r3dtr1x

So is Pamela Anderson CIA? She's been in and out of the embassy a few times...

Citizen

TLDR; almost definitely benign.

This should be all of the relevant public info. Specifically, the two IPs for couragefound.org are both in 195.35.109.0/24 and one of the five IPs for wikileaks.org is in 195.35.109.0/24. That subnet belongs to blix.com's network in the Netherlands.

Considering couragefound.org and wikileaks.org are both on the same /24, I'd guess someone was rearranging their network and either forgot about DNS TTL, or thought it wasn't a big deal. Then SSL worked as intended. It noticed that the domain you were attempting to go to was not the same one you got connected to, and threw up a big scary warning. Also of interest, wikileaks.org mail server is mx.wikileaks.org; which resolves to 195.35.109.60. Therefore, 195.35.109.0/24 is probably the main wikileaks network.

The current couragefound.org SSL cert is dated from Thursday, ‎December ‎1, ‎2016 5:10:00 PM, to ‎Wednesday, ‎March ‎1, ‎2017 5:10:00 PM, and Let's Encrypt typically does 90 day certs. 31+31+28=90. The current wikileaks.org cert is dated from ‎Thursday, ‎December ‎1, ‎2016 5:14:00 PM from the same CA. Everything looks proper and correct. The same CA and renewal timing also strongly hints that both domains are run off of the same server; which jibes with the config error theory.

Unfortunately, SSL is fundamentally broken. There is very little protection from fraudulent certificates. Certificate pinning only protects sites which you have visited before. The only real protection is that, if it is detected, intentionally issuing a fraudulent certificate will likely result in the loss of your ability to issue certificates and the death of your company.

ThinCrust

Thanks for the details. I noticed the same cert error today on WL (but only when trying to view the e-mails, not the main site) but never dug deeper so thanks for the /24 analysis. Let's Encrypt is automated, but let's hope the cert domain mismatch still gets fixed soon.

Anyone know if couragefound.org is owned by WL for sure?

Citizen

It should be fixed already. I did a quick check, every IP is returning the certificate for the correct domain. (There's a very small chance that it isn't fixed for some people, but will fix itself within 24-72 hours due to improper DNS caching by their router or ISP.)

NerdyNoodle

Now I can't get into wikileaks at all using my regular ISP, even with TOR. Have not tried using my VPN because I don't want to give them a legal excuse to hack me.

sixgorillion

I see two likely scenarios, either one of the real WL associates managed to revoke their original certificate. Or the CIA fucked with the server.

larper or not?

https://i.sli.mg/PNIV6w.png

sixgorillion

Nope, it's CIA trying to make us think that WL is fine and Assange has never been better.

They're compromised, and they're soon going to release some made-up shit saying Russia hacked the US election(lol).

auil

So wouldn't the best course of action as of right now to discredit WL and prove that they're compromised so that no one believes them when they say Russia hacked the election?

sixgorillion

Look, the emails that were leaked cannot be discredited. No matter what they do, they can't ever say that the emails were fake. The emails were real, nobody has denied that. All they're doing now is saying that Russia hacked and influenced the election so therefor the election result is invalid.

The emails are signed and verified, can't make that shit up.

auil

Yes, the emails that have been leaked /thus far/ are valid. You said yourself, the now compromised WikiLeaks will post fake evidence to make people believe Russia influenced the election results. Why don't we make it as public as possible that WikiLeaks cannot be trusted as of now so that no one believes their hacked election bullshit?

sixgorillion

That's exactly what we need to do, before they use WL to their advantage.

I thought you meant 'the best course of action for them'.

hedy

Haven't heard too much about Iceland - probably should have omitted Iceland.

NamelessCrewmember

It was, and is. It is somewhere along the transition though, less far than other places. It's probably much better than where I am at, so I'm that aspect I am envious of you.

SaneGoatiSwear

not a rule.

reddit and imgur censor. fuck driving traffic to those against free speech.

ThorTheWonderful

Well we have plenty of screen shots to validate if these emails are the same as the ones we already saw. I hope they are.

I just need to get them uploaded someplace safe.

hedy

(Holdouts, maybe, but ironically, it's also the mecca of unbelievable crimes on children)

ThorTheWonderful

I can't crawl the server any more and each browser is showing me different results in the ftp file list.

ThorTheWonderful

I never did find the John Kerry files, Ecuador or UK FCO.

madmanpg

I actually just tried a Wikileaks link and got a warning about a certificate mismatch. Be careful.

NotAnIdiot

Wikileaks has a backup on Tor if I'm not mistaken.

NamelessCrewmember

Iceland, Norway, and a few others, holdouts of humanity and rule by the people.

Gone20

WL has been compromised for a while now. JA gave his life just like SR and other pats.

ThorTheWonderful

I grabbed the 30 gig archive from wikileaks right after Assange went off line, but the emails were not in it so I grabbed those 3 days ago but I can't be sure if they are original. If somebody can give me a secure anonymous means to upload them, I will.

ThorTheWonderful

The Podesta email archive is roughly 2 and half gigs.

Trumpedupeconomics

Whois for CourageFound.org comes from Norway

http://whois.domaintools.com/couragefound.org