Phishing Scams Incorporate SSL Certificates

dettifoss writes "Netcraft reports: `Internet "phishing" scams are incorporating the use of SSL certificates in their efforts to trick users into divulging sensitive login information for financial accounts.' Perhaps more disturbingly: `Scammers can also configure their web server so that deceptive SSL certificates won't trigger an alert in the user's browser. "One of the SSL encoding methods is 'plain text'," Neal Krawetz from Secure Science Corporation noted in the SANS post on the issue. "Most SSL servers have this disabled by default, but most browsers support it. When plain text is used, no central certificate authority is consulted and the user never sees a message asking if a certificate should be accepted.'"

Bollocks

Absolute rubbish.

Another bullshite, unfounded self-promoting, bunch of codswallup.

SSL isn't flawed (yet), its the implementation of the code in the web server. And to expoit it, a victim has to click on a link that phiz's. Hm, you all seem to think most people are stupid, well, it is generally the case, but in this situation, and the amount of press that banks have given to their customers (have you not seen the junk-mail?), it is still likey that some moron will fall for this trick, but it's not a flaw in SSL, it's a flaw in the code of the http server/client(browser).

Typical unballanced, bollocks.

arggghhhhhhhhhhhhhhh

Re:Do people even see the lock?

[zero_offset]

5:50 AM... Shouldn't you be outside waiting for the school bus?