Results 1 to 4 of 4

Thread: EV Certs broken???

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1

    Default EV Certs broken???

    Found this today which suggested EV certs are broken and they explain
    why.

    Certainly something to watch out for if you are a company with the same
    name as others elsewhere in the world.

    https://stripe.ian.sh

    --
    Richard

  2. #2

    Default Re: EV Certs broken???

    I guess I missed this post.

    The EV SSL certificates are a different thing than the EV code signing
    certificates.

    That's not to say that all of this stuff is entirely adequate, but
    there is that distinction.

    Jeff Slarve
    www.jssoftware.com


    Bits and Bytes are Dy-No-Myte

  3. #3

    Default Re: EV Certs broken???

    Well the technique could certainly be applied to code signed apps
    instead of websites and would it have the same level of scrutiny when
    most of the infosec world appears to be focused on website identities?

    In Windows 7, control panel, add remove programs, you can only see a
    publisher name, so something could be hiding in plain sight so to
    speak.

    I've also noticed MS smart screen and AV software doesnt always flag up
    malicious software even when its code signed.

    A year or so ago I tried getting a domain and had it registered to my
    old company but at an address of an office block that rents office
    space nearby, that was flagged up straight away, so I do wonder just
    how much surveillance there is on us now a days.

    --
    Richard

  4. #4

    Default Re: EV Certs broken???

    Well even Troy Hunt has come out and said EV certs are dead because of
    the upcoming changes to the Browsers.

    Same problem in browsers as in windows now, ie its hard to get more
    detailed info about an EV code signed app or website.

    https://www.troyhunt.com/extended-va...y-really-dead/

    --
    Richard

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •