[Cryptography] Senate Judiciary "Going Dark" https site is untrusted!
mitch at niftyegg.com
Wed Jul 8 19:06:17 EDT 2015
On Wed, Jul 8, 2015 at 11:50 AM, Jerry Leichter <leichter at lrw.com> wrote:
> On Jul 8, 2015, at 11:18 AM, Henry Baker <hbaker1 at pipeline.com> wrote:
> > The Senate Judiciary Committee .... their own HTTPS web site is
> "Untrusted" by Firefox!
> > Isn't this the very definition of "delicious irony" ?
> > "This Connection is Untrusted"...
> Just to save others the trouble: It's untrusted because the cert is for "
> senate.gov" so the names don't match. Typical mis-configuration issue
> (but, agreed, delicious irony).
A mis configuration like this is ironic OR symptomatic that senate.gov
certificates were hacked.
Given that this is a 50:50 symptom of serious illegal activity or
it almost makes sense to report this to the DHS/FBI/TLA.
If their site uses senate.gov certs then they also have the secret key to a
group they are not
or are not authorized. This might be a man in the middle bandwidth service
or a man in the middle attack.
I also attempted to connect to https://www.senate.gov/ and recieved an
error that https cannot
be processed. That is an additional red flag.
Someone might take a slingshot to that hornets nest.
But looking at it the symptom has changed -- perhaps someone is trying to
fix it or
google has noted the issue and is making it hard to connect in their own
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography