InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Phishing Sites Going HTTPS

https://forums.informaction.com/viewtopic.php?t=22865

Page 1 of 1

Phishing Sites Going HTTPS

Posted: Sat May 27, 2017 1:49 pm
by barbaz
Don't use HTTPS alone to tell whether the site you're on is legit or not.
https://www.thesslstore.com/blog/lets-encrypt-phishing/

(mozillaZine: http://forums.mozillazine.org/viewtopic ... &t=3030652)

Re: Phishing Sites Going HTTPS

Posted: Wed May 31, 2017 3:42 am
by Thrawn
So there is actually a point to Extended Validation now...although it's still rather a rip-off.

Should we consider it a positive thing that phishing sites are now letting themselves be recorded in a public ledger where they can be spotted and put on browser blacklists?

Re: Phishing Sites Going HTTPS

Posted: Wed May 31, 2017 1:37 pm
by barbaz
Thrawn wrote:Should we consider it a positive thing that phishing sites are now letting themselves be recorded in a public ledger where they can be spotted and put on browser blacklists?
This would make it possible to block some phishing sites before they go live, wouldn't it?

Doesn't sound like a bad thing to me.

Re: Phishing Sites Going HTTPS

Posted: Thu Jun 01, 2017 12:35 am
by Thrawn
Seems to me that with the right setup, either phishers could be caught before they launch (or, at least, launch with HTTPS), or else they'd give up on Let's Encrypt - which would also be a win.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited