Security Basics
Fake Security Certificate Jul 04 2014 06:15AM
Muhammad Saqib (devj nullj gmail com) (2 replies)
Re: Fake Security Certificate Jul 04 2014 05:23PM
Security Admin (security planetkips nl)
Actually, the one you should ask, is your helpdesk or sysadmin.

Op 4 jul. 2014, om 08:15 heeft Muhammad Saqib <devj.nullj (at) gmail (dot) com [email concealed]> het volgende geschreven:

> Hello All
> I am in a little bit of fix relating to security of my office email
> and thought to seek advice of community here.
> I work in a small company and our office email is hosted on Google. A
> few days ago, I tried to change the password of my email and instead
> of opening the usual Google page for password change, it redirected me
> to and my browser told me that the
> security certificate of this webpage cannot be trusted. nslookup
> revealed that this webpage is
> indeed hosted by the server managed by our system administrator.
> Obviously, the password change link in the Google mail has been
> redirected to this webpage by our system administrator who is also
> responsible for managing and hosting of office email on Google and has
> the rights to edit such information.
> I would like to ask:
> 1. Is this something which I should ignore and continue with my email
> as earlier?
> 2. One possible reason for system administrator to do this could be
> enabling single sign on service for the users i.e. same password for
> email and the domain log on on office computers. By collecting the
> password from the email, the system admin can save the same password
> for domain log on. However, is this excuse good enough to allow for
> such practice?
> 3. Even if it is being used for single sign on, isn't there any way
> that an application using a trusted certificate can be used for this
> purpose?
> I would greatly appreciate your expert opinion on this.
> Regards
> ------------------------------------------------------------------------

> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
> ------------------------------------------------------------------------


0? *?H?÷
 ?0?1 0 +0? *?H?÷
 ?v0?r0?Z 0
01 0 UNL10U Drenthe1
0 U Elim10U
Inekris10U Security10U
Inekris CA1%0# *?H?÷
 security (at) planetkips (dot) nl0 [email concealed]
150512135408Z01 0 UNL10U Drenthe10U
U jasper1%0# *?H?÷
 security (at) planetkips (dot) nl0 [email concealed]?"0
?ÆÜ@ûV?7¾g/æäA«H,Óãã"6Á­×±Î?ü³9`Üûæ?|ïaª &Èé?vÝó§xYÁÃWTeLnÞ°[
µÂ¡/8?=ã]?'X\¸<?¹HV;ãëÚZ?ÖÚÿ$¢Ê?·çþHÔ? l¾\`:¨Ñ??[Êçý­ÉÆ6g
KßzìA¾)MÎGpmÖWãE?FU¾ÍÑMþ?ö?^öª°TEÖ?4µ6x~ #°w×m.õ¬>? t?
? -VÇpVO¹ç¢±D¹6ô.?=Lõ4¯* §?B?`F0rVÃc ѶäØ ?Û ÒÈÆð))?_?­ùrìÊÓ\{&]»â,/Yÿ8?Oÿ?HEù?õR#EàSà/öUKT=_ø:¿ßÒÅÝ+Ù±´oÝ
±¸¨Þ gËÕç×?qR[.h±Ïz¨Ó?@??V¼O Z3ÐönÒ!\?űÎ+S]Înp ó¢Y¥*E7?aÎ?ò%3Çw´?§5?Ìmg?<{^A?ÿ¼?R?®¡<ÊD§
£ä0á0 U00 Uà0, `?H?øB
OpenSSL Generated Certificate0Uù; ÇvA_¡?9¨^Á"ý^ 0U#0?¼Ð¡ö§Yáé}LFüÁ!éÜ?0YUR0P0& $ "? $ "?
??R? ?PFÒÙf£`©¢¦û6®<¿¿÷­»u3iӏ¦#¶·6?JÜàÁvßi?£
2ï?ë?qUú½Óë ø®ºãZ?7úÁ?Lëb³túb[¶Ç3+f?N>nFG¢Q¢OQM^mæ?d¬ÃíOùÅò6¼ßl?Ø?éh]*0K]ÕòæYÝ
ɝÃ(Ɛ¶ø?»'üx^Sªí"ï?/pÔY8YF±?Çø*?Û/Úà0,eå¼?_½? ?Fzá?6ñ{}-?6?pV_
xãæ¯?n¾Ù3yé??&¶áâø?³¡?Ëroû ßÂ`OB??-¼ëm`?+Â??¹FPO&¤©q?É?ØB?ì;Ujm
?^B`ÓL5 6¶#§Ö©1?r0?n0?01 0 UNL10U Drenthe1
0 U Elim10U
Inekris10U Security10U
Inekris CA1%0# *?H?÷
 security (at) planetkips (dot) nl [email concealed]0 + ?±0 *?H?÷
 1  *?H?÷
0 *?H?÷
140704172336Z0# *?H?÷
 1?£lC0H¬^.¤eÌ/Sÿ?µ¶0¦ +?71?0?01 0 UNL10U Drenthe1
0 U Elim10U
Inekris10U Security10U
Inekris CA1%0# *?H?÷
 security (at) planetkips (dot) nl [email concealed]0¨ *?H?÷
  1? ?01 0 UNL10U Drenthe1
0 U Elim10U
Inekris10U Security10U
Inekris CA1%0# *?H?÷
 security (at) planetkips (dot) nl [email concealed]0
NÍ?]?<<Sh ýZ
ÉÅr¾DræFg¯¥:5þh?r¸öɶx¨Rk??&d¿«ÖÖÊ?g1U1*æáßXþ ?
?F*yá5oÌS??f¬x¥ËL ?dµa¿?x´~î>'Pí;=·?ßE»~?!?®ÏÀq?äÜ3-
U!îQß!ÍÇ©í¼/@Mª^XæJ=ÅtØ?B×LR?Õ?RÃâS;±JôTU ?5^îäxa¢ëëHj?JVÔY
1ã9ùj?ôá<Æ0uª?T?cÀ{ESâoÏ;â#ré+ZУ¶ c
Ù´®ÛÀ?{ù>«[ocÈÔ(¹5Ý «MÂÜÿ#Þú2ؤ

[ reply ]
RE: Fake Security Certificate Jul 04 2014 03:37PM
Dennis E. Hamilton (dennis hamilton acm org) (1 replies)
Re: Fake Security Certificate Jul 08 2014 07:51AM
Muhammad Saqib (devj nullj gmail com)


Privacy Statement
Copyright 2010, SecurityFocus