Prevx browser protection issue...does it check certificate authority? [Archive]

View Full Version : Prevx browser protection issue...does it check certificate authority?

Baz_kasp

September 8th, 2009, 08:50 AM

Hi,

I am curious about this browser protection thing...let me give you two cases.

1. Is it wise to have the "green tick" and "Verified by Prevx" for IP verification?

It gives the user a false sense of security, as you can see below....green tick, phishing website. I understand that the IP verification isn't a guarantee a site is clean but surely it would make sense not to give a perhaps not so clued up home user some kind of false hint that it is?

212011

2. Does Prevx actually check who the CA is for SSL certificates or just for the presence of SSL?

As an example, my department uses a self signed certificate that isn't automatically trusted by Windows because the root CA isn't a "known" one (unless I import it manually)....whereas Prevx gives it a "green" for SSL validity even without importing (but IE still gives it a red)...."fake" sites can still use self signed certs to provide SSL connections...

212012

PrevxHelp

September 8th, 2009, 09:11 AM

Hello,
Your concern is a valid one - currently we do not analyze the SSL certificate but we will be adding this capability in a future version. For now, the indicator is simply to describe the type of traffic taking place and the level of security at the network layer (i.e. http being inherently far less secure than even a self-signed SSL certificate).

The green tick for the IP verification is made to show that there is no man-in-the-middle attack taking place. We don't have all of our antiphishing/url-blocking capabilities turned on yet but a known phishing website will be blocked automatically.

However, in this case, a brand new phishing website may indeed get the green tick, saying that the phishing website isn't being phished (the address resolves correctly).

I agree that it would be beneficial to not give the user a false sense of security in this case but we'll have to do some research to see how best to change the text/graphics without changing them for all legitimate websites as well.

Thank you for the suggestions! :thumb:

Baz_kasp

September 8th, 2009, 09:15 AM

Thanks for your reply. :thumb:

Tarnak

September 8th, 2009, 09:35 AM

Presently, Prevx scan has become frozen. Has been running for at 1hr:50mins.

Should I terminate and save the scan result?

Edit: This should have been posted here > Re: Prevx RC 3.0.4.183
Please delete.;)

PrevxHelp

September 8th, 2009, 09:38 AM

{QUOTE-> Presently, Prevx scan has become frozen. Has been running for at 1hr:50mins.

Should I terminate and save the scan result? <-QUOTE}

Hmm... that's quite strange. Yes, if you could email the scan results to report@prevxresearch.com, we will look into what could have broken :-\