Full Disclosure: Re: Western Union Certificate Error

[Valdis.Kletnieks () vt edu]

On Wed, 07 Sep 2011 21:40:54 +0700, JT S said:

> I recently got this error "You attempted to reach
> www.westernunion.com, but instead you actually reached a server
> identifying itself as wumt.westernunion.com. This may be caused by a
> misconfiguration on the server or by something more serious.
Now, if the server had a cert that said 'www.net-pirates.ru', it would be
a pretty easy guess what the problem was.  However, both the intended
destination and the server claim to be in westerunion.com, which limits
*slightly* the number of different things that could have gone wrong.

So the question is:  which is more likely, that you got hit by a DNS hijack
for www.westernunion.com that sent you to some other server that had a
malicious cert for the wrong hostname, or that WU's infrastructure is messed up
and they installed certs on the wrong machines?

Hint: It's probably the second - most black hats clued enough to do the DNS
hijack part of it are also clued enough to do their homework and make sure the
cert matches the hijacked address. :)

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/