[WEB SECURITY] EV SSL certificates
Mike Fratto
mfratto at gmail.com
Fri Dec 22 14:50:24 EST 2006
On 12/22/06, TUSHAR VARTAK /ISG/INFOTECH/BKC
<TUSHAR.VARTAK at 3i-infotech.com> wrote:
> As I understand it this would be helpful in the newest
> versions of the browsers like IE 7, the browser would show
> Phishing Site and legitimate site next to address bar. For
> some good time the old browsers would stay and I am not sure
> if this would really help.
EV Certificated don't really solve the phishing problem mainly because
phishing is a social problem, not a techincal one. It's that simple.
If I want to be optimistic and think the best of people behind EV,
then I have to say that the EV initiative is a valiant effort to try
to tell users that a site has been approved, but it doens't stop
phishing of people simply ignore the messages their browsers pop to
them about certificate problems. Those people will still ignore the
pop-ups.
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
More information about the websecurity
mailing list