[cap-talk] SSL protection racket - Petname Tool

Bill Frantz frantz at pwpconsult.com
Tue Feb 26 18:19:19 EST 2008


jed at nersc.gov (Jed Donnelley) on Tuesday, February 26, 2008 wrote:

>> Just create your own self-signed
>> cert for the bank of your choice and away you go.
>
>How does that get you into the middle?  All it does it to allow
>you to set up another secure site - without paying any extortion
>money to a protection racket.

You run a DNS poisoning attack, and get citi.com to come to you.
You generate a self-signed cert for citi.com and use it on your
server. You use the real citi.com server as a back end an you are
now a man-in-the-middle.

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | I like the farmers' market   | Periwinkle
(408)356-8506      | because I can get fruits and | 16345 Englewood Ave
www.pwpconsult.com | vegetables without stickers. | Los Gatos, CA 95032



More information about the cap-talk mailing list