Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Service Discussion
Re: html source of mtgox.com
by
Kluge
on 25/02/2014, 11:16:38 UTC
Quote from: HumanFractal on February 25, 2014, 10:56:14 AM
Quote from: Kluge on February 25, 2014, 10:24:27 AM
Quote from: HumanFractal on February 25, 2014, 10:19:49 AM
Quote from: st4nl3y on February 25, 2014, 10:12:14 AM
i think this might have been done purposely to deceive in to thinking gox is coming back. 

Yes, though this thread has been entertaining, this is not what I'm seeing for HTML source.
In all seriousness, there's a fair chance your web requests are being redirected by malware or a malicious DNS server if you're not seeing that. What are you seeing? It has the SSL certification icon when you connect? (my troll hat's genuinely off)

Haha! You caused me to have a good freak out there, but I've figured out what's going on.

The first clue was that this was only happening to me in Chrome. (I have Chrome in super locked down mode with cookies and javascript disabled by default)

This is what I was seeing:

MtGox.com loading

Please wait...



So you see, they set a cookie before refreshing the page.

End panic mode.

Seriously though, thanks for the heads up. Everything checks out SSL and DNS-wise.
Correct me if I'm wrong, but DNS attacks couldn't actually forge data under SSL, could they?
(Unless of course Gox's server keys were compromised)
Oh, I see - the loading screen. Yeah, I got that, too - didn't even think about it. At first, I thought it might be me, so I checked with a VM machine using Firefox instead of Chrome "with some urgency." Cheesy Heh, sorry about the scare. Embarrassed

DNS attack shouldn't be able to adequately forge SSL certificate in most reasonable scenarios (though it's happened outside cert keys just being stolen/compromised - google comodo attack, allegedly done by a single guy). DNS attacker who was really specific (targeting crypto users, maybe) would probably just self-sign certificates for fake crypto websites and hope you click through the browser warnings (so to answer your question - no - or at least "no, I don't think so."). Idunno SSL cert mechanics well enough to fully answer you, though.