[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fwd: [Krebs on Security] Experian Site Can Give Anyone Your Credit Freeze PIN
- To: http://www.vermont.gov/~flora. (Flora E ), http://profiles.yahoo.com/Flora (Flora E ), http://www.gmail.com/~flora (Flora E )
- Subject: Re: Fwd: [Krebs on Security] Experian Site Can Give Anyone Your Credit Freeze PIN
- From: Robert <http://dummy.us.eu.org/robert>
- Date: Fri, 22 Sep 2017 08:51:15 -0700
- Cc: Noelle <http://dummy.us.eu.org/noelleg>
- Keywords: my-Oakland-voicemail-number<
> From: Flora <http://www.gmail.com/~flora>
> Date: Thu, 21 Sep 2017 18:43:46 -0400
>
> Very interesting.
>
> If he faked the SSL certificate, how can we trust anything?
It wasn't faked. It was just another SSL certificate.
You cannot tell whether something is "authentic" or not in general. All
you know is that, when you visit a web site, it is the web site that you
are visiting and not another. Unless you've visited it before or get some
sort of reassurance of its authenticity from somewhere else, there's no
way to tell whether a site can be trusted or not per se. (In general,
companies which issue certificates are supposed to vet these things, but
these companies are sometimes disorganized. I read an article about this
last year and it is biggest gaping hole in the security of the internet at
the moment. Google is trying to come with another trust model based on
blockchains, which seems like a promising path.)
So, this Nick guy should be praised for making people more aware of what
phishing is and what it means to be "phished".
> On Sep 21, 2017 5:48 PM, "Noelle" <http://dummy.us.eu.org/noelleg>
> wrote:
>
> http://www.npr.org/sections/thetwo-way/2017/09/21/552681357/after-massive-data-breach-equifax-directed-customers-to-fake-site
>
> that software engineer Nick needs to be more detail-oriented.