl.com/2tt98s

Then when it loads, do a quick, CTRL-ALT-ampersand. If Java is scripted
server side only, then you can see the talisman algorithms. If not, then
you have to look at the compiled (previous not present, prior to browser
time-outs or MITM attacks).Either way, you have your answer.

HTH

Posted by Joan Battaglia on October 28, 2007, 10:43 am

If you were Registered and logged in, you could reply and use other advanced thread options

On Sun, 28 Oct 2007 05:36:07 -0400, Nil wrote:
I followed everyone's advice and installed Tor/Vidalia/Privoxy.
I learned it's UP TO ME to determine if a certificate is fake.
So, I test the system - and I take your advice to READ the certificate
warning - but I still don't know what to do with the result.

Is THIS a fake certificate?

Here's what happened.
I went to http://torcheck.xenobite.eu/index.php
I clicked on the HTTPS-Mode button to see what it would say
Up popped a "Security Error: Domain Name Mismatch"
Which warned
You have attempted to establish a connection with
torcheck.xenobite.eu. However the security certificate
presented belongs to 217.160.111.190. It is possible, though
unlikely, that someone may be trying to intercept your
communication with this web site.
And, then:
If you suspect the certificate shown does not belong to
torcheck.xenobite.eu, please cancel the connection and notify
the site administrator.

So what do I do?
Most of these posts say to examine the certificate, so I press
the "View Certificate" button.

It says:
This certificate has been verified for the following uses:
SSL Server Certificate
Huh? Is that telling me something?

Then it says:
Issued To
Common Name (CN) 217.160.111.190
Organization (O) Kraus Computertechnik
Organizational Unit (OU) StartCom Free Certificate Member
Serial Number 01:84:54
To which my head is spinning - I guess I'm supposed to tell from this
if it's legitimate or not - but I don't know where to look.

It goes on:
Issued By
Common Name (CN) StartCom Class 1 Primary Intermediate Free CA
Organization (O) StartCom Ltd.
Organizational Unit (OU) Secure Certificate Signing
Huh? I still don't know what is wheat and what is chaff.

Moving on:
Validity
Issued On 9/25/2007
Expires On 9/24/2008
Does this tell me anything useful other than when it will expire.

Lastly:
Fingerprints
SHA1 Fingerprint
D3:CF:DC:24:BC:3E:E9:59:27:2B:82:51:27:67:D2:E8:61:11:B9:1B
MD5 Fingerprint:
24:00:31:6D:F3:3B:E2:90:BC:73:CE:4D:BF:9C:2A:D7

I won't even go into what it says in the DETAILS tab!
Oh my. If all this which I'm supposed to read actually means something to
you guys, then you ARE rocket scientists!

What do I (decidedly not a rocket scientist) do with this information?
Is this a fake certificate or a real certificate?
How would I know?

Posted by LeeAnn5ft on October 28, 2007, 1:20 pm

If you were Registered and logged in, you could reply and use other advanced thread options

On Sun, 28 Oct 2007 14:43:58 GMT, Joan Battaglia wrote:

> Lastly:

> Fingerprints

> SHA1 Fingerprint

> D3:CF:DC:24:BC:3E:E9:59:27:2B:82:51:27:67:D2:E8:61:11:B9:1B

> MD5 Fingerprint:

> 24:00:31:6D:F3:3B:E2:90:BC:73:CE:4D:BF:9C:2A:D7

> I won't even go into what it says in the DETAILS tab!

> Oh my. If all this which I'm supposed to read actually means something to

> you guys, then you ARE rocket scientists!

> What do I (decidedly not a rocket scientist) do with this information?

> Is this a fake certificate or a real certificate?

> How would I know?

You will need to reboot, then check HOSTS for non 8080 correspondence.
Look for asterisks where there should be commas.
--
Vern, vermin, Kevin, whatever, I would have thought holding your hand as
we praised Ian would not have passed for a "I want to fuck you".

Similar Threads	Posted
Howto setup a certificate authority and create a signed certificate using openssl on Debian sarge	March 16, 2005, 10:39 am
What are the real dangers of shared hosting ?	May 8, 2004, 7:25 am
Have real exploits of arithmetic overflows happened?	February 13, 2007, 12:45 pm
Re: It's a fake terrorist scare, folks	August 24, 2006, 6:05 pm
Re: It's a fake terrorist scare, folks	August 15, 2006, 2:24 am
Re: It's a fake terrorist scare, folks	August 16, 2006, 2:14 am
Re: It's a fake terrorist scare, folks	August 18, 2006, 2:22 am
Re: It's a fake terrorist scare, folks	August 18, 2006, 2:25 am
Re: It's a fake terrorist scare, folks	August 20, 2006, 7:25 am
Re: It's a fake terrorist scare, folks	August 24, 2006, 4:20 pm

The site map in XML format XML site map