dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
3908
Ellery
join:2001-01-10
Rome, GA

1 edit

Ellery

Member

[E-mail] Comcast Mail servers Compromised

Working on a customers computer today I noted some oddities in the security certificate for her Email server. RTFM is a security firm that seems to specialize in SSL related systems. This is in La Fayette, GA using hostname smtp.comcast.net

Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, O=RTFM, Inc., OU=Widgets Division, CN=Test CA20010517
Validity
Not Before: May 17 16:01:14 2001 GMT
Not After : Dec 25 16:01:14 2006 GMT
Subject: C=US, O=RTFM, Inc., OU=Widgets Division, CN=Test CA20010517
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:9a:45:f8:d3:06:ab:98:7d:3e:96:7c:03:f5:88:
ec:26:14:73:65:7e:aa:5d:a7:45:af:2d:32:da:da:
d9:ea:03:2c:f0:cb:f7:dc:82:8f:c0:eb:bc:4c:4e:
d5:fb:73:c4:48:4b:63:23:6c:2b:f2:3b:95:f4:e9:
1b:20:f3:a6:fa:d7:79:33:cf:ba:bd:7c:88:5b:e2:
41:a3:77:21:f7:d8:b4:40:c4:df:e7:f8:d3:82:c5:
be:dc:88:d5:f3:21:1d:88:67:19:16:9d:8d:58:a2:
d1:bd:93:ea:d9:54:5b:b8:5e:d1:d6:9b:e0:71:a4:
6e:04:9d:30:18:ea:21:c2:7b
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
94:07:cc:cc:28:89:57:e6:2a:3c:4d:a9:5b:cc:7f:50:91:ee:
c1:72:f1:40:2f:ec:29:ff:9c:35:4e:85:6c:5a:43:6b:20:d4:
96:2a:fe:9b:97:f8:dc:a8:e0:f7:68:f8:4a:ee:a8:5a:78:e5:
3c:65:62:8b:3e:83:cf:0a:74:65:f5:6a:3e:d4:9b:6c:38:ed:
ea:22:02:4f:ef:d0:65:f6:8a:0b:19:a8:62:c4:5d:af:fe:07:
9a:e6:a3:48:4a:34:2f:c1:89:65:2d:26:bf:fc:03:cf:ea:45:
c7:9e:03:b4:44:84:5b:89:30:58:1d:29:00:ce:6e:a1:0d:db:
2f:54
Xyc
Premium Member
join:2006-06-08
Sewell, NJ

1 edit

Xyc

Premium Member

Re: Comcast Mail servers Compromised

You found an 8 year old expired public key certificate on a client's computer with a Common Name of "Test CA20010517" and that warrants the subject "Comcast Mail servers Compromised"?

Misinterpreted what the OP was saying. I'm guessing someone messed up updating the certs more than attack, but still concerning.
flasic
join:2004-06-23

flasic to Ellery

Member

to Ellery
I just got the same warning and landed here after doing a search for CA20010517. What the hell is going on?
flasic

flasic to Ellery

Member

to Ellery
Comcast is aware of the issue.
Ellery
join:2001-01-10
Rome, GA

Ellery

Member

I intended on placing a question mark in the title, My bad.

This is a new issue, the customer has not experienced this in the past. I wonder how the certs ended up swapped. Being that this one expired on Dec 25 16:01:14 2006 GMT

jlivingood
Premium Member
join:2007-10-28
Philadelphia, PA

jlivingood to flasic

Premium Member

to flasic
said by flasic:

Comcast is aware of the issue.
Correct - we are aware of it. No, there is no compromise. Some SSL certs were installed incorrectly and we're fixing that now. We'll keep the thread on our forum updated with the most current info.

Jason

Robear777
@comcast.net

Robear777 to Ellery

Anon

to Ellery

Re: Comcast Mail servers Compromised ???

It seems to be happening again!
Robear777

Robear777

Anon

Details on the one I’m seeing tonight:
Version: V1
Serial number: 01 01
Signature algorithm: md5RSA
Issuer: CN = Test CA20010517
OU = Widgets Division
O = RTFM, Inc.
C = US
Valid from: Thursday, May 17, 2001 8:10:59 AM
Valid to: Saturday, March 06, 2004 8:10:59 AM
Subject: CN = localhost
OU = Widgets Division
O = RTFM, Inc.
C = US
Public key: 30 81 89 02 81 81 00 a2 5a 13 23 34 e3 e5 3c b3 56 e0 32 45 06 22 f6 7c 51 08 90 7b 91 a2 bd 29 2b 0d b9 27 46 58 1d 6f 77 94 74 38 cb 10 3a 69 f4 2b f7 d6 b2 46 33 18 d0 3d ba a4 7e 35 7f 4a a3 0e 03 b8 39 7b 24 06 c6 98 38 5c da a5 26 6d 40 c6 d3 f7 b3 82 67 b6 87 b4 af 33 d1 91 8d 5b f7 2c 96 ef b5 a0 e2 e8 9a 04 71 26 89 88 16 05 b5 47 25 14 91 03 f5 9f 48 5e 9a d5 1d 08 b3 8b 94 ee d0 08 fa 99 2d 02 03 01 00 01
Thumbprint algorithm: sha1
Thumbprint: 15 13 df cf 8b be 63 2d 91 bc 2e b3 ed 29 8d 74 06 4d 7d 8a

Paclantic
@comcast.net

Paclantic to Ellery

Anon

to Ellery

Re: Comcast Mail servers Compromised

Aw,... c'mon . . . . *R T F M* corp?
Ellery
join:2001-01-10
Rome, GA

Ellery

Member

Read the F**king manual

bigchris
Do Not Shoot The Messenger
Premium Member
join:2002-04-29
Leesburg, VA

bigchris to Robear777

Premium Member

to Robear777

Re: Comcast Mail servers Compromised ???

Is anyone still seeing this error today (Friday)?

SolarPup
Office365 Rockstar
Premium Member
join:2002-03-07
Windsor, CO

SolarPup

Premium Member

I saw it late last night, but it disappeared now this morning.