Extended Validation "spoofing" by colliding entity names

dark_moon · Unread post by **dark_moon** » 2017-12-14, 21:18

First read https://arstechnica.com/information-tec ... ink-it-is/

I wonder if we can fix this

franzk · Unread post by **franzk** » 2017-12-15, 07:40

viewtopic.php?f=26&t=15583
I'm not sure if it is needed?
Both the HTTPS cert entity and the uri is presented in the address bar.

Unread post by **Moonchild** » 2017-12-15, 08:53

If your browser doesn't provide essential information to verify the identity of the site you visit, then this is a problem. I don't know which browser it is displayed in that article but having just the EV org name displayed is BAD, for this exact reason. You must always show the address or at least the domain to prevent spoofing.

Unread post by **Moonchild** » 2017-12-15, 09:02

dark_moon wrote:I wonder if we can fix this

it would be nice if you first verify next time you're scouring the net for security articles that things even apply to us before you insinuate that this is something that needs fixing in Pale Moon. It'll save me a lot of time having to check into these articles and evaluating applicability every time. Thanks in advance.

Pale Moon forum

Extended Validation "spoofing" by colliding entity names

Extended Validation "spoofing" by colliding entity names

Re: Extended Validation "spoofing" by colliding entity names

Re: Extended Validation "spoofing" by colliding entity names

Re: Extended Validation "spoofing" by colliding entity names