[cap-talk] SSL protection racket - Petname Tool
Bill Frantz
frantz at pwpconsult.com
Tue Feb 26 18:19:19 EST 2008
jed at nersc.gov (Jed Donnelley) on Tuesday, February 26, 2008 wrote:
>> Just create your own self-signed
>> cert for the bank of your choice and away you go.
>
>How does that get you into the middle? All it does it to allow
>you to set up another secure site - without paying any extortion
>money to a protection racket.
You run a DNS poisoning attack, and get citi.com to come to you.
You generate a self-signed cert for citi.com and use it on your
server. You use the real citi.com server as a back end an you are
now a man-in-the-middle.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | I like the farmers' market | Periwinkle
(408)356-8506 | because I can get fruits and | 16345 Englewood Ave
www.pwpconsult.com | vegetables without stickers. | Los Gatos, CA 95032
More information about the cap-talk
mailing list