Michael Ströder a écrit :
[...] A couple of days ago I've received a phishing spam e-mail with a detailed description "how to accept the new more secure EV cert" of a banking site. Obviously the goal was to trick the user to access a phishing site. I didn't examine it any further.
Michael, if you received such an email, it sounds *very* interesting and worthy of looking exactly what kind of attack it was. Up to now there has been almost no phishing attack using SSL, so if they start to do it, it's very interesting.
This being said as I tried to explain once on Verisign's Tim Callan blogs, the trouble with EV is that if user trust it as much as he claims, it becomes a target of choice for attackers, one that they might end up using extraordinary means to attack, and I doubt they won't find some weak point in the armor.
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
