Phishing Scams Incorporate SSL Certificates

← Back to Stories (view on slashdot.org)

Phishing Scams Incorporate SSL Certificates

Posted by ryuzaki0 on Tuesday March 9, 2004 @04:54PM from the flashing-a-badge dept.

dettifoss writes "Netcraft reports: `Internet "phishing" scams are incorporating the use of SSL certificates in their efforts to trick users into divulging sensitive login information for financial accounts.' Perhaps more disturbingly: `Scammers can also configure their web server so that deceptive SSL certificates won't trigger an alert in the user's browser. "One of the SSL encoding methods is 'plain text'," Neal Krawetz from Secure Science Corporation noted in the SANS post on the issue. "Most SSL servers have this disabled by default, but most browsers support it. When plain text is used, no central certificate authority is consulted and the user never sees a message asking if a certificate should be accepted.'"

12 of 316 comments (clear)

Min score:

Reason:

Sort:

Offtopic: Slashdot tech jobs by britneys+9th+husband · 2004-03-09 16:54 · Score: -1, Offtopic

Has anyone seen the banner ad for "Slashdot tech jobs"? Let's say you're a business, and you hire someone that found your listing through Slashdot. Are you going to act all surprised when they sit around all day... reading Slashdot? What genius thought of this?

--
Hear recorded Slashdot headlines on your phone! New service beta testing. Just call (248) 434-5508
1. Re:Offtopic: Slashdot tech jobs by Anonymous Coward · 2004-03-09 18:46 · Score: -1, Offtopic
  
  The same fuckheads who thought up slashdot.
2. Re:Offtopic: Slashdot tech jobs by Anonymous Coward · 2004-03-09 21:46 · Score: -1, Offtopic
  
  The same fuckheads who thought up slashdot.
  At least they had high enough IQs to suck you in.
*The* question remains: by Anonymous Coward · 2004-03-09 16:57 · Score: -1, Offtopic

Why is my hamster so nice? It can eat a lot and is so soft!
Re:The short by Idealius · 2004-03-09 17:12 · Score: 0, Offtopic

Flamebait +1

For fun.
Phish chicks smell bad by Anonymous Coward · 2004-03-09 17:20 · Score: -1, Offtopic

The only time I got the clap was when I stuck it up a fucked up hippie chick in a van outside of a phish show a couple years ago. Never again.
Re:SSL certificates in 2004 by normal_guy · 2004-03-09 17:35 · Score: -1, Offtopic

What a horribly formatted post, and it got up to 5?

--

Linux: Free if your time is worthless.
Re:FIRST POST! by Anonymous Coward · 2004-03-09 17:39 · Score: -1, Offtopic

yeah, you missed it by a long shot, dumbass!
Re:SSL certificates in 2004 by Anonymous Coward · 2004-03-09 17:40 · Score: -1, Offtopic

At
least
I
didn't
post
anonymous...
it
had to
be
said!
GNAA Thanks You For Your Cooperation by Anonymous Coward · 2004-03-09 17:55 · Score: -1, Offtopic

Props on the failed post.
Re:Look for the cute little lock! by Anonymous Coward · 2004-03-10 00:50 · Score: -1, Offtopic

I didn't think a euphonium could play the banjo .....
Re:Interface issue by Anonymous Coward · 2004-03-10 06:39 · Score: -1, Offtopic

There was evidence to prove that Overly Critical Guy is a lying cocksucker, but he deleted it. Think independently.