SSL certificates aren't neccesarily safe.
15-11-2017, 19:08
|
#1
|
cf.mega poster
Join Date: Jan 2008
Posts: 10,086
|
SSL certificates aren't neccesarily safe.
On todays You and Yours programme they had a feature about how easy it is for scam websites to obtain a SLL certificate for only a few pounds.
http://www.bbc.co.uk/programmes/b006qps9
An expert said that there is basically there is no way for the public to be able to tell the difference between legitimate websites and the scammers. All he could advise was for people to use well known trusted brands, but to check carefully as they sometimes clone proper websites, make a minor change like replacing an I with a 1 and register it for a SSL certificate so that people think it's safe to use.
|
|
|
15-11-2017, 19:16
|
#2
|
Sad Doig Fan!
Join Date: Aug 2007
Location: Barry South Wales
Age: 68
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,661
|
Re: SSL certificates aren't neccesarily safe.
So what's new?
|
|
|
15-11-2017, 21:12
|
#3
|
cf.mega poster
Join Date: Jan 2008
Posts: 10,086
|
Re: SSL certificates aren't neccesarily safe.
It's the first that I (and I expect many others) had heard about this.
The advice has always been to check that websites have credentials to prove that they are trustworthy, but it now appears that SSL certificates are no guarantee of this at all.
|
|
|
15-11-2017, 22:05
|
#4
|
Sad Doig Fan!
Join Date: Aug 2007
Location: Barry South Wales
Age: 68
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,661
|
Re: SSL certificates aren't neccesarily safe.
Quote:
Originally Posted by RichardCoulter
It's the first that I (and I expect many others) had heard about this.
The advice has always been to check that websites have credentials to prove that they are trustworthy, but it now appears that SSL certificates are no guarantee of this at all.
|
Self certification has been around for a while so it doesn't "now appear".
|
|
|
15-11-2017, 22:16
|
#5
|
Virgin Media Staff
Join Date: Nov 2006
Location: Manchester
Services: 360 x2, Maxit TV, Sky Sports and Sky Cinema. Gig1
Posts: 17,929
|
Re: SSL certificates aren't neccesarily safe.
That's why the Extended Validation Certificates were introduced, as there more legal hurdles to go through, so the aim was to prove that it wasn't just secure, but genuine too.
https://en.wikipedia.org/wiki/Extend...on_Certificate
Pretty sure all banks use them.
__________________
I work for Virgin Media but all views are my own.
|
|
|
15-11-2017, 23:37
|
#6
|
Dr Pepper Addict
Cable Forum Team
Join Date: Oct 2003
Location: Nottingham
Age: 61
Services: Flextel SIP : Sky Mobile : Sky Q TV : VM BB (1000 Mbps) : Aquiss FTTP (330 Mbps)
Posts: 27,762
|
Re: SSL certificates aren't neccesarily safe.
Quote:
Originally Posted by RichardCoulter
The advice has always been to check that websites have credentials to prove that they are trustworthy, but it now appears that SSL certificates are no guarantee of this at all.
|
SSL Certificates have NEVER been related to how trustworth a site is.
They are to secure the communication between you and the site, nothing more.
To obtain a valid one for a website, you must be able to prove you control the domain.
You can also issue yourself an SSL cert, but it wont be trusted by browsers, and will throw an error saying so, until you manually decide to accept it.
__________________
Baby, I was born this way.
|
|
|
16-11-2017, 01:06
|
#7
|
cf.mega poster
Join Date: Jan 2008
Posts: 10,086
|
Re: SSL certificates aren't neccesarily safe.
That must be why scammers are registering legitimate sites with slight changes to try and fool people into thinking they are another site like cab1eforum.co.uk (example).
|
|
|
16-11-2017, 10:19
|
#8
|
cf.mega poster
Join Date: Jan 2008
Posts: 10,086
|
Re: SSL certificates aren't neccesarily safe.
www.tesc0.com is a better example.
It actually exists and is up for sale, no doubt to try and capture credit card details etc
|
|
|
16-11-2017, 10:28
|
#9
|
Sad Doig Fan!
