OT - [Dshield] Email and Websites Impersonating eBay

Al Reust areust at comcast.net
Sun Oct 19 03:14:20 GMT 2003


Hello All

So this is part of the Education!

As I look at various things I saw my reply and John Sage's. I so I see two 
quick approaches one was from the browser that I opened the link. After 
verifying the link was not going somewhere that did not have the proper 
name in the status bar. I used the Browser to quickly tell me, what I 
wanted about the validity of the certificate. John on the other hand opened 
a Shell and started diggin for dirt! He struck gold. he probably spent the 
same 3 minutes that I did with complete results.

Both are valid approaches. I do have to say that my approach did not yield 
the complete information about Matt and Sans. It showed the Certificate was 
valid, If I look under Internet Options, I have to go find the Trusted Root 
Certificate that belongs to EquiFax. That is accomplished by right clicking 
on the Internet Explorer Icon and then Properties. Content Tab and then 
Certificates. Select, Trusted Root and scroll down to find EquiFax.

My approach would be what you would tell your "windows" users how to do. 
The other is the SysAdmin wondering what is wrong and going to find out. In 
the Win32 environment you can preform the same steps that John did. That 
would be the next challenge...

I did take a bit of time go to EquiFax and found that they were bought out 
by Geotrust and the interface to get a SSL Certificate was not cheap or 
easy to obtain. There was no plunk down money here and here is your SSL 
Certificate.

Thank You John for telling them How! Now the have to figure out what tools 
are needed LOL..

R/

Al




More information about the list mailing list