powered by Bloglet

Search WWW Search this site

Haywood the Ticket Monkey   Reading blogs at work? Click to escape to a suitable site!

Rate Me on BlogHop.com!   the best pretty good okay pretty bad the worst

home | forums | archives | tools | links

Haywood Jahelpme (aka Tech Support Hell)

I am a real live tech support person. And I live in Tech Support Hell.
SAVE ME!!!! UPDATE: I have been saved!
Wanted: Techs in Support Hell needed to help keep this blog alive!

Wednesday, March 10, 2004

.: 7:58 AM
posted by daddy-o

Netcraft: SSL's Credibility as Phishing Defense Is Tested

Poke around your browser's settings and see if you can turn off SSL encoding in 'plain text' to make your surfing experience a bit safer... I don't really see any other way around this issue besides inspecting every certificate you get....

"Scammers can also configure their web server so that deceptive SSL certificates won't trigger an alert in the user's browser. 'One of the SSL encoding methods is 'plain text',' Neal Krawetz from Secure Science Corporation noted in the SANS post on the issue. 'Most SSL servers have this disabled by default, but most browsers support it. When plain text is used, no central certificate authority is consulted and the user never sees a message asking if a certificate should be accepted (because 'plain text' doesn't use certificates). Keeping that in mind, the little lock icon may not even indicate an encrypted channel. The little lock only indicates an SSL connection.'"

read the rest

| Ask | Permalink

contact | Why? Why? Why? Watch This! | Projects | Blogroll Me!
Forums | home | archives | ping
B5 d++ t k- s u- f- i- o x- e- l- c-

Search Popdex: