Friday, February 26, 2021
Germany Latest News
  • Sports
  • USA
  • Asia
  • Health
  • Life Style
  • Tech
  • Science
  • Latin America
  • Africa
  • Europe
No Result
View All Result
Germany Latest News
Home Tech

Nope, this isn’t the HTTPS-validated Stripe website you think it is

admin by admin
December 12, 2017
in Tech
0
Nope, this isn’t the HTTPS-validated Stripe website you think it is
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter
EnlargeIan Carroll

For a decade, some security professionals have held out extended validation certificates as an innovation in website authentication because they require the person applying for the credential to undergo legal vetting. That's a step up from less stringent domain validation that requires applicants to merely demonstrate control over the site's Internet name. Now, a researcher has shown how EV certificates can be used to trick people into trusting scam sites, particularly when targets are using Apple's Safari browser.

Researcher Ian Carroll filed the necessary paperwork to incorporate a business called Stripe Inc. He then used the legal entity to apply for an EV certificate to authenticate the Web page https://stripe.ian.sh/. When viewed in the address bar, the page looks eerily similar to https://stripe.com/, the online payments service that also authenticates itself using an EV certificate issued to Stripe Inc.

Related posts

Google halts Play Store ‘review bombing’ by GameStop traders

Google halts Play Store ‘review bombing’ by GameStop traders

January 31, 2021
WhatsApp extends ‘confusing’ update deadline

WhatsApp extends ‘confusing’ update deadline

January 16, 2021

The demonstration is concerning because many security professionals counsel end users to look for EV certificates when trying to tell if a site such as https://www.paypal.com is an authentic Web property rather than a fly-by-night look-alike page that's out to steal passwords. But as Carroll's page shows, EV certs can also be used to trick end users into thinking a page has connections to a trusted service or business when in fact no such connection exists. The false impression can be especially convincing when end users use Apple's Safari browser because it often strips out the domain name in the address bar, leaving only the name of the legal entity that obtained the EV certificate.

Enlarge

"With enough mouse clicks, you may be able to open a system certificate viewer or get your browser to show you the city and state," Carroll wrote. "But neither of these are helpful to a typical user, and they will likely just blindly trust the bright green indicator."

Carroll's demonstration comes three months after researcher James Burton exposed a different way EV certificates can be used to trick end users. He established a business named "Identity Verified" and showed how the resulting EV certificate might be used to add the air of authenticity a scam site. Both Carroll and Burton said little effort was necessary to create the legal entities. Carroll said the demo cost $177: $100 in incorporation expenses and $77 for the certificate.

The demonstrations are generating productive discussions among developers about the way EV certificates should be treated in browser user interfaces. Security professionals are also openly discussing whether certificate rules should be modified to prevent these types of cases.

For the time being, people should remember that EV certificates aren't automatically a panacea for online fraud. In some cases, certificates could make an otherwise obvious scam site seem legitimate. When in doubt, end users should carefully inspect the certificate and ensure it was issued to the operator of the trusted site.

Original Article

Ars Technica

The post Nope, this isn’t the HTTPS-validated Stripe website you think it is appeared first on News Wire Now.

Previous Post

Efforts to economically link China and Pakistan hit a road block

Next Post

WATCH: Fordham Students Kicked Out of On-Campus Coffee Shop over ‘MAGA’ Hats

Next Post
WATCH: Fordham Students Kicked Out of On-Campus Coffee Shop over ‘MAGA’ Hats

WATCH: Fordham Students Kicked Out of On-Campus Coffee Shop over ‘MAGA’ Hats

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

RECOMMENDED NEWS

Plane spotting, photo shoots at Thailand’s controversial airport beach

Plane spotting, photo shoots at Thailand’s controversial airport beach

2 years ago
Polls: No Republicans Will Qualify for Governor, Senate Races in California

Polls: No Republicans Will Qualify for Governor, Senate Races in California

3 years ago
Army Chief honours 51 special action group of the national security guards

Army Chief honours 51 special action group of the national security guards

6 months ago
Londons decadent Tramp club sets out to woo Mayfairs bankers

Londons decadent Tramp club sets out to woo Mayfairs bankers

2 years ago

FOLLOW US

  • 81 Followers
  • 106k Subscribers

BROWSE BY CATEGORIES

  • Africa
  • Asia
  • Europe
  • Health
  • latest news
  • Latin America
  • Life Style
  • Science
  • Sports
  • Tech
  • USA

BROWSE BY TOPICS

2018 League Balinese Culture Bali United Budget Travel Champions League Chopper Bike Doctor Terawan Istana Negara Market Stories National Exam Pope Francis may mediate Gulf Crisis Solution Visit Bali
No Result
View All Result

Recent Posts

  • Google halts Play Store ‘review bombing’ by GameStop traders
  • Germany bans entry from the UK, Ireland, Brazil, Portugal and South Africa over COVID-19 variants
  • Biden warns of growing cost of delay on economic coronavirus aid plan
  • Nasa’s Perseverance rover is bearing down on Mars
  • India protests: Internet cut to hunger-striking farmers in Delhi

Categories

  • Africa
  • Asia
  • Europe
  • Health
  • latest news
  • Latin America
  • Life Style
  • Science
  • Sports
  • Tech
  • USA

Tags

2018 League Balinese Culture Bali United Budget Travel Champions League Chopper Bike Doctor Terawan Istana Negara Market Stories National Exam Pope Francis may mediate Gulf Crisis Solution Visit Bali
German Constitutional Court upholds ban on anti-lockdown protest
latest news

German Constitutional Court upholds ban on anti-lockdown protest

by admin
December 6, 2020
0

An anti-lockdown group had filed an urgent court appeal hoping to allow 20,000 people to gather in Bremen. Despite the...

Read more

Recent News

  • Google halts Play Store ‘review bombing’ by GameStop traders
  • Germany bans entry from the UK, Ireland, Brazil, Portugal and South Africa over COVID-19 variants
  • Biden warns of growing cost of delay on economic coronavirus aid plan

Category

  • Africa
  • Asia
  • Europe
  • Health
  • latest news
  • Latin America
  • Life Style
  • Science
  • Sports
  • Tech
  • USA

Recent News

Google halts Play Store ‘review bombing’ by GameStop traders

Google halts Play Store ‘review bombing’ by GameStop traders

January 31, 2021
Germany bans entry from the UK, Ireland, Brazil, Portugal and South Africa over COVID-19 variants

Germany bans entry from the UK, Ireland, Brazil, Portugal and South Africa over COVID-19 variants

January 31, 2021
  • About
  • Advertise
  • Careers
  • Contact

© 2021 JNews - Premium WordPress news & magazine theme by Jegtheme.

No Result
View All Result
  • Home
  • Sports

© 2021 JNews - Premium WordPress news & magazine theme by Jegtheme.