Full Disclosure mailing list archives

Re: Western Union Certificate Error

From: Gage Bystrom <themadichib0d () gmail com>
Date: Thu, 8 Sep 2011 14:07:30 -0700

Comodo got hacked awhile back and mass certificates compromised,
judging by that certificate you probably encountered one of the stolen
ones.

On Wed, Sep 7, 2011 at 7:40 AM, JT S <whytehorse () gmail com> wrote:

I recently got this error "You attempted to reach
www.westernunion.com, but instead you actually reached a server
identifying itself as wumt.westernunion.com. This may be caused by a
misconfiguration on the server or by something more serious. An
attacker on your network could be trying to get you to visit a fake
(and potentially harmful) version of www.westernunion.com. You should
not proceed."
Attached is a screenshot of the error and certificate info. SHA-256=9F
26 1E 37 F3 6A 34 88 AD 65 54 88 E0 5C 8A 13
C6 69 D4 FE 2A 25 0F DA 2C 51 13 1E 08 F8 DA 6F

Cert was issued by Comodo

A google of the SHA comes up with ICANN but other sites come up with
nothing... And then I read from comodo themselves they got breached
and fraudulent certs were issued...
http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html


CONFIDENTIALITY NOTICE This E-Mail transmission (and/or the documents
accompanying it) is for the sole use of the intended recipient(s) and
may contain information protected by the attorney-client privilege,
the attorney-work-product doctrine or other applicable privileges or
confidentiality laws or regulations. If you are not an intended
recipient, you may not review, use, copy, disclose or distribute this
message or any of the information contained in this message to anyone.
If you are not the intended recipient, please contact the sender by
reply e-mail and destroy all copies of this message and any
attachments.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Western Union Certificate Error JT S (Sep 08)
- Re: Western Union Certificate Error adam (Sep 08)
- Re: Western Union Certificate Error Gage Bystrom (Sep 08)
- Re: Western Union Certificate Error Valdis . Kletnieks (Sep 08)
- Re: Western Union Certificate Error Andrew Farmer (Sep 08)
  - Re: Western Union Certificate Error Valdis . Kletnieks (Sep 08)
    - Re: Western Union Certificate Error coderman (Sep 08)
    - Re: Western Union Certificate Error JT S (Sep 09)
    - Re: Western Union Certificate Error Valdis . Kletnieks (Sep 09)
    - Re: Western Union Certificate Error JT S (Sep 10)
    - Re: Western Union Certificate Error Valdis . Kletnieks (Sep 10)
    - Re: Western Union Certificate Error JT S (Sep 10)
    - Re: Western Union Certificate Error Valdis . Kletnieks (Sep 10)

(Thread continues...)