Our initial investigation has revealed that the report describes a by-design behaviour in all popular web browsers that allows a website to open or re-use a window without displaying the address bar, which is a trust mechanism built into web...
Presented with a carefully spoofed Bank Of the West email which directed recipients to the phishing website www.bankofthevvest.com (with a double 'v' instead of 'w'), complete with a padlock in the content, spoofed Verisign logo and certificate...
However, when users visit a site with a fraudulent URL and no SSL certificate their address bar will turn red warning them they may be straying into dangerous territory. If the site's URL tallies with who its owner is, and the SSL certificate is...
IE 7, Microsoft's newest web browser, will show a green address bar only when displaying a website that has an "extended validation certificate", or EV SSL. EV SSL certificates are just like those that allow encrypted connections between browsers...
Davies recommended Extended Valuation SSL (EVSSL) to online retailers, which among other things causes the address bar to turn green if the site is bona fide and red if suspected to be a phishing site.
Cranor's report could be positive news for a company such as VeriSign, which in December launched a tool with Microsoft that changes the colour of the browser address bar when it's displaying a website that has an "extended validation certificate...
Did you find this white paper useful? 8 out of 13 users found this white paper useful
White Paper RSS
Download
Register