Join Date: Aug 2007
Location: Barry South Wales
Age: 68
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,661
|
Re: SSL certificates aren't neccesarily safe.
Quote:
Originally Posted by RichardCoulter
www.tesc0.com is a better example.
It actually exists and is up for sale, no doubt to try and capture credit card details etc
|
Yes because gullible joe in the street really wants a site called tesc0.com. It has so much appeal.
|
|
|
16-11-2017, 18:12
|
#10
|
Dr Pepper Addict
Cable Forum Team
Join Date: Oct 2003
Location: Nottingham
Age: 61
Services: Flextel SIP : Sky Mobile : Sky Q TV : VM BB (1000 Mbps) : Aquiss FTTP (330 Mbps)
Posts: 27,762
|
Re: SSL certificates aren't neccesarily safe.
There is nothing new about people registering similar sites, thats always been happening and has nothing to do with SSL.
__________________
Baby, I was born this way.
|
|
|
17-11-2017, 00:15
|
#11
|
cf.mega poster
Join Date: Jan 2008
Posts: 10,086
|
Re: SSL certificates aren't neccesarily safe.
Quote:
Originally Posted by pip08456
Yes because gullible joe in the street really wants a site called tesc0.com. It has so much appeal.
|
Some people would undoubtedly be conned, especially if they are in a hurry. I suspect most wouldn't, but they only need to scam a few to make it worth their while.
---------- Post added at 00:15 ---------- Previous post was at 00:12 ----------
Quote:
Originally Posted by Paul M
There is nothing new about people registering similar sites, thats always been happening and has nothing to do with SSL.
|
True, but I think the prescence of an SSL certificate would help to give the fake site credibility.
I suspect that most people in a hurry would probably be glancing at the padlock as opposed to the odd characters being used.
|
|
|
17-11-2017, 00:27
|
#12
|
Dr Pepper Addict
Cable Forum Team
Join Date: Oct 2003
Location: Nottingham
Age: 61
Services: Flextel SIP : Sky Mobile : Sky Q TV : VM BB (1000 Mbps) : Aquiss FTTP (330 Mbps)
Posts: 27,762
|
Re: SSL certificates aren't neccesarily safe.
Quote:
Originally Posted by RichardCoulter
True, but I think the prescence of an SSL certificate would help to give the fake site credibility.
|
No, it doesnt.
How many times does this need to be said.
It has nothing to do with a sites credibility, its simply a sign of a secure connection between you and the site.
__________________
Baby, I was born this way.
|
|
|
17-11-2017, 10:24
|
#13
|
cf.mega poster
Join Date: Jan 2008
Posts: 10,086
|
Re: SSL certificates aren't neccesarily safe.
What I'm trying to say (this cognitive impairment sometimes makes it difficult to explain what I mean) is that to Joe public, the presence of a certified secure connection may add credibility to the site from a holistic point of view even though it shouldn't be taken to mean any such thing.
---------- Post added at 10:24 ---------- Previous post was at 10:22 ----------
Quote:
Originally Posted by pip08456
Self certification has been around for a while so it doesn't "now appear".
|
This has only just been discovered by myself and Radio 4, there's no need for silly nitpicking..
|
|
|
17-11-2017, 11:28
|
#14
|
Sad Doig Fan!
Join Date: Aug 2007
Location: Barry South Wales
Age: 68
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,661
|
Re: SSL certificates aren't neccesarily safe.
If it has only just been discovered by yourself and radio 4 I suggest you become more aquainted with the internet. This has been common knowledge for a long time.
I commend you on your collaboration with radio 4 though you must be a mine of information for them.
|
|
|
18-11-2017, 16:11
|
#15
|
cf.mega poster
Join Date: Jan 2008
Posts: 10,086
|
Re: SSL certificates aren't neccesarily safe.
Quote:
Originally Posted by pip08456
If it has only just been discovered by yourself and radio 4 I suggest you become more aquainted with the internet. This has been common knowledge for a long time.
I commend you on your collaboration with radio 4 though you must be a mine of information for them.
|
It probably has to those with more knowledge than the average person, so they probably wanted to get the information out there to Joe Bloggs.
You should be able make your point without snide sarcasm.
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +1. The time now is 03:42.
|