Comments for Andreas Baumhof http://www.tidos-group.com/blog malware research, IT Security and life in general :-) Wed, 15 Jan 2014 03:13:55 +0000 hourly 1 https://wordpress.org/?v=3.9.40 Comment on Wow what a certificate (verified.cm) – CA’s completely broken by Daniel Brandt http://www.tidos-group.com/blog/2014/01/14/wow-what-a-certificate-verified-cm-cas-completely-broken/#comment-229595 Wed, 15 Jan 2014 03:13:55 +0000 http://www.tidos-group.com/blog/?p=515#comment-229595 For information on CloudFlare certs issued by GlobalSign, check out this page:
http://www.cloudflare-watch.org/cfssl.html

We just scanned port 443 on 400,000 domains that use CloudFlare’s name servers, and collected the Subject Alt Names on all the certs that came back. That gave us about 22,200 Alt Names (not counting the subdomain wildcard listings, which would double that number) on 1,818 certificates. Their Alt Names bookkeeping is a little sloppy (there is old data in many of them), but these are valid certs from GlobalSign. It’s their way of making money off of the cloud-computing fad. Whether it’s the right thing for a certificate authority to do is another question. (Incapsula also uses GlobalSign to do the same thing.)

Having said that, at least GlobalSign did the right thing when I complained to them that CloudFlare was supporting the Target heist by providing services to four sites that are marketing the stolen cerdit card data. GlobalSign pulled the certs on those four sites. CloudFlare, meanwhile, is still doing it via http, even though the https doesn’t work. For that story, see http://www.cloudflare-watch.com/target.html

]]> Comment on mobile browsers user interface vs. security by abaumhof http://www.tidos-group.com/blog/2011/06/08/mobile-browsers-user-interface-vs-security/#comment-109 Wed, 08 Jun 2011 03:27:09 +0000 http://www.tidos-group.com/blog/?p=329#comment-109 hat tip from Nick: As the SSL certificate itself is correct, the current theory is that facebook doesn’t provide all intermediate certificate authorities as part of the SSL handshake. If they are not in the system (which they are not for Apple Mac’s, so most likely they are not for iOS as well), the system tried to retrieves them from the internet. As the requests have been done over 3G in the train, these requests might have timed out, producing this error message.

]]> Comment on Carberp – a new Trojan in the making by Carberp Trojan – New Virus, Malware Targets Banks, Finance Frauds http://www.tidos-group.com/blog/2010/10/06/carberp-%e2%80%93-a-new-trojan-in-the-making/#comment-92 Sun, 24 Oct 2010 13:04:39 +0000 http://www.trustdefender.com/blog/?p=268#comment-92 [...] Andreas Baumhof, co-founder and chief technology officer of secure banking authentication firm TrustDefender. He said the Trojan is as yet unknown to the big antivirus [...]

]]> Comment on Carberp – a new Trojan in the making by Carberp: Quietly replacing Zeus as the financial malware of choice | IT Security | TechRepublic.com http://www.tidos-group.com/blog/2010/10/06/carberp-%e2%80%93-a-new-trojan-in-the-making/#comment-86 Mon, 18 Oct 2010 19:40:10 +0000 http://www.trustdefender.com/blog/?p=268#comment-86 [...] I would be remiss if I did not give credit to TrustDefender.com for their comprehensive report about Carberp. [...]

]]> Comment on Quick update to Carberp by Carberp: Quietly replacing Zeus as the financial malware of choice | IT Security | TechRepublic.com http://www.tidos-group.com/blog/2010/10/07/quick-update-to-carberp/#comment-105 Mon, 18 Oct 2010 19:33:42 +0000 http://www.trustdefender.com/blog/?p=288#comment-105 [...] malware’s targeted attacks are only successful against Internet Explorer and FireFox. Chrome so far is impervious to targeted attack, because Carberp uses web-browser [...]

]]> Comment on Carberp – a new Trojan in the making by CARBERP Trojan Steals Information http://www.tidos-group.com/blog/2010/10/06/carberp-%e2%80%93-a-new-trojan-in-the-making/#comment-83 Fri, 15 Oct 2010 08:31:28 +0000 http://www.trustdefender.com/blog/?p=268#comment-83 [...] spyware silently but successfully entered the cybercrime scene. CARBERP, as indicated in initial reports, is a new Trojan family that might have been created to challenge the already dominant [...]

]]> Comment on Carberp – a new Trojan in the making by CARBERP Trojan Steals Information | Loan ToolZ http://www.tidos-group.com/blog/2010/10/06/carberp-%e2%80%93-a-new-trojan-in-the-making/#comment-82 Thu, 14 Oct 2010 23:04:42 +0000 http://www.trustdefender.com/blog/?p=268#comment-82 [...] spyware silently but successfully entered the cybercrime scene. CARBERP, as indicated in initial reports, is a new Trojan family that might have been created to challenge the already dominant [...]

]]> Comment on Carberp – a new Trojan in the making by Nuevo conjunto de amenazas destrona a Zeus - Foro Spyware http://www.tidos-group.com/blog/2010/10/06/carberp-%e2%80%93-a-new-trojan-in-the-making/#comment-81 Wed, 13 Oct 2010 16:46:38 +0000 http://www.trustdefender.com/blog/?p=268#comment-81 [...] [...]

]]> Comment on Carberp – a new Trojan in the making by Nuevo conjunto de amenazas destrona a Zeus - Foro Windows http://www.tidos-group.com/blog/2010/10/06/carberp-%e2%80%93-a-new-trojan-in-the-making/#comment-80 Wed, 13 Oct 2010 16:21:19 +0000 http://www.trustdefender.com/blog/?p=268#comment-80 [...] [...]

]]> Comment on Quick update to Carberp by Carberp Trojan Next Zeus? « MadMark's Blog http://www.tidos-group.com/blog/2010/10/07/quick-update-to-carberp/#comment-104 Tue, 12 Oct 2010 16:14:43 +0000 http://www.trustdefender.com/blog/?p=288#comment-104 [...] TrustDefender [...]

]]>