A Sneaky Phish Just Grabbed my Mailchimp Mailing List
Troy Hunt recently becaming the victim of phising. This proves yet again, that this can happen to anyone, not only non-technical people.
Read more [www.troyhunt.com]
Posts tagged with phishing
Extended validation is broken
In a new article on his blog Ian Carroll shows that it's quite easy to trick users into thinking that they're connected to the right site.
Extended validation ("EV") certificates are a unique type of certificate issued by certificate authorities after more extensive validation of the entity requesting the certificate. In exchange for this more rigorous vetting, browsers show a special indicator like a green bar containing the company name, or in the case of Safari completely replace the URL with the company name. ... Today, I will demonstrate another issue with EV certificates: colliding entity names. Specifically, this site uses an EV certificate for "Stripe, Inc", that was legitimately issued by Comodo.
https://stripe.ian.sh/