Pale Moon forum

Discussion forum for the Pale Moon web browser
https://forum.palemoon.org/

Extended Validation "spoofing" by colliding entity names

https://forum.palemoon.org/viewtopic.php?f=4&t=17750

Page 1 of 1

Extended Validation "spoofing" by colliding entity names

Posted: 2017-12-14, 21:18
by dark_moon
First read https://arstechnica.com/information-tec ... ink-it-is/

I wonder if we can fix this

Re: Extended Validation "spoofing" by colliding entity names

Posted: 2017-12-15, 07:40
by franzk
viewtopic.php?f=26&t=15583
I'm not sure if it is needed?
Both the HTTPS cert entity and the uri is presented in the address bar.

Re: Extended Validation "spoofing" by colliding entity names

Posted: 2017-12-15, 08:53
by Moonchild
If your browser doesn't provide essential information to verify the identity of the site you visit, then this is a problem. I don't know which browser it is displayed in that article but having just the EV org name displayed is BAD, for this exact reason. You must always show the address or at least the domain to prevent spoofing.

Re: Extended Validation "spoofing" by colliding entity names

Posted: 2017-12-15, 09:02
by Moonchild
dark_moon wrote:I wonder if we can fix this
it would be nice if you first verify next time you're scouring the net for security articles that things even apply to us before you insinuate that this is something that needs fixing in Pale Moon. It'll save me a lot of time having to check into these articles and evaluating applicability every time. Thanks in advance.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited