MITM 24/7 How can get rid of him - Browser ssl security fails
I guys,
due to financial information I do daily to avoid that people could be scammed I'm continuosly under MITM attack i.e. when I try to connect to plurk.com instead of the true certificate $ openssl s_client -servername *.plurk.com -connect plurk.com:443 | openssl x509 -fingerprint -noout depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority verify return:1 depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA verify return:1 depth=0 OU = Domain Control Validated, OU = PositiveSSL Wildcard, CN = *.plurk.com verify return:1 SHA1 Fingerprint=B1:2B:73:69:E9:59:D1:AC:F6:C5:37:5B:DE:2A:0D:2A:F7:E5:BF:05 checked also with a third party site B1:2B:73:69:E9:59:D1:AC:F6:C5:37:5B:DE:2A:0D:2A:F7:E5:BF:05 GRC returned fingerprint I receive a fake certificate 1B:9D:F5:BA:B5:D8:57:1D:1F:78:8E:EA:48:16:83:24:B3:F5:B3:4F fake fingerprint receveid Firefox accept to connect to the attacker not considering that certificate is fake also if Query with OCSP responder servers is enabled. Palemoon instead correctly shows the warning that site is untrusted. Is there a way to get rid of the man in the middle and connect to the real site? Many thank to everyone for the support. |
I think that's in your firefox preferences. I got the main site with openssl:
Code:
SHA1 Fingerprint=B1:2B:73:69:E9:59:D1:AC:F6:C5:37:5B:DE:2A:0D:2A:F7:E5:BF:05 My guess is that you fell for the MITM attack at least once, and firefox thinks the cert is ok. ~/.cache/mozilla/firefox/… /… / has a directory 'safebrowsing' which might be worth deleting, or deleting files out of. Setting to zero length is probably better than deleting, done by '> somefile' |
Quote:
How about explaining why you are under '24/7 MITM attacks', and what your evidence is of that? |
Quote:
They spoof an Amazon_Root_CA_1 certificate I don't know why also with OCSP check enabled firefox believes for true a fake certificate. And at the moment they spoof only plurk and marketwatch.com other sites so as investing.com show a not spoofed certificate. I'm not so boob to accept a fake certificate. Quote:
It's the only social where I can post, they kicked me out of Twitter in September 2015 and every time I try to create a new twitter user obviously with another mail and username suddenly at first login the lock me again so I have to stay on plurk. Quote:
The weird thing is that also querying OCSP server firefox accepts the certificate with the fake fingerprint, Palemoon instead with OCSP server query enabled correctly shows the warning that site is spoofed. Mozilla uses binary files in safebrowsing directory also using hexdump is a little bit hard to understand the meaning of the content. Anyway I tried to empty safebrowsing directory and visit the site again but the fake certificate is always anyway accepted by firefox. IMHO firefox sucks as security. :( |
Quote:
I didn't think a so radical solution but it worths a try. Quote:
I'm not a fortune teller simply they are so unfits that they act since 1907 in the same way to screw boobs. Stock market is a pump 'n' dump scam if you are not able to read a balance sheet it's better if you stay far away from stock market, analysts are mostly paid liars who help financial elite to pluck turkeys i.e. Jefferies who stated a target price for Tesla shares of 450$ in December last year justifying it with increasing sales. Tesla sales are collapsing ever more since January this year. And also at actual price around 230$ is fake lifted cause the real value is around 26$/share. Stock market are a slot machine, the real value of a stock is the Book Value Per Share as of balance sheet all the rest is vanishing float, if turkeys will no longer peck stock market value will sink suddenly. On stock market never buy after the rose as all the turkeys do, you should already own the stock before and sell at the top of the rose. [removed] They started with ddos to my pc to saturate hard disk space due to firewall log file growth, I disabled firewall logging, problem solved. To avoid privilege escalation I uninstalled sudo and gksu, now to shutdown my machine you should be physically in front of the machine. I thought to be sure enough but Mitnick is always right, the only computer really safe is a computer turned off stored in a vault. Even if I've a kernel patched against the latest known vulnerabilities they have found a way to cause an emergency shutdown remotely overloding the CPU, this cause an overheating and pc goes immediately in emergency shutdown but, unfortunately for them, I tested that the trick works only in summer, with a room temperature up to 75.2°F you hear the fan running continuosly at the maximum speed but they are not able to reach their purpose. Is this enough? Btw. also Crypto fake coins are a pump 'n' dump elite scam to grab the real money they can no longer print farts covered. |
Quote:
Again: what is your EVIDENCE?? You disable firewall logs, so nothing there. You claim that 'they' can overheat your CPU...what's your evidence that 'they' are doing it, versus a race condition in a program, or just a dirty fan? |
How come I'm subscribed to this thread? Oh yeah, I tried to help some 4 or 5 posts back but was ignored.
I'm inclined to read as far as the first curse word. I did that and you hadn't got to linux by then. I'll unsubscribe. You'd have made a fortune in 1929. :rolleyes: |
Closing this thread as off-topic. Note that swearing is not permitted at LQ.
--jeremy |
All times are GMT -5. The time now is 01:08 AM. |