--- Reply-To: <ray@private> From: "Ray Everett-Church" <ray@private> To: "'Declan McCullagh'" <declan@private>, <dave@private> Subject: More VeriSign problems X-UIDL: 968c9b776221209877520c929468a9c2 According to http://www.theregister.co.uk/content/55/33779.html, on November 4: > VeriSign today unveiled a redesign of its ubiquitous > Trust Mark seal symbol. Instead of a static GIF image, > the new Trust Mark features a Flash-based animated > design to make it more recognizable online. > > By clicking on the new VeriSign Trust Mark, consumers > can verify a business's legal name, determine the > validity period for the Secure Sockets Layer (SSL) > certificate, and view their place of incorporation. > > Mike Foley, vice president of VeriSign Security > Services, explained that the underlying technology > behind the design had changed so that this information > could be validated in real time - unlike earlier > versions of the seal where information wasn't served > dynamically. This also means that VeriSign can strip > off the revamped Trust Mark seal from a site when a > digital certificate expires, he added. > > The newly designed VeriSign Trust Mark is positioned > as a way for VeriSign's customers to better communicate > the authenticity of their site to potential consumers > online. Unfortunately (but not surprisingly) they implemented it very poorly. My partner, a Flash designer and developer, analyzed their implementation and found numerous problems, including several ways in which it can be trivially spoofed. His analysis, with a live demonstration, appears at: http://www.infinitumdesign.com/verisign.html (Flash 6 required). Regards, -Ray _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2b30 : Tue Nov 11 2003 - 06:51:18 PST