Symantec, VeriSign Off To Rocky Start

Posted on Thursday July 15 2010 by hell if i know

Copyright © What The Hell? Security I still find Symantec’s purchase of VeriSign’s security business intriguing. So I decided to do a little research. All I’m gonna say is, nothing beats a little dumpster diving. Look past the scribbles and you’ll find that each company raises some really good points about security-related problems with the other’s [...]

Filed under: certificate authorities, security, ssl | Leave a Comment »

The 9 Laws of Phishing (Part 3)

Posted on Sunday June 27 2010 by hell if i know

Copyright © What The Hell? Security [ Part 1 | Part 2 | Part 3 ] (continued ) The 9 Laws tell us quite a bit about designing a viable platform solution.  Let’s step through them again, sketching as we go. Law 1:  Phishing Is About Commerce Web 1.0 was all about commerce.  Only we [...]

Filed under: certificate authorities, hypertext, malware, phishing, security, security sense | Leave a Comment »

VeriSign Says “What The Hell? Security” Blogger Was Right

Posted on Tuesday June 8 2010 by hell if i know

Copyright © What The Hell? Security MOUNTING VIEW, June 7, 2010 — VeriSign today acknowledged that the real reason it sold its Authentication Services business to Symantec is that it felt remorse over its SSL bribing business model after reading a post at What The Hell? Security. “Once that What The Hell? Security guy exposed us, we knew [...]

Filed under: certificate authorities, fraud, phishing, security, ssl | Leave a Comment »

Introducing the Official What The Hell? Security Glossary

Posted on Monday May 3 2010 by hell if i know

Do you know that browsers do not implement blacklists?  (Hint: They’re blocklists.) And that bribing your Certificate Authority is perfectly legal? Or that you must license the right to render your website’s URLs  with a background color of  green in browser address bars? And what the hell exactly are the Certificate Warnings from Hell? And the [...]

Filed under: certificate authorities, security | Leave a Comment »

The 9 Laws of Phishing (Part 2)

Posted on Wednesday April 28 2010 by hell if i know

Copyright © What The Hell? Security [ Part 1 | Part 2 | Part 3 ] (continued) Picking up at Law 9 of my 9 Laws of Phishing manifesto: 9. The solution is a platform. So why a platform?  Because the phishing problem itself spans a number of platforms:  devices, operating systems, and applications to name [...]

Filed under: certificate authorities, hypertext, phishing, security, security soapbox, ssl | Leave a Comment »

Fishing for Red Herring Phishing Solutions

Posted on Tuesday April 13 2010 by hell if i know

We interrupt The 9 Laws of Phishing to bring you two important questions sponsored by the Incorrectly-Thinks-Email-Is-Broken Coalition, newly joined by eCert. Question 1: What is the most dangerous sport? Boxing?  Sky diving?  Running with the bulls in Pamplona? Answer: Whatever you said, you weren’t even close.  It’s fishing.  No kidding.  Fishers experience more per [...]

Filed under: certificate authorities, fraud, phishing, security, ssl | 2 Comments »

Next Page »
Follow

Get every new post delivered to your Inbox.