Need Advice Re:(Compromised SSL Certificate pop up warning before login 2 Secure Nym)

Discussion in 'privacy problems' started by Hendry, Sep 19, 2009.

Thread Status:
Not open for further replies.
  1. Hendry

    Hendry Registered Member

    Joined:
    Aug 30, 2009
    Posts:
    6
    Recently when I went to the Securenym webmail page a warning popped up it said


    "A potentially compromised SSL certificate has been detected

    Access to the following URL may not be secure:

    https://www.securenym.net/mail/src/login.php

    This server certificate has been signed using the MD5 algorithm. It is recommended that you do not exchange sensitive data with this website.
    Display Name
    www.securenym.net

    Certificate fingerprint
    19AB5FACB9CE10AAA34C9358B3F851405B03EE90

    SSL Blacklist 4.0
    Copyright© 2008 CodeFromthe70s.org "




    What does this mean? This is the first time such a warning came up on the site? I just got Xerobank VPN not sure it that has anything to do with it?





    Any help is greatly appreciated



    Thanks in advance

    Hendry
     
  2. Countermail

    Countermail Registered Member

    Joined:
    Aug 7, 2009
    Posts:
    167
    Location:
    Sweden
    It's because they have a weak SSL certificate (using MD5) and you have FireFox with the extension "SSL Blacklist" installed. SSL Blacklist is a really good extension, and the warning is correct.

    Background: http://www.win.tue.nl/hashclash/rogue-ca/
     
  3. Hendry

    Hendry Registered Member

    Joined:
    Aug 30, 2009
    Posts:
    6
    Re: Need Advice Re:(Compromised SSL Certificate pop up warning before login 2 Secure

    Thanks for the reply Counternail


    So this means that SecureNym email is ............Insecure lol That's not good
     
  4. ohda

    ohda Registered Member

    Joined:
    Oct 6, 2009
    Posts:
    1
    This is just wrong. SecureNym's SSL certs are dual signed, with SHA1 as the primary and MD5 the secondary. The SSL Blacklist plugin fails to recognize this.

    Don't believe it? CLick on the padlock icon in your browser, then 'view certificate'. BOTH fingerprints are right there, and the SHA1 is the primary.
     
  5. Countermail

    Countermail Registered Member

    Joined:
    Aug 7, 2009
    Posts:
    167
    Location:
    Sweden
    No it's MD5, PKCS#1 MD5 with RSA, you should look at the Signature algorithm.
     
    Last edited: Oct 6, 2009
Loading...
Thread Status:
Not open for further replies.