Prevx browser protection issue...does it check certificate authority?

Discussion in 'Prevx Betas' started by Baz_kasp, Sep 8, 2009.

Thread Status:
Not open for further replies.
  1. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    Hi,

    I am curious about this browser protection thing...let me give you two cases.


    1. Is it wise to have the "green tick" and "Verified by Prevx" for IP verification?

    It gives the user a false sense of security, as you can see below....green tick, phishing website. I understand that the IP verification isn't a guarantee a site is clean but surely it would make sense not to give a perhaps not so clued up home user some kind of false hint that it is?

    px1.JPG

    2. Does Prevx actually check who the CA is for SSL certificates or just for the presence of SSL?

    As an example, my department uses a self signed certificate that isn't automatically trusted by Windows because the root CA isn't a "known" one (unless I import it manually)....whereas Prevx gives it a "green" for SSL validity even without importing (but IE still gives it a red)...."fake" sites can still use self signed certs to provide SSL connections...

    px2.JPG
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Hello,
    Your concern is a valid one - currently we do not analyze the SSL certificate but we will be adding this capability in a future version. For now, the indicator is simply to describe the type of traffic taking place and the level of security at the network layer (i.e. http being inherently far less secure than even a self-signed SSL certificate).

    The green tick for the IP verification is made to show that there is no man-in-the-middle attack taking place. We don't have all of our antiphishing/url-blocking capabilities turned on yet but a known phishing website will be blocked automatically.

    However, in this case, a brand new phishing website may indeed get the green tick, saying that the phishing website isn't being phished (the address resolves correctly).

    I agree that it would be beneficial to not give the user a false sense of security in this case but we'll have to do some research to see how best to change the text/graphics without changing them for all legitimate websites as well.

    Thank you for the suggestions! :thumb:
     
  3. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    Thanks for your reply. :thumb:
     
  4. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,873
    Presently, Prevx scan has become frozen. Has been running for at 1hr:50mins.

    Should I terminate and save the scan result?

    Edit: This should have been posted here > Re: Prevx RC 3.0.4.183
    Please delete.;)
     
    Last edited: Sep 8, 2009
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Hmm... that's quite strange. Yes, if you could email the scan results to report@prevxresearch.com, we will look into what could have broken :doubt:
     
Thread Status:
Not open for further replies.