MSN certificate popup
David Woolley
forums at david-woolley.me.uk
Tue Jul 19 03:03:02 EDT 2011
Tyler Kwong wrote:
> I get a popup when I send messages to offline buddies.
>
> Accept certificate for ows.messenger.msn.com?
>
> The certificate for ows.messenger.msn.com could not be validated.
> The certificate claims to be from "*.opendns.com" instead. This could
> mean that you are not connecting to the service you believe you are.
That certificate is coming from someone that doesn't even sound to be
part of Microsoft, so it should be rejected. It's just possible that
Microsoft might slip up and give out another Microsoft certificate, but
you should confirm that with Microsoft. However there is no chance of
that in this case.
Although it sounds as though this is not malicious, as opendns would
have no intention of trying to operate the MSN protocol, such a mismatch
from a hostile source would indicate an attempt to act as a man in the
middle, and to relay your conversation in clear, so that they could
record or modify it. A competent real attacker would use a domain name
that, at first glance, looked like it was a Microsoft one.
>
> Should I accept the cert? I'm using Pidgin 2.9.0 in Windows.
No.
--
David Woolley
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.
More information about the Support
mailing list