Fly
November 13th, 2007, 02:57 PM
This isn't really about any kind of anti-malware program in particular, but since I can't find a better place on this forum I'll post it here.
This is about (SSL?) certificates. I'm not at all an expert in this field, please keep that in mind. Sometime ago I read something about this security issue, but I don't remember where !
I'm not sure if there is a difference between SSL certificates or any other (?) certificates that are used by many sites, for example Paypal.
Now, when you log in on Paypal's website you can by right clicking at the right place on the address bar see that the certificate is signed by Verisign. That would suggest you can trust it. But what if a certificate is signed by the Hong Kong Post Office or something more obscure ? (I seem to recall that you can expand the number of certificates organizations issuing certificates by downloading certain non-essential updates for Windows XP, which I did ...)
Aside from just being super-paranoid about certificates (and certificates may play a role in, for example, security software, but I don't know or if), what can you do to mitigate this risk ? Even aside from just checking certificates when you log in, how do you know that the certificate has not been forged ?
These seem to be sensible questions, maybe some people can provide some answers ?
This is about (SSL?) certificates. I'm not at all an expert in this field, please keep that in mind. Sometime ago I read something about this security issue, but I don't remember where !
I'm not sure if there is a difference between SSL certificates or any other (?) certificates that are used by many sites, for example Paypal.
Now, when you log in on Paypal's website you can by right clicking at the right place on the address bar see that the certificate is signed by Verisign. That would suggest you can trust it. But what if a certificate is signed by the Hong Kong Post Office or something more obscure ? (I seem to recall that you can expand the number of certificates organizations issuing certificates by downloading certain non-essential updates for Windows XP, which I did ...)
Aside from just being super-paranoid about certificates (and certificates may play a role in, for example, security software, but I don't know or if), what can you do to mitigate this risk ? Even aside from just checking certificates when you log in, how do you know that the certificate has not been forged ?
These seem to be sensible questions, maybe some people can provide some answers ?