* Posts by James Troutman

1 publicly visible post • joined 6 Dec 2008

New trojan in mass DNS hijack

James Troutman

SSL certs don't work that way

SSL certs care only about domain names, not IP addresses.

If have a spoofed DNS server that points you to a different webserver IP than the real one, if your browser DNS matches the SSL cert name given by the webserver , it will be fine -- no warning by you browser, unless your browser is doing additional checks to compare to a registry of known SSL web server IPs.

The whole point of the web of trust around getting an SSL cert is supposed to prevent fraud in obtaining SSL certs for a site. But now there are many cheap SSL cert providers that don't really do much of anything for verification before issuing a cert. So fraud is quite possible, even with a seemingly valid SSL cert, if your DNS server cannot be trusted.

This white paper explains the issue: http://www.us.kpmg.com/RutUS_prod/Documents/12/DC80502.pdf