More than a 100,000 look-alike domains that use valid TLS certificates to appear safe and trusted have been found on the Internet just in time for the holidays according to security researchers at Venify.
More than a 100,000 look-alike domains that use valid TLS certificates to appear safe and trusted have been found on the Internet just in time for the holidays according to security researchers at Venify.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
TLS certificates were developed to protect communications between a server hosting a site and a browser. Designed to protect legitimate business, this security measure is now being abused by bad actors exploiting hurried consumers\’ tendency to pay little attention to details like the URLs of sites they visit. The current push towards universal encryption will worsen this problem, making it difficult to catch bad actors behind website spoofing or typosquatting schemes. Data encryption alone will not prevent bad actors from accessing personal information from site users. As incidents like those involving PayLeak-3PC and other payment stealing malicious code show, encryption won\’t prevent bad actors from hijacking the online journey. Detecting this type of code requires the right tools and expertise that conventional security methods don\’t offer. It also requires knowing who should be running code for what purpose on your website and who shouldn\’t.