Re: Link to a website with a faked SSL Certificate

On 09/22/2011 01:40 AM, Stefan Kaltenbrunner wrote:
> I'm not sure what you are actually referring to - the link for that
> particular presentation is not to a https site.
> However the server in the url IS actually supporting HTTPS (using a self
> signed cert) but I can't see a way at all how your collegue might have
> gotten a trojan from that server.
>

I've found several paths through that site that do kick up an SSL error
someone might have stumbled on. Going to
http://bunsen.credativ.com/~jco/2011/ pulls up directory browsing, and
I'm getting an invalid certificate error from there. It appears to be
coming from the image files; http://bunsen.credativ.com/icons/back.gif
for example gives an error too, even though that isn't a HTTPS URL.

But there's no fancy scripting that could install a trojan on any part
of the site I just inspected. The only way I could imagine there's a
problem is if the PDF contained malicious code, exploiting one of the
Acrobat vulnerabilities. I've gotten Windows systems infected via that
route before, when someone wasn't keeping up with security updates for
Acrobat. I just tried this out myself on a sacrificial Windows VM, and
I didn't see any problems with this file though. Given that the slide
were produced with Latex Beamer and probably generated on a UNIX-ish
system, that seems pretty unlikely too.

--
Greg Smith 2ndQuadrant US greg(at)2ndQuadrant(dot)com Baltimore, MD
PostgreSQL Training, Services, and 24x7 Support www.2ndQuadrant.us