X.509 Phishing license

Jason Holt jason at lunkwill.org
Tue Feb 14 12:08:49 MST 2006


I didn't realize that this was happening in our neighborhood.  Looks like 
phishers are getting valid certs for the domains they attack.

 						-J

---------- Forwarded message ----------
Date: Tue, 14 Feb 2006 00:29:59 -0500
From: Victor Duchovni <Victor.Duchovni at MorganStanley.com>
To: cryptography at metzdowd.com
Subject: X.509 Phishing license


The phishers are launching sophisticated attacks on less known (to the
X.509 CAs) financial institutions...

http://blog.washingtonpost.com/securityfix/2006/02/the_new_face_of_phishing_1.html

     ...
     This one -- targeting the tiny Mountain America credit union in Salt
     Lake City, Utah

     ...
     Geotrust's cert verification process is largely automated: when
     someone requests a cert for a particular site, the company sends an
     e-mail to the address included in the Web site's registrar records,
     along with a special code that the recipient needs to phone in to
     complete the process.

     ... [Geotrust] doubted that inserting a human into that process
     would have flagged the account as suspicious.

-- 

  /"\ ASCII RIBBON                  NOTICE: If received in error,
  \ / CAMPAIGN     Victor Duchovni  please destroy and notify
   X AGAINST       IT Security,     sender. Sender does not waive
  / \ HTML MAIL    Morgan Stanley   confidentiality or privilege,
                                    and use is prohibited.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the PLUG mailing list