| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 100392 | 2009-06-06 01:20:00 | TelstraClear Cable / Certificate Errors | Erayd (23) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 779998 | 2009-06-07 09:26:00 | that was kind of my question... is this a MITM or is some doing a sloppy end point re-driect... It's a MITM, because it was occurring on *every* SSL connection I tried to make on port 443. Whether it was TelstraClear putting a clueless monkey in charge of their proxy (who then tried to proxy secure sites), or an actual hack, I can't be certain, but my guess is a hack. Would a compromised DNS server be a possibility here Erayd? I.e. redirecting whatever secure URL to another server? This is not a possibility, for several reasons: I run my own DNS servers, and don't rely on ISP ones. Those servers show no signs of tampering that I could see. PowerDNS isn't easily vulnerable to cache poisoning. DNS wasn't being intercepted enroute, because querying it via a VPN connection returned the same results. Other providers' servers returned the same records as mine did. Other services on the same servers, but not running on port 443, were unaffected. |
Erayd (23) | ||
| 779999 | 2009-06-08 12:09:00 | For those interested, just had this occur again, for around 5 minutes, only this time Google was the only service affected. | Erayd (23) | ||
| 780000 | 2009-06-08 12:54:00 | I'd personally be on the phone to TelstraClear ASAP ... ;) | Chilling_Silence (9) | ||
| 780001 | 2009-06-08 13:16:00 | I have not had any expired certs from Telecom since my previous post. | Sweep (90) | ||
| 1 2 | |||||