It’s easy to fake Extended Validation certificates, research shows
What does the happy green lock at the top of your browser mean? Maybe not what you think. Extended Validation certificates — the files that tell your browser to show the lock — are supposed to make crystal clear who owns a website, in order to stymie cyberattacks and phishing. Instead, EV certificates are dangerously easy to fake, according to experts like U.S.-based researcher Ian Carroll. The certificates are meant to prove legal ownership of HTTPS websites so that you are certain, for instance, that Google owns the website you’re visiting. Browsers like Chrome and Firefox show a green bar with the company name to signify security. The iOS version of Safari even replaces URLs entirely with the EV certificate. The problem, Carroll explained in a recent blog post, is that it’s easy to incorporate under the same name as big-time companies and therefore imitate their EV certificate. Carroll did exactly that by incorporating […]
The post It’s easy to fake Extended Validation certificates, research shows appeared first on Cyberscoop.
Continue reading It’s easy to fake Extended Validation certificates, research shows