Slashdot Mirror


Phishing Scams Incorporate SSL Certificates

dettifoss writes "Netcraft reports: `Internet "phishing" scams are incorporating the use of SSL certificates in their efforts to trick users into divulging sensitive login information for financial accounts.' Perhaps more disturbingly: `Scammers can also configure their web server so that deceptive SSL certificates won't trigger an alert in the user's browser. "One of the SSL encoding methods is 'plain text'," Neal Krawetz from Secure Science Corporation noted in the SANS post on the issue. "Most SSL servers have this disabled by default, but most browsers support it. When plain text is used, no central certificate authority is consulted and the user never sees a message asking if a certificate should be accepted.'"

10 of 316 comments (clear)

  1. pfft by Anonymous Coward · · Score: -1, Troll

    I stopped phishing when AOL 3.0 came out...

  2. FIRST POST! by Anonymous Coward · · Score: -1, Troll

    SUCK IT DOWN!

  3. DAMN IT -- I MISSED FP!!! by Anonymous Coward · · Score: -1, Troll

    <a href="http://goatse.cx">3.141592653589793238462643 38327950288419716939937510582097494459230781640628 62
    0899862803482534211706798214808651328230664709 38446095505822317253594081284811
    1745028410270193 85211055596446229489549303819644288109756659334461 284756482337
    867831652712019091456485669234603486 104543266482133936072602491412737245870066
    063155 88174881520920962829254091715364367892590360011330 5305488204665213841469
    51941511609433057270365759 59195309218611738193261179310511854807446237996274 95
    6735188575272489122793818301194912983367336244 06566430860213949463952247371907
    0217986094370277 05392171762931767523846748184676694051320005681271 452635608277
    857713427577896091736371787214684409 012249534301465495853710507922796892589235
    420199 56112129021960864034418159813629774771309960518707 2113499999983729780499
    51059731732816096318595024 45945534690830264252230825334468503526193118817101 00
    0313783875288658753320838142061717766914730359 82534904287554687311595628638823
    5378759375195778 18577805321712268066130019278766111959092164201989 380952572010
    654858632788659361533818279682303019 520353018529689957736225994138912497217752
    834791 31515574857242454150695950829533116861727855889075 0983817546374649393192
    55060400927701671139009848 82401285836160356370766010471018194295559619894676 78
    3744944825537977472684710404753464620804668425 90694912933136770289891521047521
    6205696602405803 81501935112533824300355876402474964732639141992726 042699227967
    823547816360093417216412199245863150 302861829745557067498385054945885869269956
    909272 10797509302955321165344987202755960236480665499119 8818347977535663698074
    26542527862551818417574672 89097777279380008164706001614524919217321721477235 01
    4144197356854816136115735255213347574184946843 85233239073941433345477624168625
    1898356948556209 92192221842725502542568876717904946016534668049886 272327917860
    857843838279679766814541009538837863 609506800642251252051173929848960841284886
    269456 04241965285022210661186306744278622039194945047123 7137869609563643719172
    87467764657573962413890865 83264599581339047802759009946576407895126946839835 25
    9570982582262052248940772671947826848260147699 09026401363944374553050682034962
    5245174939965143 14298091906592509372216964615157098583874105978859 597729754989
    301617539284681382686838689427741559 918559252459539594310499725246808459872736
    446958 48653836736222626099124608051243884390451244136549 7627807977156914359977
    00129616089441694868555848 40635342207222582848864815845602850601684273945226 74
    6767889525213852254995466672782398645659611635 48862305774564980355936345681743
    2411251507606947 94510965960940252288797108931456691368672287489405 601015033086
    179286809208747609178249385890097149 096759852613655497818931297848216829989487
    226588 04857564014270477555132379641451523746234364542858 4447952658678210511413
    54735739523113427166102135 96953623144295248493718

  4. Niggers... by Anonymous Coward · · Score: -1, Troll

    just feasted on my junk liberally..

  5. Open SSL contributes to the problem... by LostCluster · · Score: 2, Troll

    Unfortunately, the open-source SSL systems contribute to this problem...

    Most of them let you do a functionally okay SSL certificate without having to pay a root certificate authority. However, that means you're going to get the "sorta okay" certificate message poping up, with the user being told that the certificate is valid but there's no certifying authority behind it. As a result, the user is trained to click "Yes" to that box, and is conditioned to ignore such errors...

  6. Legislation by dysprosia · · Score: 0, Troll

    Why, oh why isn't there legislation to make this sort of thing illegal? Phishing is basically fraud, and if there was a chance that some action could be done, then these phishers would not be tempted to pull such a stunt, since they would know that there would possibly a lawsuit/jailtime behind this...

    1. Re:Legislation by pookie_jurd · · Score: 2, Troll

      Why isn't there a law against going out and killing people? Then these people "would not be tempted to pull such a stunt, since they would know that there would possibly a lawsuit/jaintime behind this..."

  7. PGP Verified First Post by Anonymous Coward · · Score: -1, Troll

    http://slashdot.org is not OpenPGP compliant. Please remove the spaces slash inserts to verify signature.

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Whoa, phish! (Score:-1)
    by ShockerFan (741511) <shockerfan@b[ ]south.net ['ell' in gap]> on Tuesday March 09, @11:54PM (#8518049)
    (Last Journal: Wednesday January 14, @10:59PM)

    Phish is ghey. I got da FP. bye!
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (GNU/Linux)

    iD8FUCKATsa5mnC8Ma6ZvpIRAkoDAKDC5Yb 5y5Z5p/6A\yRPa4jqMSmyZwCg1txN
    T9h6V5NSLASHDOTStRD HV348=
    =QNVk
    -----END PGP SIGNATURE-----
  8. Uh, duh. by SCHATTIE · · Score: -1, Troll

    Where is the condemnation of your friend Bob Thompson?

  9. I Blame Dirty Hippies! by mikewren420 · · Score: -1, Troll

    Seriously... ok, not. Seriously though, at least I can pay for my RV for Bonnaroo now! :)