SSL certificates aren't neccesarily safe.
On todays You and Yours programme they had a feature about how easy it is for scam websites to obtain a SLL certificate for only a few pounds.
http://www.bbc.co.uk/programmes/b006qps9 An expert said that there is basically there is no way for the public to be able to tell the difference between legitimate websites and the scammers. All he could advise was for people to use well known trusted brands, but to check carefully as they sometimes clone proper websites, make a minor change like replacing an I with a 1 and register it for a SSL certificate so that people think it's safe to use. |
Re: SSL certificates aren't neccesarily safe.
So what's new?
|
Re: SSL certificates aren't neccesarily safe.
It's the first that I (and I expect many others) had heard about this.
The advice has always been to check that websites have credentials to prove that they are trustworthy, but it now appears that SSL certificates are no guarantee of this at all. |
Re: SSL certificates aren't neccesarily safe.
Quote:
|
Re: SSL certificates aren't neccesarily safe.
That's why the Extended Validation Certificates were introduced, as there more legal hurdles to go through, so the aim was to prove that it wasn't just secure, but genuine too.
https://en.wikipedia.org/wiki/Extend...on_Certificate Pretty sure all banks use them. |
Re: SSL certificates aren't neccesarily safe.
Quote:
They are to secure the communication between you and the site, nothing more. To obtain a valid one for a website, you must be able to prove you control the domain. You can also issue yourself an SSL cert, but it wont be trusted by browsers, and will throw an error saying so, until you manually decide to accept it. |
Re: SSL certificates aren't neccesarily safe.
That must be why scammers are registering legitimate sites with slight changes to try and fool people into thinking they are another site like cab1eforum.co.uk (example).
|
Re: SSL certificates aren't neccesarily safe.
www.tesc0.com is a better example.
It actually exists and is up for sale, no doubt to try and capture credit card details etc |
Re: SSL certificates aren't neccesarily safe.
Quote:
|
Re: SSL certificates aren't neccesarily safe.
There is nothing new about people registering similar sites, thats always been happening and has nothing to do with SSL.
|
Re: SSL certificates aren't neccesarily safe.
Quote:
---------- Post added at 00:15 ---------- Previous post was at 00:12 ---------- Quote:
I suspect that most people in a hurry would probably be glancing at the padlock as opposed to the odd characters being used. |
Re: SSL certificates aren't neccesarily safe.
Quote:
How many times does this need to be said. It has nothing to do with a sites credibility, its simply a sign of a secure connection between you and the site. |
Re: SSL certificates aren't neccesarily safe.
What I'm trying to say (this cognitive impairment sometimes makes it difficult to explain what I mean) is that to Joe public, the presence of a certified secure connection may add credibility to the site from a holistic point of view even though it shouldn't be taken to mean any such thing.
---------- Post added at 10:24 ---------- Previous post was at 10:22 ---------- Quote:
|
Re: SSL certificates aren't neccesarily safe.
If it has only just been discovered by yourself and radio 4 I suggest you become more aquainted with the internet. This has been common knowledge for a long time.
I commend you on your collaboration with radio 4 though you must be a mine of information for them. |
Re: SSL certificates aren't neccesarily safe.
Quote:
You should be able make your point without snide sarcasm. |
All times are GMT +1. The time now is 03:22. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.