Spot Phishing Easier With Versign Firefox Extension

Identity Theft - Phishing : Spot Phishing Easier With Versign Firefox Extension

Posted by Max on 2007/5/20 11:46:47 (819 reads)

Verisign plugin turns the address bar of Firefox green for highly-trusted sites that use EV SSL encryption in a way that mimics IE 7 behavior. The Internet security services provider has released a Firefox extension that
will show the same type of green address bar that is shown by Internet
Explorer 7 when it lands on highly trusted Web sites that use EV SSL
(Extended Validation Secure Sockets Layer) certificates.

Companies like Verisign, Entrust, and Network Solutions have been issuing these certificates since late 2006, but browser makers have lagged behind adopting them. They were deployed by Internet Explorer 7 in late January, and Firefox is expected to support the certificates in Firefox 3.0, sometime later this year.

The EV SSL certificates are in essence an anti-phishing technology designed to give Web surfers extra hints and visual clues when they are visiting secure Web sites, whose URLs begin with "https://."

It's harder for a business to obtain an EV SSL certificate than it is to acquire the omnipresent SSL certificates currently used by most secure Web sites.

Before companies like Verisign will issue an EV SSL certificate, they take extra steps to make sure that it is going to a rightful organization. For example, they will make sure that the business in question is enrolled with local authorities, has a real address, and actually has control over the Web domain in question.

Verisign's Tim Callan says that more than 500 Web sites, including sites run by eBay's PayPal division and ING Group, have now completed EV SSL certification. Nearly 90 percent of them are certified by Verisign, said Callan, a director of product marketing with the company's SSL group.

That's an important point because Verisign's Firefox plugin doesn't identify sites that are certified by its competitors. Callan said it would have been too much work to maintain a list of legitimate EV SSL providers. "At that point, we're creating a whole new simultaneous real-time checking system," he said. "We were willing to invest in this one-off code development, but we didn't want to inherit this legacy of constantly maintaining this service, especially because this is a stop-gap measure. At the end of the year, this will be built into Firefox properly."

Because of this limitation, Verisign isn't recommending that non technical users download the plugin. It's for "technology early adopters and the people who really want to be on the state-of-the-art," Callan said. "For somebody who recognizes the limitations of it and is still asking for it, this is a good solution."

Source : InfoWorld

Previous article - Next article

Other articles
2008/8/21 15:52:01 - BitRoll and Torrent101 Used to Distribute the Lop Adware
2008/8/20 15:06:33 - FRAUDFacts Helps You Fight Identity Theft and Fraud for Life
2008/8/13 16:42:03 - 10 Million Zombies Are Spreading Spam and Malware Every Day
2008/8/11 9:03:35 - Nearly $8.5 Billion Lost by US Consumers because of Online Threats
2008/8/8 6:35:36 - EDS' Eight Tips for Consumers to Protect Themselves from Identity Theft

The comments are owned by the poster. We aren't responsible for their content.