User: Password:
|
|
Subscribe / Log in / New account

Extended Validation certificates and cross-site scripting

Extended Validation certificates and cross-site scripting

Posted Mar 15, 2008 11:20 UTC (Sat) by gerv (subscriber, #3376)
In reply to: Extended Validation certificates and cross-site scripting by iabervon
Parent article: Extended Validation certificates and cross-site scripting

"For example, there have been multiple organizations called, informally, "Chart Bank" doing
business in Massachusetts in the last five years, entirely legally."

Right. But the one you visit will have certain info in its EV cert, such as its registered
address, and others will have other info. And they _all_ will be legitimate businesses. And,
if they have the same name, they are very unlikely to have similar websites. It's not in their
best interests to promote confusion!

And also, accidentally revealing personal information to a legitimate bank meant for another
bank is not even close to being in the same league as revealing it to a phisher.

Gerv


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds