More than a 100,000 look-alike domains that use valid TLS certificates to appear safe and trusted have been found on the Internet just in time for the holidays according to security researchers at Venify.

 

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Mike Bittner
Mike Bittner , Associate Director of Digital Security and Operations
InfoSec Expert
November 19, 2019 11:23 am

TLS certificates were developed to protect communications between a server hosting a site and a browser. Designed to protect legitimate business, this security measure is now being abused by bad actors exploiting hurried consumers\’ tendency to pay little attention to details like the URLs of sites they visit. The current push towards universal encryption will worsen this problem, making it difficult to catch bad actors behind website spoofing or typosquatting schemes. Data encryption alone will not prevent bad actors from accessing personal information from site users. As incidents like those involving PayLeak-3PC and other payment stealing malicious code show, encryption won\’t prevent bad actors from hijacking the online journey. Detecting this type of code requires the right tools and expertise that conventional security methods don\’t offer. It also requires knowing who should be running code for what purpose on your website and who shouldn\’t.

Last edited 3 years ago by Mike Bittner
1
0
Would love your thoughts, please comment.x
()
x