Thursday, March 16, 2006

On latest advanced in phishing

One of the ways to save yourself from falling victim to a phishing attack is to make sure that a)SSL is there and b)the actual organization running the site is the one that owns the SSL cert.

Guess what? This is no longer sufficient - enter SSL phishing with similar cert owner name.

Security Fix - Brian Krebs on Computer and Internet Security - (washingtonpost.com): "The phishing site [...] is protected by a Secure Sockets Layer (SSL) encryption certificate issued by a division of the credit reporting bureau Equifax that is now part of a company called Geotrust."

Dr Anton Chuvakin