> "PG" == Peter Gutmann writes:
PG> Even though, according to the second article I referenced, Paypal said it
was
PG> a phishing site and said they'd take it down?
It looks like paypal aquired it around the date of that article, and
registered it with Markmonitor:
Domain Name: PAYPAL-CO
That's trademarks, not copyright, and they get it transfered IF they
request it and the original owner did not have a valid reason to use that
domain with the trademarked name/phrase.
And either way, reusing previously malicious domains for legit purposes is
probably THE WORST method ever of accid
On 13 August 2013 07:00, Peter Gutmann wrote:
> Erwann Abalea writes:
>
>>Looks like paypal-communication.com is a legit domain owned by "Paypal, Inc".
>
> Even though, according to the second article I referenced, Paypal said it was
> a phishing site and said they'd take it down?
When sites hav
Erwann Abalea writes:
>Looks like paypal-communication.com is a legit domain owned by "Paypal, Inc".
Even though, according to the second article I referenced, Paypal said it was
a phishing site and said they'd take it down?
Peter.
___
cryptography ma
The serial number you find in the subject of an EV certificate is the
registration number of the company (Paypal Inc, in Delaware). There's
absolutely no problem in having different certificates with this repeating
serial number (in the subject), as long as they are delivered to the right
company.
given the images seen on the links, both certs are signed by the same
entity (i cannot see the pubKey ID but issuer names match), yet have the
same serial number 3014267. Isn't the (serial number + issuer pub key
identifier) supposed to be unique and identify a cert uniquely?
is it common practice
On Tue, Aug 13, 2013 at 5:10 AM, Peter Gutmann
wrote:
> I recently got a another of the standard phishing emails for Paypal, directing
> me to https://email-edg.paypal.com, which redirects to
> https://view.paypal-communication.com, which has a PayPal EV certificate from
> Verisign. According to
I recently got a another of the standard phishing emails for Paypal, directing
me to https://email-edg.paypal.com, which redirects to
https://view.paypal-communication.com, which has a PayPal EV certificate from
Verisign. According to this post
http://www.onelogin.com/a-paypal-phishing-attack/