Archive for 'SSL'
Susceptibility to Identity Theft
We design security products for everyman. We don’t have the luxury of designing products for security-savvy users, nor should we seek solace in the feckless admonition “education is the only solution”. That’s why this report is so alarming. It demonstrates that everyman users of online banking sites provide their credentials:
In the absence of HTTPS indicators
In [...]
Posted: February 5th, 2007 under SSL, Trust.
Comments: none
New SSL Certificates Launch
In doing some reading about the recently launched High Assurance / Extended Validation SSL certificates (which attempt to restore some trust and validity to the identity of the subject) I visited the CA/Browser Forum, who helped to define the requirements. Figuring that they would be the most obvious site at which to test my browser’s [...]
Posted: January 14th, 2007 under SSL, Trust.
Comments: none
Man-in-the-Middle Attack Kit
Hot on the heels of the $15 WebAttacker malware kit comes an RSA report of a do-it-yourself Man-in-the-Middle kit. This is a scary evolution of phishing: by proxying the connection between the client (victim) and the real server (e.g. their bank) MitM can accurately indicate a failed login to the victim (making it harder to [...]
Posted: January 11th, 2007 under 2FA, Phishing, SSL.
Comments: 1