The Phishers Nightmare EV SSL certificates

Posted on June 29, 2008
Filed Under Digital Software

Working to make our websites safer. Time to de-rod the phishers

Todays websites can be exploited with cross-site scripting vulnerability that can be used by attackers to bypass access controls such as the same origin policy. These guys have too much time on their hads. The vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. I seen many of these on a daily basis. Cross-site scripting carried out on websites were roughly 80% of all documented security vulnerabilities

Cross-site scripting bugs are exploited by identity thieves and phishers, this lets attackers insert their own malicious code into legitimate pages but have also been used for other purposes. Cross-site scripting-XSS is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users.

Online payment provider PayPal has patched a critical cross-site scripting vulnerability just last month. The next step to avoid cross-site scripting using Extended Validation-EV SSL certificates, that are a step above standard SSL certificates, the owners must go through more stringent background checks. They will be introduced to reassure users that an online site is legitimate and not a fake site hosted by phishers. PayPal was one of the first commercial sites to use an EV.

We all need to be using Extended Validation SSL certificates, thus squashing those phishing bastards from the internet pond and keeping e-commerce transactions safer.

Share and Enjoy: