Extended Validation "spoofing" by colliding entity names

For the more technical/geeky chat subjects!

Moderator: satrow

dark_moon

Extended Validation "spoofing" by colliding entity names

Postby dark_moon » Thu, 14 Dec 2017, 21:18

First read https://arstechnica.com/information-tec ... ink-it-is/

I wonder if we can fix this

franzk
Moongazer
Moongazer
Posts: 12
Joined: Sat, 09 Dec 2017, 10:34

Re: Extended Validation "spoofing" by colliding entity names

Postby franzk » Fri, 15 Dec 2017, 07:40

viewtopic.php?f=26&t=15583
I'm not sure if it is needed?
Both the HTTPS cert entity and the uri is presented in the address bar.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 21185
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: Extended Validation "spoofing" by colliding entity names

Postby Moonchild » Fri, 15 Dec 2017, 08:53

If your browser doesn't provide essential information to verify the identity of the site you visit, then this is a problem. I don't know which browser it is displayed in that article but having just the EV org name displayed is BAD, for this exact reason. You must always show the address or at least the domain to prevent spoofing.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"The wisest men follow their own direction." - Euripedes

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 21185
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: Extended Validation "spoofing" by colliding entity names

Postby Moonchild » Fri, 15 Dec 2017, 09:02

dark_moon wrote:I wonder if we can fix this

it would be nice if you first verify next time you're scouring the net for security articles that things even apply to us before you insinuate that this is something that needs fixing in Pale Moon. It'll save me a lot of time having to check into these articles and evaluating applicability every time. Thanks in advance.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"The wisest men follow their own direction." - Euripedes


Return to “Technical chat”

Who is online

Users browsing this forum: No registered users and 3 guests