DRJ Fall 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 32, Issue 2

Full Contents Now Available!

Wednesday, 12 June 2019 15:13

FBI Warns of Dangers in 'Safe' Websites

Criminals are using TLS certificates to convince users that fraudulent sites are worthy of their trust

 

One of the most common mechanisms used to secure web browser sessions — and to assure consumers that their transactions are secure — is also being used by criminals looking to gain victims' trust in phishing campaigns. The FBI has issued a public service announcement defining the problem and urging individuals to go beyond simply trusting any "https" URL. 

Browser publishers and website owners have waged successful campaigns to convince consumers to look for lock icons and the "https:" prefix as indicators that a website is encrypted and, therefore, secure. The problem, according to the FBI and security experts, is that many individuals incorrectly assume that an encrypted site is secure from every sort of security issue.

Craig Young, computer security researcher for Tripwire’s VERT (vulnerability and exposure research team) recognizes the conflict between wanting consumers to feel secure and guarding against dangerous over-confidence. "Over the years, there has been a battle of words around how to communicate online security. Website security can be discussed at a number of levels with greatly different implications," he says.

...

https://www.darkreading.com/vulnerabilities---threats/fbi-warns-of-dangers-in-safe-websites/d/d-id/1334930