Bitcoin Forum
November 15, 2024, 10:57:26 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: SSL certificates are changing on Bitcoin websites  (Read 2163 times)
cjp (OP)
Full Member
***
Offline Offline

Activity: 210
Merit: 124



View Profile WWW
November 21, 2012, 10:00:39 PM
 #1

Recently, bitcoin.de changed its SSL certificate (twice), while the old one wasn't expired yet. Also, the certificate authority changed. bitcoin.de now seems to be some kind of alias(?) of ssl2669.cloudflare.com, and Certificate Patrol shows it like:

- GlobalSign Root CA
  - GlobalSign Organization Validation CA - G2
    - ssl2669.cloudflare.com

For bitcoin.de, this might have had something to do with the recent DDOS attack (but then, who would gain anything with a DDOS attack?). But now I also got a new certificate for bitinstant,com, also while the old certificate wasn't expired yet, and also pointing to ssl2669.cloudflare.com.

Can someone please explain what is going on here?

Donate to: 1KNgGhVJx4yKupWicMenyg6SLoS68nA6S8
http://cornwarecjp.github.io/amiko-pay/
sneak
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
November 21, 2012, 10:02:50 PM
 #2

Obviously you are being MITM attacked by the government for participating in a subversive p2p network currency.  

You should sound the alarm, because if indeed that were the case, this would not be too late anyway.  /sarcasm

SSL key changes are routine.  If you trust the PKI, then it's fine.  If you don't trust the PKI, it wasn't fine before anyway.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1358
Merit: 1002



View Profile
November 21, 2012, 10:37:39 PM
 #3

Obviously you are being MITM attacked by the government for participating in a subversive p2p network currency.  

You think you're joking but that's exactly what's happening lol

http://exiledonline.com/isucker-big-brother-internet-culture/
Quote
...CloudFlare’s CEO Matthew Prince made a weird, glib admission that he decided to start the company only after the Department of Homeland Security gave him a call in 2007 and suggested he take the technology behind Project Honey Pot one step further…
vokain
Legendary
*
Offline Offline

Activity: 1834
Merit: 1019



View Profile WWW
November 22, 2012, 01:40:56 AM
 #4

Obviously you are being MITM attacked by the government for participating in a subversive p2p network currency.  

You think you're joking but that's exactly what's happening lol

http://exiledonline.com/isucker-big-brother-internet-culture/
Quote
...CloudFlare’s CEO Matthew Prince made a weird, glib admission that he decided to start the company only after the Department of Homeland Security gave him a call in 2007 and suggested he take the technology behind Project Honey Pot one step further…

damn lol
mcdett
Full Member
***
Offline Offline

Activity: 157
Merit: 101



View Profile
November 22, 2012, 01:52:56 AM
 #5

There are known trojan's in the wild now infecting chrome on MS.  Cert signature errors are a very common sign.
niko
Hero Member
*****
Offline Offline

Activity: 756
Merit: 501


There is more to Bitcoin than bitcoins.


View Profile
November 22, 2012, 02:07:57 AM
 #6

It seems they moved to cloudflare, possibly due to ddos or similar problems. Nothing alarming. What psy pointed out is interesting, though.  Cloudflare is a US entity, and as such subject to the US PATRIOT act. Making the Web insecure pushes more people towards cloudflare, which in turn provides more opportunities for massive data surveilance by the US government. Imagine the reaction if Chinese government was trying to route as much traffic as possible through Chinese-operated infrastructure...

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1013



View Profile
November 22, 2012, 02:31:09 AM
 #7

Cloudflare is a US entity, and as such subject to the US PATRIOT act. Making the Web insecure pushes more people towards cloudflare, which in turn provides more opportunities for massive data surveilance by the US government. Imagine the reaction if Chinese government was trying to route as much traffic as possible through Chinese-operated infrastructure...
I still don't understand why all bitcoin-related websites don't make access via a hidden service a standard feature.
picobit
Hero Member
*****
Offline Offline

Activity: 547
Merit: 500


Decor in numeris


View Profile
November 22, 2012, 12:19:27 PM
 #8

I still don't understand why all bitcoin-related websites don't make access via a hidden service a standard feature.
Because those of us not doing anything illegal and not being overly paranoid(*) think that using TOR is inconvenient and slow. 

(*) And that may be a significant fraction of all bitcointers. 

hazek
Legendary
*
Offline Offline

Activity: 1078
Merit: 1003


View Profile
November 22, 2012, 12:35:35 PM
 #9

I still don't understand why all bitcoin-related websites don't make access via a hidden service a standard feature.
Because those of us not doing anything illegal and not being overly paranoid(*) think that using TOR is inconvenient and slow. 

(*) And that may be a significant fraction of all bitcointers. 

You don't need to have a website behind Tor in order to use Tor to access it and protect yourself as far as I understand it..

My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
Marco Polo
Newbie
*
Offline Offline

Activity: 29
Merit: 0



View Profile
November 22, 2012, 12:44:23 PM
Last edit: November 22, 2012, 12:59:30 PM by Marco Polo
 #10

The SAN field on the certificate for bitcoin.de is pretty interesting:
Or maybe not, maybe they need to be able to read the traffic in order to be able to filter out ddos attacks..
DNS Name=ssl2669.cloudflare.com
DNS Name=*.ukashvip.com
DNS Name=ukashvip.com
DNS Name=bookmakers.com.au
DNS Name=*.calendars.com
DNS Name=calendars.com
DNS Name=subeta.net
DNS Name=*.subeta.net
DNS Name=*.goldenarium.com
DNS Name=*.hellocq.com
DNS Name=*.bookmakers.com.au
DNS Name=*.pcbooster.com
DNS Name=*.hosthack.com
DNS Name=hosthack.com
DNS Name=*.aitec.ee
DNS Name=greenpolkadotbox.com
DNS Name=pcbooster.com
DNS Name=goldenarium.com
DNS Name=testwanda.com
DNS Name=bitinstant.com
DNS Name=*.testwanda.com
DNS Name=bitcoin.de
DNS Name=*.bitcoin.de
DNS Name=president.gov.ph
DNS Name=*.greenpolkadotbox.com
DNS Name=aitec.ee
DNS Name=*.president.gov.ph
DNS Name=*.bitinstant.com
DNS Name=hellocq.com
DNS Name=*.tangostress.info
DNS Name=tangostress.info
justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1013



View Profile
November 22, 2012, 02:11:38 PM
 #11

Because those of us not doing anything illegal and not being overly paranoid(*) think that using TOR is inconvenient and slow.  

(*) And that may be a significant fraction of all bitcointers.
Then people who don't want it wouldn't need to use the hidden service, but those who don't trust cloudflare would have an alternative.

You don't need to have a website behind Tor in order to use Tor to access it and protect yourself as far as I understand it..
All other things being equal a hidden service is safer, and sometimes faster, than using Tor to browse a regular web site. Traffic between your computer and a hidden service doesn't leave the internal Tor network so you aren't exposed to potentially malicious and/or congested exit nodes and (most importantly) it's impossible for an intermediate node to perform a MITM attack.
BkkCoins
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1009


firstbits:1MinerQ


View Profile WWW
November 22, 2012, 03:22:49 PM
 #12

Because those of us not doing anything illegal and not being overly paranoid(*) think that using TOR is inconvenient and slow.  

(*) And that may be a significant fraction of all bitcointers.
Then people who don't want it wouldn't need to use the hidden service, but those who don't trust cloudflare would have an alternative.

You don't need to have a website behind Tor in order to use Tor to access it and protect yourself as far as I understand it..
All other things being equal a hidden service is safer, and sometimes faster, than using Tor to browse a regular web site. Traffic between your computer and a hidden service doesn't leave the internal Tor network so you aren't exposed to potentially malicious and/or congested exit nodes and (most importantly) it's impossible for an intermediate node to perform a MITM attack.
They probably don't know how easy it is to set up.
eg. Install Tor (apt-get install tor), add a web server cfg to listen on some localhost port and edit the line in the torrc file to associate the hidden service dir with local port. Restart Tor.

But also, if they're using cloudflare to spread load (and I don't know if that's the reason) then I guess handling some small portion of traffic via the local Tor proxy may be seen as hindering that.

J-Norm
Newbie
*
Offline Offline

Activity: 56
Merit: 0



View Profile
November 22, 2012, 10:07:39 PM
 #13

Code:
apt-get install tor
apt-get install ettercap

Ettercap is a program that allows you to perform a man in the middle attack. It can do so by redirecting traffic or if you already are the gateway(such as with tor) then it can perform the attack wouthout needing to reroute.

It is capable of generating an ssl certificate on the fly and attempt to get you to connect to them. This will cause a browser warning that something is fishy, many ignore it.

I would not be suprised if someone was running a tor node just to attempt to steal wallet passwords.
Insu Dra
Full Member
***
Offline Offline

Activity: 182
Merit: 100



View Profile
November 22, 2012, 11:20:30 PM
Last edit: November 23, 2012, 03:10:28 PM by Insu Dra
 #14

Obviously you are being MITM attacked by the government for participating in a subversive p2p network currency.  

You think you're joking but that's exactly what's happening lol

http://exiledonline.com/isucker-big-brother-internet-culture/
Quote
...CloudFlare’s CEO Matthew Prince made a weird, glib admission that he decided to start the company only after the Department of Homeland Security gave him a call in 2007 and suggested he take the technology behind Project Honey Pot one step further…

+1 CloudFlare the ultimate man in the middle attack and people don't even seem to care ...

Edit:
This reminded me of following article written in 2009, it seems like all the concerns they had where valid and have or are becoming the main issue with freedom on the internet.

Quote from: Can we reinvent the internet ?
They are concerned that control could be shifting from the edges of the Internet toward the service providers at the center, which would allow the providers to have “gatekeeper” capacity and would contradict the Internet's “end-to-end” principle
http://www.sciencemag.org/content/325/5939/396.short

"drugs, guns, and gambling for anyone and everyone!"
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1134


View Profile
November 23, 2012, 12:51:54 PM
 #15

Running a hidden service doesn't stop DoS attacks. If anything it makes them harder to stop because you can't block connections on Tor anywhere near as easily as with regular web sites (no IP address blocking).
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!