Thread: Link to a website with a faked SSL Certificate
Hello, I would like to get the slides from the Postgres Open Talks 2011 Wiki Page but if I click on the link to the slides "Migration to PostgreSQL - preparation and methodology" Firefox warns for a suspect SSL certificate. A collegue accepted the SSL certificate an got a trojan virus on his windows pc. Please check the link before more people get problems with it. Thank you very much for your great work. Thomas Oftring
On 09/21/2011 09:12 PM, Thomas Oftring wrote: > Hello, > > I would like to get the slides from the Postgres Open Talks 2011 Wiki > Page but if I click on the link to the slides "Migration to PostgreSQL > - preparation and methodology" Firefox warns for a suspect SSL > certificate. A collegue accepted the SSL certificate an got a trojan > virus on his windows pc. > > Please check the link before more people get problems with it. I'm not sure what you are actually referring to - the link for that particular presentation is not to a https site. However the server in the url IS actually supporting HTTPS (using a self signed cert) but I can't see a way at all how your collegue might have gotten a trojan from that server. Are you really sure that your collegue got infected from clicking the link to the url http://bunsen.credativ.com/~jco/2011/migrating.pdf or is that mostly based on the theory "the unknown cert was the only odd thing that happened that day so it must have been that page? Stefan
On 09/22/2011 01:40 AM, Stefan Kaltenbrunner wrote: > I'm not sure what you are actually referring to - the link for that > particular presentation is not to a https site. > However the server in the url IS actually supporting HTTPS (using a self > signed cert) but I can't see a way at all how your collegue might have > gotten a trojan from that server. > I've found several paths through that site that do kick up an SSL error someone might have stumbled on. Going to http://bunsen.credativ.com/~jco/2011/ pulls up directory browsing, and I'm getting an invalid certificate error from there. It appears to be coming from the image files; http://bunsen.credativ.com/icons/back.gif for example gives an error too, even though that isn't a HTTPS URL. But there's no fancy scripting that could install a trojan on any part of the site I just inspected. The only way I could imagine there's a problem is if the PDF contained malicious code, exploiting one of the Acrobat vulnerabilities. I've gotten Windows systems infected via that route before, when someone wasn't keeping up with security updates for Acrobat. I just tried this out myself on a sacrificial Windows VM, and I didn't see any problems with this file though. Given that the slide were produced with Latex Beamer and probably generated on a UNIX-ish system, that seems pretty unlikely too. -- Greg Smith 2ndQuadrant US greg@2ndQuadrant.com Baltimore, MD PostgreSQL Training, Services, and 24x7 Support www.2ndQuadrant.us