[security] [dix] Re: Gathering requirements for in-browser OpenID support
James A. Donald
jamesd at echeque.com
Wed Nov 1 11:02:31 UTC 2006
--
Dan Lyke wrote:
> On Tue, 31 Oct 2006 03:00:08 -0800, Eddy Nigg
> (StartCom Ltd.) wrote:
>> Guess, he will have a hard time getting a cert for
>> this...Usually wild card certificates require
>> additional verifications as well...
>
> I've seen at least one phishing spam (and my filters
> are pretty good, I don't end up reading too many of
> 'em) that had an address like
> https://paypalsecuritycentral.com or some other
> similarly convoluted and unofficial but possibly
> believable name.
The famous example of this was Mountain America Credit
Union, which was phished by a phisher whose web site was
quite legitimately called Mountain-America.net, and who
had a verisign certificate to prove it.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
LV3m11ePnvRGu4Wuyvq3FR657ilxFIko74ykZV+6
4kjLI/ybkfn8HouiXEUHKtQYOYlwuWCTxVfWtpqQR
More information about the security
mailing list