Netcraft wonders if CAs are taking verification rules seriously.
Simon Sharwood:
UK Banks Halifax and NatWest are among organisations targeted by fake sites that have won SSL certificates from certification authorities (CAs).
Netcraft says certifiers who should know better such as Symantec, Comodo, CloudFlare’s certification partner GlobalSign and GoDaddy have handed out certs to sites like natwestnwolb.co.uk. That site’s a faked attempt at luring traffic away from UK bank NatWest’s real online banking operation at www.nwolb.com. Another UK bank, Halifax, is flattered by the existence of fake site halifaxonline-uk.com. Someone’s trying to take a bit out of Apple at itunes-security.net, PayPal has to cope with emergencypaypal.net and phishers even think someone’s likely to have such fat fingers that they end up at btintranert.com.
To read the entire article, please click here.
Source: http://www.theregister.co.uk/
