I recently got a another of the standard phishing emails for Paypal, directing
me to https://email-edg.paypal.com, which redirects to
https://view.paypal-communication.com, which has a PayPal EV certificate from
Verisign. According to this post
On Tue, Aug 13, 2013 at 5:10 AM, Peter Gutmann
pgut...@cs.auckland.ac.nz wrote:
I recently got a another of the standard phishing emails for Paypal, directing
me to https://email-edg.paypal.com, which redirects to
https://view.paypal-communication.com, which has a PayPal EV certificate from
given the images seen on the links, both certs are signed by the same
entity (i cannot see the pubKey ID but issuer names match), yet have the
same serial number 3014267. Isn't the (serial number + issuer pub key
identifier) supposed to be unique and identify a cert uniquely?
is it common practice
The serial number you find in the subject of an EV certificate is the
registration number of the company (Paypal Inc, in Delaware). There's
absolutely no problem in having different certificates with this repeating
serial number (in the subject), as long as they are delivered to the right
company.
Erwann Abalea eaba...@gmail.com writes:
Looks like paypal-communication.com is a legit domain owned by Paypal, Inc.
Even though, according to the second article I referenced, Paypal said it was
a phishing site and said they'd take it down?
Peter.
___
On 13 August 2013 07:00, Peter Gutmann pgut...@cs.auckland.ac.nz wrote:
Erwann Abalea eaba...@gmail.com writes:
Looks like paypal-communication.com is a legit domain owned by Paypal, Inc.
Even though, according to the second article I referenced, Paypal said it was
a phishing site and said
That's trademarks, not copyright, and they get it transfered IF they
request it and the original owner did not have a valid reason to use that
domain with the trademarked name/phrase.
And either way, reusing previously malicious domains for legit purposes is
probably THE WORST method ever of
In article e1v9ac6-0005vx...@login01.fos.auckland.ac.nz you write:
I recently got a another of the standard phishing emails for Paypal, directing
me to https://email-edg.paypal.com, which redirects to
https://view.paypal-communication.com, which has a PayPal EV certificate from
Verisign.
The Certificate Transparency hack day will take place at Google’s London
offices on Wednesday, the 28th of August, 2013.
Please sign up on this
formhttps://docs.google.com/a/google.com/forms/d/1jvO5OdkvRhyTV6XU4Q-YaRKlTSF7rh94LzRFbICHRg8/viewform
by
August 22nd, to let us know you plan to attend.
Dear people of the cryptography@randombit.net mailing list:
For obvious reasons, the time has come to push hard on *verifiable*
end-to-end encryption. Here's our first attempt. We intend to bring
more!
We welcome criticism, suggestions, and requests.
Regards,
Zooko Wilcox-O'Hearn
Founder,
On Tue, August 13, 2013 6:25 am, John Levine wrote:
I agree that it was not a great idea for Paypal to invent
paypal-communication.com rather than a subdomain of one of their
existing well-known domains such as communication.paypal.com.
Using a different second-level domain is generally a
On Tue, Aug 13, 2013 at 9:25 AM, Ben Lincoln (F70C92E3)
f70c9...@beneaththewaves.net wrote:
Unfortunately, it does look somewhat suspicious from a phishing
perspective, especially if a link to a paypal.com subdomain redirects to
it, which (to an end user) looks a lot like what happens when a
Super! I think a commercial operator is an essential step forward.
Q: do you have some sense of how long the accesses take? E.g., I'm at
the end of a long ping, will I expect the actions to take ms, s, or ks?
iang
On 13/08/13 18:56 PM, Zooko Wilcox-OHearn wrote:
Dear people of the
On 8/13/13 11:02 AM, ianG wrote:
Super! I think a commercial operator is an essential step forward.
How so? Centralization via commercial operators doesn't seem to have
helped in the email space lately.
Peter
--
Peter Saint-Andre
https://stpeter.im/
On Tue, Aug 13, 2013 at 5:16 PM, Peter Saint-Andre stpe...@stpeter.im wrote:
On 8/13/13 11:02 AM, ianG wrote:
Super! I think a commercial operator is an essential step forward.
How so? Centralization via commercial operators doesn't seem to have helped
in the email space lately.
It helps
On 8/13/13 12:53 PM, ianG wrote:
On 13/08/13 20:16 PM, Peter Saint-Andre wrote:
On 8/13/13 11:02 AM, ianG wrote:
Super! I think a commercial operator is an essential step forward.
How so? Centralization via commercial operators doesn't seem to have
helped in the email space lately.
On Tue, Aug 13, 2013 at 12:02 PM, ianG i...@iang.org wrote:
Super! I think a commercial operator is an essential step forward.
A few points:
- if only you access your own files then there's much less interest
for a government in your files: they might contain evidence of crimes
and
Hi Guys, if you love crypto-currency, I would be glad if you check out our
new startup at http://bitblu.com.
I would love for feedbacks of anykind.
Thanks a lot!
On Tue, Aug 13, 2013 at 7:40 PM, Andy Steingruebl a...@steingruebl.comwrote:
On Tue, Aug 13, 2013 at 9:25 AM, Ben Lincoln
On Tue, Aug 13, 2013 at 2:09 PM, Peter Saint-Andre stpe...@stpeter.im wrote:
Although presumably there would be value in shutting down a
privacy-protecting service just so that people can't benefit from it any
longer. When the assumption is that everything must be public, any
service that
On Tue, Aug 13, 2013 at 01:09:15PM -0600, Peter Saint-Andre wrote:
On 8/13/13 12:53 PM, ianG wrote:
On 13/08/13 20:16 PM, Peter Saint-Andre wrote:
On 8/13/13 11:02 AM, ianG wrote:
Super! I think a commercial operator is an essential step forward.
How so? Centralization via commercial
On 2013-08-14 6:10 AM, Nico Williams wrote:
- it's really not easy to defeat the PRISMs. the problem is
*political* more than technological.
For a human to read all communications would be an impossible burden.
Instead, apply the following algorithm. Identify people of interest.
Read
James A. Donald writes:
Although websites often use huge numbers of huge cookies, one can
easily optimize one's cookie use. I can see no reason why anyone
would ever need more than a single 96 bit cookie that is a random
number.
They might want to make the content and purpose of the cookie
22 matches
Mail list logo
