1 edit |
Ellery
Member
2009-Jan-15 8:16 pm
[E-mail] Comcast Mail servers CompromisedWorking on a customers computer today I noted some oddities in the security certificate for her Email server. RTFM is a security firm that seems to specialize in SSL related systems. This is in La Fayette, GA using hostname smtp.comcast.net
Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: md5WithRSAEncryption Issuer: C=US, O=RTFM, Inc., OU=Widgets Division, CN=Test CA20010517 Validity Not Before: May 17 16:01:14 2001 GMT Not After : Dec 25 16:01:14 2006 GMT Subject: C=US, O=RTFM, Inc., OU=Widgets Division, CN=Test CA20010517 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:9a:45:f8:d3:06:ab:98:7d:3e:96:7c:03:f5:88: ec:26:14:73:65:7e:aa:5d:a7:45:af:2d:32:da:da: d9:ea:03:2c:f0:cb:f7:dc:82:8f:c0:eb:bc:4c:4e: d5:fb:73:c4:48:4b:63:23:6c:2b:f2:3b:95:f4:e9: 1b:20:f3:a6:fa:d7:79:33:cf:ba:bd:7c:88:5b:e2: 41:a3:77:21:f7:d8:b4:40:c4:df:e7:f8:d3:82:c5: be:dc:88:d5:f3:21:1d:88:67:19:16:9d:8d:58:a2: d1:bd:93:ea:d9:54:5b:b8:5e:d1:d6:9b:e0:71:a4: 6e:04:9d:30:18:ea:21:c2:7b Exponent: 65537 (0x10001) Signature Algorithm: md5WithRSAEncryption 94:07:cc:cc:28:89:57:e6:2a:3c:4d:a9:5b:cc:7f:50:91:ee: c1:72:f1:40:2f:ec:29:ff:9c:35:4e:85:6c:5a:43:6b:20:d4: 96:2a:fe:9b:97:f8:dc:a8:e0:f7:68:f8:4a:ee:a8:5a:78:e5: 3c:65:62:8b:3e:83:cf:0a:74:65:f5:6a:3e:d4:9b:6c:38:ed: ea:22:02:4f:ef:d0:65:f6:8a:0b:19:a8:62:c4:5d:af:fe:07: 9a:e6:a3:48:4a:34:2f:c1:89:65:2d:26:bf:fc:03:cf:ea:45: c7:9e:03:b4:44:84:5b:89:30:58:1d:29:00:ce:6e:a1:0d:db: 2f:54 |
|
Xyc Premium Member join:2006-06-08 Sewell, NJ 1 edit |
Xyc
Premium Member
2009-Jan-15 9:30 pm
Re: Comcast Mail servers CompromisedYou found an 8 year old expired public key certificate on a client's computer with a Common Name of "Test CA20010517" and that warrants the subject "Comcast Mail servers Compromised"?
Misinterpreted what the OP was saying. I'm guessing someone messed up updating the certs more than attack, but still concerning.
|
|
|
|
to Ellery
I just got the same warning and landed here after doing a search for CA20010517. What the hell is going on? |
|
flasic |
to Ellery
Comcast is aware of the issue. |
|
|
Ellery
Member
2009-Jan-15 10:19 pm
I intended on placing a question mark in the title, My bad.
This is a new issue, the customer has not experienced this in the past. I wonder how the certs ended up swapped. Being that this one expired on Dec 25 16:01:14 2006 GMT |
|
jlivingood Premium Member join:2007-10-28 Philadelphia, PA |
to flasic
Correct - we are aware of it. No, there is no compromise. Some SSL certs were installed incorrectly and we're fixing that now. We'll keep the thread on our forum updated with the most current info. Jason |
|
|
Robear777 to Ellery
Anon
2009-Jan-16 2:14 am
to Ellery
Re: Comcast Mail servers Compromised ???It seems to be happening again! |
|
Robear777 |
Robear777
Anon
2009-Jan-16 2:21 am
Details on the one Im seeing tonight: Version: V1 Serial number: 01 01 Signature algorithm: md5RSA Issuer: CN = Test CA20010517 OU = Widgets Division O = RTFM, Inc. C = US Valid from: Thursday, May 17, 2001 8:10:59 AM Valid to: Saturday, March 06, 2004 8:10:59 AM Subject: CN = localhost OU = Widgets Division O = RTFM, Inc. C = US Public key: 30 81 89 02 81 81 00 a2 5a 13 23 34 e3 e5 3c b3 56 e0 32 45 06 22 f6 7c 51 08 90 7b 91 a2 bd 29 2b 0d b9 27 46 58 1d 6f 77 94 74 38 cb 10 3a 69 f4 2b f7 d6 b2 46 33 18 d0 3d ba a4 7e 35 7f 4a a3 0e 03 b8 39 7b 24 06 c6 98 38 5c da a5 26 6d 40 c6 d3 f7 b3 82 67 b6 87 b4 af 33 d1 91 8d 5b f7 2c 96 ef b5 a0 e2 e8 9a 04 71 26 89 88 16 05 b5 47 25 14 91 03 f5 9f 48 5e 9a d5 1d 08 b3 8b 94 ee d0 08 fa 99 2d 02 03 01 00 01 Thumbprint algorithm: sha1 Thumbprint: 15 13 df cf 8b be 63 2d 91 bc 2e b3 ed 29 8d 74 06 4d 7d 8a |
|
|
Paclantic to Ellery
Anon
2009-Jan-16 7:17 am
to Ellery
Re: Comcast Mail servers CompromisedAw,... c'mon . . . . *R T F M* corp? |
|
|
Ellery
Member
2009-Jan-16 10:08 am
Read the F**king manual |
|
bigchrisDo Not Shoot The Messenger Premium Member join:2002-04-29 Leesburg, VA |
to Robear777
Re: Comcast Mail servers Compromised ???Is anyone still seeing this error today (Friday)? |
|
SolarPupOffice365 Rockstar Premium Member join:2002-03-07 Windsor, CO |
SolarPup
Premium Member
2009-Jan-16 11:18 am
I saw it late last night, but it disappeared now this morning. |
|