Recently while setting up a client's Verizon DSL connection, the Verizon DSL connection did an attack technique on all network traffic and attempted to capture my Outlook Anywhere username and password. The attack is called a man-in-the-middle. It tricks the end user to provide information to an unauthorized server. So, my Outlook 2010's Outlook Anywhere secure connection was redirected to a Verizon server. Since I require the SSL certificate to match my server for Outlook 2010's Outlook Anywhere (formerly called RPC over HTTPS), I was able to detect and not proceed. Be warned when you see this on networks. Never proceed when you see this. Or better approach is close all applications until the Verizon DSL is setup. If you are wondering, Verizon should NOT be doing this during the setup, but they are!
Screen-shot below includes the Outlook Anywhere SSL certificate warning and the "unauthorized SSL cert" from Verizon.
Stay safe...
-Ben
No comments:
Post a Comment