Extended Validation "spoofing" by colliding entity names

For the more technical/geeky chat subjects!

Moderator: satrow

dark_moon

Extended Validation "spoofing" by colliding entity names

Unread postby dark_moon » Thu, 14 Dec 2017, 21:18

First read https://arstechnica.com/information-tec ... ink-it-is/

I wonder if we can fix this

franzk
Moongazer
Moongazer
Posts: 12
Joined: Sat, 09 Dec 2017, 10:34

Re: Extended Validation "spoofing" by colliding entity names

Unread postby franzk » Fri, 15 Dec 2017, 07:40

viewtopic.php?f=26&t=15583
I'm not sure if it is needed?
Both the HTTPS cert entity and the uri is presented in the address bar.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 21621
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: Extended Validation "spoofing" by colliding entity names

Unread postby Moonchild » Fri, 15 Dec 2017, 08:53

If your browser doesn't provide essential information to verify the identity of the site you visit, then this is a problem. I don't know which browser it is displayed in that article but having just the EV org name displayed is BAD, for this exact reason. You must always show the address or at least the domain to prevent spoofing.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 21621
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: Extended Validation "spoofing" by colliding entity names

Unread postby Moonchild » Fri, 15 Dec 2017, 09:02

dark_moon wrote:I wonder if we can fix this

it would be nice if you first verify next time you're scouring the net for security articles that things even apply to us before you insinuate that this is something that needs fixing in Pale Moon. It'll save me a lot of time having to check into these articles and evaluating applicability every time. Thanks in advance.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne


Return to “Technical chat”

Who is online

Users browsing this forum: No registered users and 3 guests