[Dshield] betaplace.com

Johannes B. Ullrich jullrich at sans.org
Sat Dec 6 02:07:16 GMT 2003


-------
Preamble: This is a very confusion issue. In order to avoid more
confusion, I am sending this post ahead of other replies. I usually
don't hold other posts back. But I would like to avoid confusion.
All other posts, if they agree or not, will be approved shortly.
--------


'www.betaplace.com' is an authentic site operated by Microsoft.

However, I agree that it is confusing. The 'https' version is using an
SSL certificate, which is signed by
"Microsoft Secure Server Authority". My browser
(Mozilla), does not include this as a trusted certificate.

The evidence that tipped me off that it may be a valid Microsoft site
was whois information. A colleague pointed out, that 'bataplace.com'
uses Microsoft name servers. Another piece of evidence that this site is
legit.

A word about 'https' and SSL.
(this is very brief and incomplete. if someone knows a good url, please
post)

SSL is based on hierarchic "trust". Your browser includes a number of
trusted certificates. Usually about a dozen. These include well known
companies like Verisign, Globaltrust, Thawte and such, which are in the
business of signing SSL certificates.

If you run a secure web site, you generate a certificate, and send it to
one of these companies to have it signed. The companies will check that
you are authorized to have this certificate and will sign it if they
think it is correct.

Microsoft decided to ship its own certificate with Internet Explorer,
in addition with the standard certificates (Verisign...). Microsoft
can use this for sites which they only need to authorize to
Internet Explorer users.

I think for all other purposes, Microsoft uses one of the regular
companies to have its certificates signed.

 

-- 
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 786 1563            
  fax: (617) 786 1550                          jullrich at sans.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20031205/f7ca4180/attachment.bin


More information about the list mailing list