katarina
join:2003-09-07
Houston, TX
| Security Certificates
I have my settings established in such a way that when I visit a page that has a security certificate, I often get a 'Security Alert' window that states that 'The name on the security certificate is invalid or does not match the name of the site.'
How big of an issue is this? Among others, I've had it happen with an SBC Yahoo! page as well as one of my financial institutions.
The financial institution changed their name in the past year or so and the URL of the page I'm trying to access reflects their old name and old web-site. The certificate was apparently updated to reflect the new name, but they didn't change the name of the page that is being accessed.
I've tried calling companies before to let them know that these security alerts come up when attempting to access their 'secure' pages ... and the people I talk to seem to be totally oblivious and seem to not know who to refer the issue to. Should I keep pushing to get them to 'fix' it and not use the site until they do? Or is it really OK when I can see that it is really a name change issue? |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
| said by katarina  :
How big of an issue is this?
Could be a very big issue.
Ofcourse, use your brains for this one.  If the certificate is for yahoo.com and you visit businessyahoo.com that is part of yahoo corporation, then its OK to use that certificate. If the certificate is for haccedwarexporn.com and you are going onto business.yahoo.com, then I would not use it because you are under MITMA.
--
My computer security & privacy related homepage »www.markusjansson.net
Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy.
[text was edited by author 2003-09-16 17:54:29] |
|
