| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 117257 | 2011-04-10 02:38:00 | RaboDirect MITM attack? | somebody (208) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 1193348 | 2011-04-10 02:38:00 | The other day while logging into www.rabodirect.co.nz/ (the secure login link takes you to https:), I noticed the SSL cert did not trigger the EV features of my browser - i.e. making the address bar go green, and show the owner of the site. I immediately left the page and didn't try to log in. Today it went back to normal, showing up as RaboDirect (RABOBANK NEW ZEALAND LIMITED) with the green bar etc. etc. After logging out and going back to the page, it had gone back to how it was the other day - but now I've refreshed the page it's green again. Could this be a possible man-in-the-middle attack, or is my browser just playing up? (FF4) |
somebody (208) | ||
| 1193349 | 2011-04-10 03:31:00 | Well, using your link I got a verified SSL (even during 5 refreshes) however going to rabo's homepage and clicking secure logon I got this www.rabodirect.co.nz (yes I AM using chrome) so on chrome I can't verify much really other than as far as I can see visually there is no reason it doesn't support chrome | The Error Guy (14052) | ||
| 1193350 | 2011-04-10 03:48:00 | EDIT, Security cert failed in IE9, showed it was an SSL site but no "padlock" icon showing the SSL cert details | The Error Guy (14052) | ||
| 1193351 | 2011-04-10 07:56:00 | I've taken a look - it seems that RaboBank serves some of its SSL pages via Akamai. In order to do this, the pages are signed by Akamai's subordinate CA, rather than the root CA who issued the actual RaboBank certificate. So yeah... looks like there is a MITM, but the party doing the MITM should be Akamai, and therefore probably with RaboBank's blessing. Whois lookups of the IP involved also agree that the IP is owned by Akamai. |
Erayd (23) | ||
| 1193352 | 2011-04-10 08:14:00 | I've taken a look - it seems that RaboBank serves some of its SSL pages via Akamai. In order to do this, the pages are signed by Akamai's subordinate CA, rather than the root CA who issued the actual RaboBank certificate. So yeah... looks like there is a MITM, but the party doing the MITM should be Akamai, and therefore probably with RaboBank's blessing. Whois lookups of the IP involved also agree that the IP is owned by Akamai. Thanks Erayd. It's a little worrying though, even if it is Akamai. |
somebody (208) | ||
| 1193353 | 2011-04-10 08:50:00 | Agreed - I'd certainly prefer that Akamai not have the ability to snoop my HTTPS traffic (which having their own CA allows them to do...)! | Erayd (23) | ||
| 1193354 | 2011-04-11 02:31:00 | They won't be snooping if the certificates are issued to rabobank; only rabobank will be able to decrypt the traffic. Akamai mirrors content (eg images etc) so they load faster. |
utopian201 (6245) | ||
| 1193355 | 2011-04-11 03:15:00 | They won't be snooping if the certificates are issued to rabobank; only rabobank will be able to decrypt the traffic. Akamai mirrors content (eg images etc) so they load faster.They certainly can snoop - it doesn't matter who the 'proper' certificate is issued to, or who by. All that matters is that the traffic is passing through Akamai's servers, and Akamai runs a CA that is trusted by most browsers. This allows Akamai to transparently intercept all HTTPS traffic between the browser and RaboBank. |
Erayd (23) | ||
| 1193356 | 2011-04-11 03:41:00 | Someone should see what the bank has to say about that, I for one would be curious. | DeSade (984) | ||
| 1193357 | 2011-04-11 03:52:00 | Someone should see what the bank has to say about that, I for one would be curious.So am I... am calling them now. Edit: They were unable to find out while I was on the phone, but said they would find someone who knew the answer and have that person call me back. I'll post back in this thread again when I hear from them. |
Erayd (23) | ||
| 1 2 | |||||