Seeing the padlock icon when you’re browsing the internet should make you feel secure, right? It does, after all, mean that the site you’re visiting has a Transport Layer Security (TLS) certificate. The firms who manage those certificates are meant to analyse and approve each domain that gets a TLS certificate, but it looks as though the vetting process is not as stringent as it should be. This has resulted in websites being given the TLS certificate, even if it’s not deserved, says Netcraft. Netcraft claims that certificate authorities have issued “hundreds” of certificates for deceptive domain names targeting brands including Paypal, Apple, Bank of America, and UK financial institutions Halifax and NatWest. These SSL certificates give an air of authenticity to phishing sites.
View full story
ORIGINAL SOURCE: Lisa Vaas, Sophos