Re: What EV certs are good for
On Wed, Jan 28, 2009 at 5:14 AM, William Soley william.so...@sun.com wrote: On Jan 27, 2009, at 6:04 AM, Jerry Leichter wrote: It might be useful to put together a special-purpose HTTPS client which would initiate a connection and tell you about the cert returned, then exit. I use ... openssl s_client -connect www.whatever.com:443 -showcerts Ships with Mac OS, Solaris, Linux, etc. And to use TOR, put torify on the front. Having run the tor server, of course. Except on MacOS, where torify doesn't (can't? Does anyone know better) work. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: What EV certs are good for
I just received a phishing email, allegedly from HSBC: Dear HSBC Member, So did the link have a EV cert? Hardly matters. HSBC has vast numbers of web servers all over the world, some with EV certs, some without. For example, their US customer site for deposit customers at https://www.us.hsbc.com/ doesn't, but their site for credit cards at https://www.hsbccreditcard.com/ does, although it's kind of hard to tell because they tend to put you on a non-https page until you log in. R's, John - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: What EV certs are good for
On Sun, Jan 25, 2009 at 11:04 PM, Jerry Leichter leich...@lrw.com wrote: I just received a phishing email, allegedly from HSBC: Dear HSBC Member, Due to the high number of fraud attempts and phishing scams, it has been decided to implement EV SSL Certification on this Internet Banking website. The use of EV SSL certification works with high security Web browsers to clearly identify whether the site belongs to the company or is another site imitating that company's site (I hope I haven't quoted enough to trigger someone's spam detectors!) Needless to say, the message goes on to suggest clicking on a link to update your account. So did the link have a EV cert? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: What EV certs are good for
On Jan 27, 2009, at 6:04 AM, Jerry Leichter wrote: It might be useful to put together a special-purpose HTTPS client which would initiate a connection and tell you about the cert returned, then exit. I use ... openssl s_client -connect www.whatever.com:443 -showcerts Ships with Mac OS, Solaris, Linux, etc. -Bill - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: What EV certs are good for
On Tue, Jan 27, 2009 at 09:04:45AM -0500, Jerry Leichter wrote: [...] It might be useful to put together a special-purpose HTTPS client which would initiate a connection and tell you about the cert returned, then exit. [...] I often use this (though there's probably an easier way)... echo|openssl s_client -connect www.example.com:https|openssl x509 -text Quick and dirty, but gets the job done. -- { IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657); SMTP(fu...@yuggoth.org); IRC(fu...@irc.yuggoth.org#ccl); ICQ(114362511); AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER(fu...@yuggoth.org); MUD(fu...@katarsis.mudpy.org:6669); WWW(http://fungi.yuggoth.org/); } - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
What EV certs are good for
I just received a phishing email, allegedly from HSBC: Dear HSBC Member, Due to the high number of fraud attempts and phishing scams, it has been decided to implement EV SSL Certification on this Internet Banking website. The use of EV SSL certification works with high security Web browsers to clearly identify whether the site belongs to the company or is another site imitating that company's site (I hope I haven't quoted enough to trigger someone's spam detectors!) Needless to say, the message goes on to suggest clicking on a link to update your account. -- Jerry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com