The SSL "lock" does not mean you are safe


Netcraft is reporting that phishing attempts spoofing SSL encryption in the browser are on the rise. The attacks are using more sophisticated means, including certificates with bank-like names on them. As Netcraft notes, most people will ignore browser messages that say the certificates don't match. I agree.

The warnings are not specific enough to alarm most people, usually stating that the certificate cannot be validated, or "doesn't match." And most folks who decide to look at the certificates don't care what the domain on the cert says, and/or won't have a clue what the signatures mean. Spamroll: The SSL "lock" doesn't mean you're safe

Linked by shanmuga Monday, 2nd January 2006 9:44PM