Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On 5 Oct 2003, eric wrote: > hello, would somebody please explain (in general) to me what the > following really means and how a cracker could use it to take advantage > of my communications. thanks for any pointers. > > "bad certificate from pop3.comcast.net > signature bad > self-signed certificate in chain" SSL Certificates perform two separate functions, authentication and encryption. The encryption portion is still in effect. Any comminucation between your e-mail client and the server you are talking to are encrypted, and not subject to eavesdropping. The authentication portion is broken here. An SSL certificate has a chain of authority. A trusted source (Verisign or others) has provided a signed certificate to the company after confirming that they say who they say they are. A self-signed certificate is a certificate that is signed by the company itself. If you have the correct public certificate, then your communication is safe. It's very hard to be sure that the certificate is the correct one, without just trusting that you downloaded the correct one. The way that this can be taken advantage of is by someone doing a man in the middle attack. For example, if your DNS points to the wrong server for smtp.comcast.net, then the server you hit instead could give you their cert, and create their own communication with the actual server. You'd get the data you want, but the server that you're hitting gets to listen in on the whole conversation. I said before that the communication between your client and the server you're talking to are encrypted. This is true, but you have no way of knowing if the server you're talking to is the server you wanted to talk to. -- Greg Boyce
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |