More than a 100,000 look-alike domains that use valid TLS certificates to appear safe and trusted have been found on the Internet just in time for the holidays according to security researchers at Venify.

 

Experts Comments

November 19, 2019
Mike Bittner
Associate Director of Digital Security and Operations
The Media Trust
TLS certificates were developed to protect communications between a server hosting a site and a browser. Designed to protect legitimate business, this security measure is now being abused by bad actors exploiting hurried consumers' tendency to pay little attention to details like the URLs of sites they visit. The current push towards universal encryption will worsen this problem, making it difficult to catch bad actors behind website spoofing or typosquatting schemes. Data encryption alone will .....Read More
TLS certificates were developed to protect communications between a server hosting a site and a browser. Designed to protect legitimate business, this security measure is now being abused by bad actors exploiting hurried consumers' tendency to pay little attention to details like the URLs of sites they visit. The current push towards universal encryption will worsen this problem, making it difficult to catch bad actors behind website spoofing or typosquatting schemes. Data encryption alone will not prevent bad actors from accessing personal information from site users. As incidents like those involving PayLeak-3PC and other payment stealing malicious code show, encryption won't prevent bad actors from hijacking the online journey. Detecting this type of code requires the right tools and expertise that conventional security methods don't offer. It also requires knowing who should be running code for what purpose on your website and who shouldn't.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.