On 10/19/20 11:27 AM, Andrei Borzenkov wrote:
19.10.2020 20:07, Carlos E. R. пишет:
On 19/10/2020 18.34, Lew Wolfgang wrote:
I believe that MITM interference can be detected by looking at a web site's certificate fingerprint. This link explains:
https://www.grc.com/fingerprints.htm
For example, if you visit that site, you can confirm that it's cert fingerprint is 7A:85:1C:F0:F6:9F:D0:CC:EA:EA:9A:88:01:96:BF:79:8C:E1:A8:33
If it's not, you're looking at that site through a MITM. Thanks, I did not know this.
To check this, go to a page in the list, say <https://www.facebook.com/>, which has fingerprint "14:54:7C:59:19:45:DD:42:40:C2:F6:5E:AC:A1:17:B7:20:F9:C4:38".
Right click (firefox) on empty area of the page, to get "Page Info". Click on tab "security". Click on view certificate. Searching for "C4:38" should find the string - I don't. The SHA-1 I get is "D9:8F:D8:BB:5D:98:AA:06:03:50:50:AC:07:82:6C:2B:D0:1C:EB:9A"
99.999% of information in Internet is valid only under very specific boundary conditions which are never described, mostly because authors are not aware of them themselves.
Look at validity period of Facebook certificate. It was generated a week ago. I doubt the page in question follows every certificate refresh (if any). And even if page is updated now, certificate will be renewed in less than three months.
The GRC site is dynamic, it obtains the current fingerprint when accessed.
paypal - fail.
It is valid certificate which was issued to www.paypal.com. Who says only one single valid certificate may exist at any given time? And who knows how specific site selects certificate to use for connection request?
I think you're correct here, Andrei. I checked others on the GRC list from a couple of different networks and found three mismatches. facebook.com, blogger.com, and yahoo.com. Maybe it can be safely said that "if" a fingerprint matches there's no MITM, but if they don't match, something else "might" be going on that's not necessarily evil. Regards, Lew -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org