PDA

View Full Version : [ubuntu] Evolution - Heuristics Phishing Email SSL-Spoof



jumpgroup
February 24th, 2011, 11:51 PM
I'm also a little surprised this vulnerability hasn't been patched in Evolution yet.

I received an email yesterday that continually prompted me to accept a *bad* digital certificate. I download, updated and ran clam antivirus, which identified the culprit as a Heuristics.Phishing.Email.SSL-Spoof.

I'm not worried about my system, but I got a little curious. Should I have ignored the numerous warnings associated with installing a certification with a bad signature, I'm at a loss to figure out what harm it would do or what gain the prospective phishers would get. Unless I actually visited a web site either owned or hacked by someone with the root certificate, what is the point?

Just wanted to let you nice folks know what's going on if start getting weird pop ups to install a certificate.