Phishing Sites Going HTTPS

Post by **barbaz** » Sat May 27, 2017 1:49 pm

Don't use HTTPS alone to tell whether the site you're on is legit or not.
https://www.thesslstore.com/blog/lets-encrypt-phishing/

(mozillaZine: http://forums.mozillazine.org/viewtopic ... &t=3030652)

Post by **Thrawn** » Wed May 31, 2017 3:42 am

So there is actually a point to Extended Validation now...although it's still rather a rip-off.

Should we consider it a positive thing that phishing sites are now letting themselves be recorded in a public ledger where they can be spotted and put on browser blacklists?

Post by **barbaz** » Wed May 31, 2017 1:37 pm

Thrawn wrote:Should we consider it a positive thing that phishing sites are now letting themselves be recorded in a public ledger where they can be spotted and put on browser blacklists?

This would make it possible to block some phishing sites before they go live, wouldn't it?

Doesn't sound like a bad thing to me.

Post by **Thrawn** » Thu Jun 01, 2017 12:35 am

Seems to me that with the right setup, either phishers could be caught before they launch (or, at least, launch with HTTPS), or else they'd give up on Let's Encrypt - which would also be a win.

InformAction Forums

Phishing Sites Going HTTPS

Phishing Sites Going HTTPS

Re: Phishing Sites Going HTTPS

Re: Phishing Sites Going HTTPS

Re: Phishing Sites Going HTTPS