Re: Link to a website with a faked SSL Certificate
| От | Greg Smith |
|---|---|
| Тема | Re: Link to a website with a faked SSL Certificate |
| Дата | |
| Msg-id | 4E7B9B7D.2070105@2ndQuadrant.com обсуждение исходный текст |
| Ответ на | Re: Link to a website with a faked SSL Certificate (Stefan Kaltenbrunner <stefan@kaltenbrunner.cc>) |
| Список | pgsql-www |
On 09/22/2011 01:40 AM, Stefan Kaltenbrunner wrote: > I'm not sure what you are actually referring to - the link for that > particular presentation is not to a https site. > However the server in the url IS actually supporting HTTPS (using a self > signed cert) but I can't see a way at all how your collegue might have > gotten a trojan from that server. > I've found several paths through that site that do kick up an SSL error someone might have stumbled on. Going to http://bunsen.credativ.com/~jco/2011/ pulls up directory browsing, and I'm getting an invalid certificate error from there. It appears to be coming from the image files; http://bunsen.credativ.com/icons/back.gif for example gives an error too, even though that isn't a HTTPS URL. But there's no fancy scripting that could install a trojan on any part of the site I just inspected. The only way I could imagine there's a problem is if the PDF contained malicious code, exploiting one of the Acrobat vulnerabilities. I've gotten Windows systems infected via that route before, when someone wasn't keeping up with security updates for Acrobat. I just tried this out myself on a sacrificial Windows VM, and I didn't see any problems with this file though. Given that the slide were produced with Latex Beamer and probably generated on a UNIX-ish system, that seems pretty unlikely too. -- Greg Smith 2ndQuadrant US greg@2ndQuadrant.com Baltimore, MD PostgreSQL Training, Services, and 24x7 Support www.2ndQuadrant.us
В списке pgsql-www по дате отправления: