Google takes web security seriously. When the Google Chrome web browser encounters a payment site without Secure Socket Layer (SSL)/Transport Layer Security (TLS) encryption, it marks as insecure. Soon, Chrome will mark any HTTP site as insecure. That’s great, but just because a site is tagged ‘secure’ doesn’t mean it’s safe. WordFence, a well-regarded WordPress security company, has found that SSL certificates are being issued by certificate authorities (CA) to phishing sites pretending to be other sites. Because the certificates are valid, even though they’re operating under false premises, Chrome reports these sites as being secure. They’re not.
View full story
ORIGINAL SOURCE: ZDNet