Tuesday, November 07, 2006

INTERNET SECURITY SYSTEMS FAILING CONSUMERS – HTTPS AND VERISIGN SPOOFS


Just when the public begins to understand the value of HTTPS:// and the importance of certificate checking via suppliers like Verisign, the criminals have begun to effectively mimic these safeguards and fool consumers into risky activity. These precautionary security provisions are now of little value as criminals have developed increasingly sophisticated impersonation schemes.

In the past few weeks we have noticed spam emails which lead to either valid HTTPS sites or mimicked sites. In the case of valid HTTPS sites, the criminals have purchased secure server programs in order to commit their crime. The unsuspecting citizen is actually on a secure connection, but he is connected, not to the legitimate business he seeks, but directly to the criminal site.

In other cases criminal webmasters have pasted on top of the URL an image block that says it’s HTTPS and that it’s connected to a legitimate vendor, but in fact the connection is to a criminal site.

In addition the familiar VeriSign logo has been copied and when clicked you are provided with what looks like an authentic certification from VeriSign. It’s not authentic, but it looks good. Only an expert can tell and then only by examining the source code – not for what it says, but for what is missing.

At KnightsBridge Castle we have had to change our internal authentication methodologies in order to avoid these traps. The tools we use are sophisticated and unavailable to most internet users. The solution for consumers seeking safe replies to email notifications? --- We don’t have one. Only be careful and don’t ever supply personal information over the internet when receiving a notification email from PayPal, Ebay, Bank of America, Network Solutions, or anyone.

If you need to access you account ignore the convenient email link. Go to your browser. Search for the home page of the company you seek and then access your account. It’s not fool proof, but its some protection.

0 Comments:

Post a Comment

<< Home

Blog tracker