[ISN] Secure site seals may be misleading: Netcraft

From: InfoSec News (isnat_private)
Date: Mon Jul 29 2002 - 01:32:28 PDT

  • Next message: InfoSec News: "[ISN] Bin Laden hunt enters cyberspace"

    July 29 2002
    Secure site seals handed out to sites by certificate authorities and
    lock icons shown by browsers can often mislead consumers into
    believing that a site is more secure than it actually is, according to
    the latest Netcraft Web Server Survey.
    The survey said a recent dialogue between the two leading certificate
    authorities - Verisign and Geotrust has highlighted the fact that
    though the site seal and browser lock may look reassuring, there was
    no assurance at all that the site is not vulnerable to some well known
    exploit, and typically many are.
    It said the discovery of remote vulnerabilities in Microsoft Commerce
    Server and Microsoft-IIS published last month, had left many commerce
    and financial sites open to attack, and there was often no clear cut
    way in which a site's prospective customers can legally determine
    whether their transactions and data were likely to be safe or not.
    Due to these factors, Netcraft said it was likely that payment
    mechanisms on the Internet would increasingly become centralised.
    The survey also showed that IIS has made a gain of three percent in
    number of sites hosted on the Net due to the fact that register.com
    putting a Windows-based front end back in place on their domain
    parking system. It said register.com had alternated recently between a
    Windows and Linux front end, and this caused a fluctuation when it
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Jul 29 2002 - 04:04:56 PDT