Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 25 Sep 2016 23:42:34 -0700
From:      "Ronald F. Guilmette" <rfg@tristatelogic.com>
To:        freebsd-security@freebsd.org
Subject:   Two Dumb Questions
Message-ID:  <32084.1474872154@segfault.tristatelogic.com>

next in thread | raw e-mail | index | archive | help

Sorry folks.  I'm almost entirely ignorant about everything crypto,
and these questions would probably be better asked elsewhere, but
you all on this list are nicer that folks elsewhere, and probably
will have the kindness not to poke too much fun at my ignorance.
So, here goes...

First question:  Regarding the specific kind of MiM deception
being discussed in the following old article (which appears to
be from way back in 2010), I'm confused by the assertion that
it would be necessary to either bribe or bully some CA into
handing out a fradulent cert in order to make the scheme work:

    https://www.wired.com/2010/03/packet-forensics/

Here's my point:  If you really have already managed to become
the man-in-the-middle anyway, then couldn't you just dummy up
any and all responses, including those for DNS, in such a way
as to make it all appear to the victim that everything was
"normal", you know, such that he can see the cute little
padlock symbol to the left of the URL in the browser?


Second question:  I've been trying to do some very simple-
minded early reconnaissance on something that I believe to be
a Really Bad Domain.  The web site for the domain doesn't
appear to use SSL at all, however when I went to this site:

     https://censys.io/

and punched in teh domain name and then clicked on "certificates"
I was surprised to find three different ones shown for the domain
in question, all three apparently issued by "Let's Encrypt Authority
X3".  So anyway, my question is real simple:  Is there some way to
work backwards from those in order to get some clues... any clues...
about the identities of the actual owners/operators of this specific
domain and/or its associated web site?

Thanks in advance for any and all enlightenment.


Regards,
rfg



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?32084.1474872154>