Security and certificates

Discussion in 'other security issues & news' started by Fly, Nov 13, 2007.

Thread Status:
Not open for further replies.
  1. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    This isn't really about any kind of anti-malware program in particular, but since I can't find a better place on this forum I'll post it here.

    This is about (SSL?) certificates. I'm not at all an expert in this field, please keep that in mind. Sometime ago I read something about this security issue, but I don't remember where !

    I'm not sure if there is a difference between SSL certificates or any other (?) certificates that are used by many sites, for example Paypal.

    Now, when you log in on Paypal's website you can by right clicking at the right place on the address bar see that the certificate is signed by Verisign. That would suggest you can trust it. But what if a certificate is signed by the Hong Kong Post Office or something more obscure ? (I seem to recall that you can expand the number of certificates organizations issuing certificates by downloading certain non-essential updates for Windows XP, which I did ...)

    Aside from just being super-paranoid about certificates (and certificates may play a role in, for example, security software, but I don't know or if), what can you do to mitigate this risk ? Even aside from just checking certificates when you log in, how do you know that the certificate has not been forged ?

    These seem to be sensible questions, maybe some people can provide some answers ?
     
  2. dNor

    dNor Registered Member

    Joined:
    Oct 3, 2007
    Posts:
    212
    Location:
    Irvine, CA, USA
Loading...
Thread Status:
Not open for further replies.