Duane wrote:
Since phishing exists happily with no SSL, why would they start using
SSL all of a sudden now that EV's are being discussed?
The use of SSL in phishing is on the increase.
Additionally, one reason why phishers haven't been using SSL is because
browser makers and others aren't screaming "look for the lock"; and the
reason they aren't doing that is because they know phishers will then
start getting domain-validated certs and we'll be no further forward.
If we are going to try and educate the public to look for a trust
indicator, we need a trust indicator which is worthy of the name.
Gerv
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
