Home News Forum Articles
  Welcome back Join CF
You are here You are here: Home | Forum | SSL certificates aren't neccesarily safe.

You are currently viewing our boards as a guest which gives you limited access to view most of the discussions, articles and other free features. By joining our Virgin Media community you will have full access to all discussions, be able to view and post threads, communicate privately with other members (PM), respond to polls, upload your own images/photos, and access many other special features. Registration is fast, simple and absolutely free so please join our community today.


Welcome to Cable Forum
Go Back   Cable Forum > Computers & IT > Internet Discussion

SSL certificates aren't neccesarily safe.
Reply
 
Thread Tools
Old 15-11-2017, 20:08   #1
RichardCoulter
cf.mega poster
 
Join Date: Jan 2008
Posts: 9,997
RichardCoulter has disabled reputation
SSL certificates aren't neccesarily safe.

On todays You and Yours programme they had a feature about how easy it is for scam websites to obtain a SLL certificate for only a few pounds.

http://www.bbc.co.uk/programmes/b006qps9

An expert said that there is basically there is no way for the public to be able to tell the difference between legitimate websites and the scammers. All he could advise was for people to use well known trusted brands, but to check carefully as they sometimes clone proper websites, make a minor change like replacing an I with a 1 and register it for a SSL certificate so that people think it's safe to use.
RichardCoulter is offline   Reply With Quote
Advertisement
Old 15-11-2017, 20:16   #2
pip08456
Sad Doig Fan!
 
pip08456's Avatar
 
Join Date: Aug 2007
Location: Barry South Wales
Age: 67
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,646
pip08456 has a nice shiny starpip08456 has a nice shiny star
pip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny star
Re: SSL certificates aren't neccesarily safe.

So what's new?
pip08456 is offline   Reply With Quote
Old 15-11-2017, 22:12   #3
RichardCoulter
cf.mega poster
 
Join Date: Jan 2008
Posts: 9,997
RichardCoulter has disabled reputation
Re: SSL certificates aren't neccesarily safe.

It's the first that I (and I expect many others) had heard about this.

The advice has always been to check that websites have credentials to prove that they are trustworthy, but it now appears that SSL certificates are no guarantee of this at all.
RichardCoulter is offline   Reply With Quote
Old 15-11-2017, 23:05   #4
pip08456
Sad Doig Fan!
 
pip08456's Avatar
 
Join Date: Aug 2007
Location: Barry South Wales
Age: 67
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,646
pip08456 has a nice shiny starpip08456 has a nice shiny star
pip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny star
Re: SSL certificates aren't neccesarily safe.

Quote:
Originally Posted by RichardCoulter View Post
It's the first that I (and I expect many others) had heard about this.

The advice has always been to check that websites have credentials to prove that they are trustworthy, but it now appears that SSL certificates are no guarantee of this at all.
Self certification has been around for a while so it doesn't "now appear".
pip08456 is offline   Reply With Quote
Old 15-11-2017, 23:16   #5
BenMcr
Virgin Media Staff
 
Join Date: Nov 2006
Location: Manchester
Services: 360 x2, Maxit TV, Sky Sports and Sky Cinema. Gig1
Posts: 17,929
BenMcr has a pair of shiny starsBenMcr has a pair of shiny starsBenMcr has a pair of shiny starsBenMcr has a pair of shiny stars
BenMcr has a pair of shiny starsBenMcr has a pair of shiny stars
Re: SSL certificates aren't neccesarily safe.

That's why the Extended Validation Certificates were introduced, as there more legal hurdles to go through, so the aim was to prove that it wasn't just secure, but genuine too.

https://en.wikipedia.org/wiki/Extend...on_Certificate

Pretty sure all banks use them.
__________________
I work for Virgin Media but all views are my own.
BenMcr is offline   Reply With Quote
Old 16-11-2017, 00:37   #6
Paul
Dr Pepper Addict
Cable Forum Team
 
Paul's Avatar
 
Join Date: Oct 2003
Location: Nottingham
Age: 61
Services: Flextel SIP : Sky Mobile : Sky Q TV : VM BB (1000 Mbps) : Aquiss FTTP (330 Mbps)
Posts: 27,612
Paul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered stars
Paul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered stars
Re: SSL certificates aren't neccesarily safe.

Quote:
Originally Posted by RichardCoulter View Post
The advice has always been to check that websites have credentials to prove that they are trustworthy, but it now appears that SSL certificates are no guarantee of this at all.
SSL Certificates have NEVER been related to how trustworth a site is.

They are to secure the communication between you and the site, nothing more.
To obtain a valid one for a website, you must be able to prove you control the domain.

You can also issue yourself an SSL cert, but it wont be trusted by browsers, and will throw an error saying so, until you manually decide to accept it.
__________________

Baby, I was born this way.
Paul is offline   Reply With Quote
Old 16-11-2017, 02:06   #7
RichardCoulter
cf.mega poster
 
Join Date: Jan 2008
Posts: 9,997
RichardCoulter has disabled reputation
Re: SSL certificates aren't neccesarily safe.

That must be why scammers are registering legitimate sites with slight changes to try and fool people into thinking they are another site like cab1eforum.co.uk (example).
RichardCoulter is offline   Reply With Quote
Old 16-11-2017, 11:19   #8
RichardCoulter
cf.mega poster
 
Join Date: Jan 2008
Posts: 9,997
RichardCoulter has disabled reputation
Re: SSL certificates aren't neccesarily safe.

www.tesc0.com is a better example.

