https - hopefully not too stupid a question

[Tony Naggs]

On 17 June 2012 16:53, Roland Perry <lists at internetpolicyagency.com> wrote:

> Hmm, if I try to access:
>
> https://65.55.25.59/**windowsupdate/v6/thanks.aspx?**ln=en&&thankspage=5<https://65.55.25.59/windowsupdate/v6/thanks.aspx?ln=en&&thankspage=5>
>
> (Where 65.55.25.59 is what my DNS translates www.update.microsoft.cominto)
>
> I get:
>
>  This is probably not the site you are looking for!
>
>  You attempted to reach 65.55.25.59, but instead you actually reached a
>  server identifying itself as www.update.microsoft.com. This may be
>  caused by a misconfiguration on the server or by something more
>  serious. An attacker on your network could be trying to get you to
>  visit a fake (and potentially harmful) version of 65.55.25.59.
>
> Is this my browser (Chrome) not getting its act together, or is there an
> infelicity in one of the protocols?
>

The browser message is being slightly misleading - it has simply found that
the text of the website you typed "65.55.25.59" differs the name on the
certificate the web server sent it "www.update.microsoft.com".

The web browser does not make a connection between the 2, as the
translation of the text "65.55.25.59" directly to an IP address & bypassing
the name (DNS) lookup is done at a lower layer in the communications stack.


An alternative way to avoid making the DNS lookups across the Internet is
to keep the name lookup local to your PC by directly adding it the Windows
or Unix hosts file with a line something like this:
    65.55.25.59        www.microsoft.com

Of course doing this would isolate you from knowing about any move
Microsoft may make of the service to another server. Wikipedia have a nice
explanation http://en.wikipedia.org/wiki/Hosts_%28file%29

Cheers,
Tony
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20120617/f88d021e/attachment.html>