How Extended Validation Certificates Can Be Used to Scam

29 Dec 2017 • mjtsai.com

Researcher Ian Carroll filed the necessary paperwork to incorporate a business called Stripe Inc. He then used the legal entity to apply for an EV certificate to authenticate the Web page https://stripe.ian.sh/. When viewed in the address bar, the page looks eerily similar to https://stripe.com/, the online payments service that also authenticates itself using an EV certificate issued to Stripe Inc.

Yikes, it’s scary out there. This is why sometimes I just avoid the news entirely.

Running Blind

How Extended Validation Certificates Can Be Used to Scam

Related Posts

Cold Weather as proof against Global Warming 30 Jan 2019

Samsung Space Monitor Optimizes Desk Space With Minimalist Design 28 Jan 2019

Using a newer Ruby with Alfred Workflows (rbenv) 28 Jan 2019