| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 27 Sep 2004 10:39:27 -0500 From: Aleksandar Milivojevic <amilivojevic@....ca> To: bugtraq@...urityfocus.com Subject: Re: New whitepaper "The Phishing Guide" Seth Arnold wrote: > http://www.internetnews.com/dev-news/article.php/721571 > > Even the best-known X.509 Certification Agency has made screwups > regarding one of the best-known publicly traded corporations. How hard > do you think it would be to get certificates for something that sounds > plausibly like a bank? Credit card company? I totally agree with what you (and others) wrote. Most of the current registrars fall from the sky some time ago, telling us that they are "trusted" entities (yeah right). Even without that incident you mentioned, would you trust company whose bussiness practices include hijacking of DNS name space (scandal with wildcard .com and .net entries) or sending deceptive domain renewals via mail? Probably not. My point was that currently corporations are not even attempting to use the tools they have available. It is more important to them that message is nicely HTML formated, than putting even basic security precausins (such as signing with x509 certificate). -- Aleksandar Milivojevic <amilivojevic@....ca> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
Powered by blists - more mailing lists