Slashdot Mirror

← Back to Stories (view on slashdot.org)

How VeriSign Could Stop Drive-By Downloads

Posted by Zonk on from the bonzer's-not-my-buddy dept.

emcron writes "Ben Edelman has been doing great forensic work looking at spyware, adware, and malware. His latest piece, How VeriSign Could Stop Drive-By Downloads, turns the harsh light of public scrutiny on VeriSign's grubby practices in issuing digital certificates to vendors who try to install spyware by tricking users into clicking 'yes' with low-down dirty lying dialog boxes. Now, Ben wants VeriSign to clean up its act: it should refuse to issue certificates to companies that use obviously fake names (such as "CLICK YES TO CONTINUE") or that use those certificates to deceive consumers."

2 of 229 comments (clear)

  1. Stupid User Factor... by Anonymous Coward · · Score: 0, Redundant

    How is Verisign responsible for stupid users? I don't understand why they should deny themselves business by blocking companies called "CLICK YES TO CONTINUE" or whatever the fuck they want.

    At the end of the day, it's the end user that agrees to the cert. Stupid is as stupid does. Just let Darwin sort it out.

    That is all.

  2. Re:Meanwhile by blane.bramble · · Score: 1, Redundant

    The certificate is there to prove the content is from who it claims to be, not that the content or provider is trustworthy.