X.509 Phishing license

Jason Holt jason at lunkwill.org
Tue Feb 14 12:08:49 MST 2006

I didn't realize that this was happening in our neighborhood.  Looks like 
phishers are getting valid certs for the domains they attack.


---------- Forwarded message ----------
Date: Tue, 14 Feb 2006 00:29:59 -0500
From: Victor Duchovni <Victor.Duchovni at MorganStanley.com>
To: cryptography at metzdowd.com
Subject: X.509 Phishing license

The phishers are launching sophisticated attacks on less known (to the
X.509 CAs) financial institutions...


     This one -- targeting the tiny Mountain America credit union in Salt
     Lake City, Utah

     Geotrust's cert verification process is largely automated: when
     someone requests a cert for a particular site, the company sends an
     e-mail to the address included in the Web site's registrar records,
     along with a special code that the recipient needs to phone in to
     complete the process.

     ... [Geotrust] doubted that inserting a human into that process
     would have flagged the account as suspicious.


  /"\ ASCII RIBBON                  NOTICE: If received in error,
  \ / CAMPAIGN     Victor Duchovni  please destroy and notify
   X AGAINST       IT Security,     sender. Sender does not waive
  / \ HTML MAIL    Morgan Stanley   confidentiality or privilege,
                                    and use is prohibited.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the PLUG mailing list