[Cryptography] Senate Judiciary "Going Dark" https site is untrusted!

Tom Mitchell mitch at niftyegg.com
Wed Jul 8 19:06:17 EDT 2015

On Wed, Jul 8, 2015 at 11:50 AM, Jerry Leichter <leichter at lrw.com> wrote:

> On Jul 8, 2015, at 11:18 AM, Henry Baker <hbaker1 at pipeline.com> wrote:
> > The Senate Judiciary Committee .... their own HTTPS web site is
> "Untrusted" by Firefox!
> >
> > Isn't this the very definition of "delicious irony" ?
> >
> > "This Connection is Untrusted"...
> Just to save others the trouble:  It's untrusted because the cert is for "
> senate.gov" so the names don't match.  Typical mis-configuration issue
> (but, agreed, delicious irony).

A mis configuration like this is ironic OR symptomatic that senate.gov
certificates were hacked.

Given that this is a 50:50 symptom of serious illegal activity or
it almost makes sense to report this to the DHS/FBI/TLA.

If their site uses senate.gov certs then they also have the secret key to a
group they are not
or are not authorized.  This might be a man in the middle bandwidth service
management director
or a man in the middle attack.

I also attempted to connect to https://www.senate.gov/ and recieved an
error that https cannot
be processed.   That is an additional red flag.

Someone might take a slingshot to that hornets nest.
But looking at it the symptom has changed -- perhaps someone is trying to
fix it or
google has noted the issue and is making it hard to connect in their own

  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150708/fe6bd7a3/attachment.html>

More information about the cryptography mailing list