MSN certificate popup

David Woolley forums at david-woolley.me.uk
Tue Jul 19 03:03:02 EDT 2011


Tyler Kwong wrote:
> I get a popup when I send messages to offline buddies.
> 
> Accept certificate for ows.messenger.msn.com?
> 
> The certificate for ows.messenger.msn.com could not be validated.
> The certificate claims to be from "*.opendns.com" instead. This could 
> mean that you are not connecting to the service you believe you are.

That certificate is coming from someone that doesn't even sound to be 
part of Microsoft, so it should be rejected.  It's just possible that 
Microsoft might slip up and give out another Microsoft certificate, but 
you should confirm that with Microsoft.  However there is no chance of 
that in this case.

Although it sounds as though this is not malicious, as opendns would 
have no intention of trying to operate the MSN protocol, such a mismatch 
from a hostile source would indicate an attempt to act as a man in the 
middle, and to relay your conversation in clear, so that they could 
record or modify it.  A competent real attacker would use a domain name 
that, at first glance, looked like it was a Microsoft one.

> 
> Should I accept the cert? I'm using Pidgin 2.9.0 in Windows.

No.


-- 
David Woolley
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.




More information about the Support mailing list