WordFence, a well-regarded WordPress security company, has found that SSL certificates are being issued by certificate authorities (CA) to phishing sites pretending to be other sites. Because the certificates are valid, even though they're operating under false premises, Chrome reports these sites as being secure. They're not.
Even when a "certificate is revoked once a CA realizes they should not have issued it, we show that Chrome still shows the site as 'secure.'" The 'revoked' status is only visible in Chrome developer tools.
For more info:
http://www.zdnet.com/article/the-chrome-browsers-secure-isnt-the-same-thing-as-safe/
No comments:
Post a Comment