Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: https MITM attack via user page
Special Forums Cybersecurity https MITM attack via user page Post 302523359 by GSO on Wednesday 18th of May 2011 03:39:48 PM
Old 05-18-2011
Just surfaced, a hack seems to start with the encrypted page contains unencrypted content warning popping up, but sometime after the page loaded (i.e., randomly). E.g., this has happened just now: the warning error, followed by the keyboard missing letters as I typed into the FF search box or text boxes on the webpage (this is a standard hack for FF). (Reminder, SL6, baremetal X install, FF running in a SELinux sandbox, firewall closed accept to allow a udp encrypted vpn connection).
 

5 More Discussions You Might Find Interesting

1. Web Development

HTTPS-Home Page issue.

Hi Folks, This might be a very question,but i have not been able to find the solution. While accessing http://16.138.32.128/ in my LAN, i am able to read the index.html placed in DocumentRoot(/var/www/html). However if i tab in https://xx.xx.xx.xx/ ,i am only able to access the default... (0 Replies)
Discussion started by: Hari_Ganesh
0 Replies

2. What is on Your Mind?

Fedora Man Pages Reported Attack Page?

Is firefox complaining to anyone else that this is a Reported Attack Page!? I have used this site a million times and now it feels like complaining. Fedora Manpages: Home (5 Replies)
Discussion started by: cokedude
5 Replies

3. Shell Programming and Scripting

help pulling ${VARS} out of a web page user curl

Here is the code I have so far #!/bin/bash INFOF="/tmp/mac.info" curl --silent http://www.everymac.com/systems/apple/macbook_pro/specs/macbook-pro-core-2-duo-2.8-aluminum-17-mid-2009-unibody-specs.html "$INFOF" I want help putting these specs into a vars Standard Ram: value into $VAR1... (1 Reply)
Discussion started by: briandanielz
1 Replies

4. UNIX for Dummies Questions & Answers

How to switch the user before executing a shell script from web page??

hi, i want to execute a shell script as a different user. the flow is like this. there is a html web page from which i have to call a shell script. web server is apache. to call the shell script from html page, a perl script is required. so the html page calls the perl script and the perl... (2 Replies)
Discussion started by: Little
2 Replies

5. Solaris

Need suggestion:- Failed HTTPS transfer to https://supportfiles.sun.com/curl

Hi Guys, I have recently started reciving below Error message Failed HTTPS transfer to https://supportfiles.sun.com/curl whenever I run /usr/local/bin/sudo /opt/SUNWexplo/bin/explorer -P -q -v from all Servers. Looks like the SSL certificate as Expired. Whenever I type... (4 Replies)
Discussion started by: manalisharmabe
4 Replies

LEARN ABOUT DEBIAN

grid-cert-diagnostics

GRID-CERT-DIAGNOST(1)						  Globus Commands					     GRID-CERT-DIAGNOST(1)

NAME

       grid-cert-diagnostics - Print diagnostic information about certificates and keys

SYNOPSIS

       grid-cert-diagnostics [-h] | [-help]  [-p] [-n] [-c CERTIFICATE]

DESCRIPTION

       The grid-cert-diagnostics program displays information about the current user's security environment, including information about
       security-related environment variables, security directory search path, personal key and certificates, and trusted certificates. It is
       intended to provide information to help diagnose problems using GSIC.

       By default, grid-cert-diagnostics prints out information regarding the environment and trusted certificate directory. If the -p
       command-line option is used, then additional information about the current user's default certificate and key will be printed.

       The full set of command-line options to grid-cert-diagnostics consists of:

       -h, -help
	   Display a help message and exit.

       -p
	   Display information about the personal certificate and key that is the current user's default credential.

       -n
	   Check time synchronization with the ntpdate command.

       -c CERTIFICATE, -c -
	   Check the validity of the certificate in the file named by CERTIFICATE or standard input if the parameter to -c is -.

EXAMPLES

       In this example, we see the default mode of checking the default security environment for the system, without processing the user's key and
       certificate. Note the user receives a warning about a cog.properties and about an expired CA certificate.

	   % grid-cert-diagnostics

	   Checking Environment Variables
	   ==============================
	   Checking if X509_CERT_DIR is set... no
	   Checking if X509_USER_CERT is set... no
	   Checking if X509_USER_KEY is set... no
	   Checking if X509_USER_PROXY is set... no

	   Checking Security Directories
	   =======================
	   Determining trusted cert path... /etc/grid-security/certificates
	   Checking for cog.properties... found
	       WARNING: If the cog.properties file contains security properties,
			Java apps will ignore the security paths described in the GSI
			documentation

	   Checking trusted certificates...
	   ================================
	   Getting trusted certificate list...
	   Checking CA file /etc/grid-security/certificates/1c4f4c48.0... ok
	   Verifying certificate chain for "/etc/grid-security/certificates/1c3f2ca8.0"... ok
	   Checking CA file /etc/grid-security/certificates/9d8788eb.0... ok
	   Verifying certificate chain for "/etc/grid-security/certificates/9d8753eb.0"... failed
	       globus_credential: Error verifying credential: Failed to verify credential
	       globus_gsi_callback_module: Could not verify credential
	       globus_gsi_callback_module: The certificate has expired:
	       Credential with subject: /DC=org/DC=example/OU=grid/CN=CA has expired.

       In this example, we show a user with a mismatched private key and certificate:

	   % grid-cert-diagnostics -p

	   Checking Environment Variables
	   ==============================
	   Checking if X509_CERT_DIR is set... no
	   Checking if X509_USER_CERT is set... no
	   Checking if X509_USER_KEY is set... no
	   Checking if X509_USER_PROXY is set... no

	   Checking Security Directories
	   =======================
	   Determining trusted cert path... /etc/grid-security/certificates
	   Checking for cog.properties... not found

	   Checking Default Credentials
	   ==============================
	   Determining certificate and key file names... ok
	   Certificate Path: "/home/juser/.globus/usercert.pem"
	   Key Path: "/home/juser/.globus/userkey.pem"
	   Reading certificate... ok
	   Reading private key...
	   ok
	   Checking Certificate Subject...
	   "/O=Grid/OU=Example/OU=User/CN=Joe User"
	   Checking cert... ok
	   Checking key... ok
	   Checking that certificate contains an RSA key... ok
	   Checking that private key is an RSA key... ok
	   Checking that public and private keys have the same modulus... failed
	   Private key modulus: D294849E37F048C3B5ACEEF2CCDF97D88B679C361E29D5CB5
	   219C3E948F3E530CFC609489759E1D751F0ACFF0515A614276A0F4C11A57D92D7165B8
	   FA64E3140155DE448D45C182F4657DA13EDA288423F5B9D169DFF3822EFD81EB2E6403
	   CE3CB4CCF96B65284D92592BB1673A18354DA241B9AFD7F494E54F63A93E15DCAE2
	   Public key modulus : C002C7B329B13BFA87BAF214EACE3DC3D490165ACEB791790
	   600708C544175D9193C9BAC5AED03B7CB49BB6AE6D29B7E635FAC751E9A6D1CEA98022
	   6F1B63002902D6623A319E4682E7BFB0968DCE962CF218AAD95FAAD6A0BA5C42AA9AAF
	   7FDD32B37C6E2B2FF0E311310AA55FFB9EAFDF5B995C7D9EEAD8D5D81F3531E0AE5
	   Certificate and and private key don't match

AUTHOR

       University of Chicago

Globus Toolkit 5.0.2						    04/25/2011						     GRID-CERT-DIAGNOST(1)
All times are GMT -4. The time now is 03:09 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy