Via Slashdot, phishers are using valid SSL certificates. SSL isn’t particularly strong crypto, and much of it’s value proposition comes from the fact that the issuers do some checking to make sure the applicant is who they say they are.

This is a stark illustration that identity has nothing to do with malicious intent. Or that the SSL certificate authorities are asleep at the wheel.

This entry was posted on Tuesday, February 14th, 2006 at 12:19 am and is filed under General, Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.