[WEB SECURITY] EV SSL certificates

bugtraq at cgisecurity.net bugtraq at cgisecurity.net
Thu Dec 21 12:30:05 EST 2006


> What are people's opinions on EV SSL certificates?  Will they be
> widely adopted?  Will they make a dent in phishing attacks?
> 
> I'm going to guess that they will be widely adopted by the large
> e-commerce and financial sites, but they won't make a significant
> difference in losses due to phishing.  End users just aren't going to
> look at the URL bar enough to understand what is going on.

I couldn't agree more. Many users visit websites stating that something needs to be installed, and notice that 
when they click no they can't see the content that brought them there in the first place so get into the habit 
of accepting installs. More than 10 years later these people still don't understand that installing random software
from random places is a bad idea, so why would they suddenly understand something new? 

- Robert
http://www.cgisecurity.com/ Application Security news
http://www.cgisecurity.com/index.rss [RSS Security Feed]

> ----------------------------------------------------------------------------
> The Web Security Mailing List: 
> http://www.webappsec.org/lists/websecurity/
> 
> The Web Security Mailing List Archives: 
> http://www.webappsec.org/lists/websecurity/archive/
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list