It actually exists and is up for sale, no doubt to try and capture credit card details etc
RichardCoulter is offline   Reply With Quote
Old 16-11-2017, 11:28   #9
pip08456
Sad Doig Fan!
 
pip08456's Avatar
 
Join Date: Aug 2007
Location: Barry South Wales
Age: 67
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,646
pip08456 has a nice shiny starpip08456 has a nice shiny star
pip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny star
Re: SSL certificates aren't neccesarily safe.

Quote:
Originally Posted by RichardCoulter View Post
www.tesc0.com is a better example.

It actually exists and is up for sale, no doubt to try and capture credit card details etc
Yes because gullible joe in the street really wants a site called tesc0.com. It has so much appeal.
pip08456 is offline   Reply With Quote
Old 16-11-2017, 19:12   #10
Paul
Dr Pepper Addict
Cable Forum Team
 
Paul's Avatar
 
Join Date: Oct 2003
Location: Nottingham
Age: 61
Services: Flextel SIP : Sky Mobile : Sky Q TV : VM BB (1000 Mbps) : Aquiss FTTP (330 Mbps)
Posts: 27,612
Paul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered stars
Paul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered stars
Re: SSL certificates aren't neccesarily safe.

There is nothing new about people registering similar sites, thats always been happening and has nothing to do with SSL.
__________________

Baby, I was born this way.
Paul is offline   Reply With Quote
Old 17-11-2017, 01:15   #11
RichardCoulter
cf.mega poster
 
Join Date: Jan 2008
Posts: 9,997
RichardCoulter has disabled reputation
Re: SSL certificates aren't neccesarily safe.

Quote:
Originally Posted by pip08456 View Post
Yes because gullible joe in the street really wants a site called tesc0.com. It has so much appeal.
Some people would undoubtedly be conned, especially if they are in a hurry. I suspect most wouldn't, but they only need to scam a few to make it worth their while.

---------- Post added at 00:15 ---------- Previous post was at 00:12 ----------

Quote:
Originally Posted by Paul M View Post
There is nothing new about people registering similar sites, thats always been happening and has nothing to do with SSL.
True, but I think the prescence of an SSL certificate would help to give the fake site credibility.

I suspect that most people in a hurry would probably be glancing at the padlock as opposed to the odd characters being used.
RichardCoulter is offline   Reply With Quote
Old 17-11-2017, 01:27   #12
Paul
Dr Pepper Addict
Cable Forum Team
 
Paul's Avatar
 
Join Date: Oct 2003
Location: Nottingham
Age: 61
Services: Flextel SIP : Sky Mobile : Sky Q TV : VM BB (1000 Mbps) : Aquiss FTTP (330 Mbps)
Posts: 27,612
Paul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered stars
Paul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered stars
Re: SSL certificates aren't neccesarily safe.

Quote:
Originally Posted by RichardCoulter View Post
True, but I think the prescence of an SSL certificate would help to give the fake site credibility.
No, it doesnt.

How many times does this need to be said.
It has nothing to do with a sites credibility, its simply a sign of a secure connection between you and the site.
__________________

Baby, I was born this way.
Paul is offline   Reply With Quote
Old 17-11-2017, 11:24   #13
RichardCoulter
cf.mega poster
 
Join Date: Jan 2008
Posts: 9,997
RichardCoulter has disabled reputation
Re: SSL certificates aren't neccesarily safe.

What I'm trying to say (this cognitive impairment sometimes makes it difficult to explain what I mean) is that to Joe public, the presence of a certified secure connection may add credibility to the site from a holistic point of view even though it shouldn't be taken to mean any such thing.

---------- Post added at 10:24 ---------- Previous post was at 10:22 ----------

Quote:
Originally Posted by pip08456 View Post
Self certification has been around for a while so it doesn't "now appear".
This has only just been discovered by myself and Radio 4, there's no need for silly nitpicking..
RichardCoulter is offline   Reply With Quote
Old 17-11-2017, 12:28   #14
pip08456
Sad Doig Fan!
 
pip08456's Avatar
 
Join Date: Aug 2007
Location: Barry South Wales
Age: 67
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,646
pip08456 has a nice shiny starpip08456 has a nice shiny star
pip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny star
Re: SSL certificates aren't neccesarily safe.

If it has only just been discovered by yourself and radio 4 I suggest you become more aquainted with the internet. This has been common knowledge for a long time.
I commend you on your collaboration with radio 4 though you must be a mine of information for them.
pip08456 is offline   Reply With Quote
Old 18-11-2017, 17:11   #15
RichardCoulter
cf.mega poster
 
Join Date: Jan 2008
Posts: 9,997
RichardCoulter has disabled reputation
Re: SSL certificates aren't neccesarily safe.

Quote:
Originally Posted by pip08456 View Post
If it has only just been discovered by yourself and radio 4 I suggest you become more aquainted with the internet. This has been common knowledge for a long time.
I commend you on your collaboration with radio 4 though you must be a mine of information for them.
It probably has to those with more knowledge than the average person, so they probably wanted to get the information out there to Joe Bloggs.

You should be able make your point without snide sarcasm.
RichardCoulter is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 15:08.


Server: osmium.zmnt.uk
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.