Interesting People mailing list archives
Is VeriSign's New Security Seal Too Trusting?
From: Dave Farber <dave () farber net>
Date: Wed, 12 Nov 2003 22:21:27 -0500
Delivered-To: dfarber+ () ux13 sp cs cmu edu Date: Wed, 12 Nov 2003 15:58:24 -0800 From: CircleID Network <info () circleid com> Subject: Is VeriSign's New Security Seal Too Trusting? To: dave () farber net Dave, A report by Justin Everett-Church has revealed a potentially serious flaw with VeriSign's new jazzed up Seal that uses Flash instead of the previous GIF image: "On November 4, 2003, VeriSign announced a new "trust enhancing" seal which they built using Macromedia's Flash technology...While there are problems inherent to VeriSign's approach that call into question their understanding of "The Value of Trust," there are ways they could have made this particular implementation less trivially spoofable. The flaws I demonstrate on this page are flaws in the concept and the execution rather than anything inherently flawed in Flash. Overall this kind of graphical "trustmark" is extremely easy to forge just by recreating the artwork. But in this case, you don't even have to do that. The seal can still be called directly off the VeriSign servers, yet it is easily modified, without recreating artwork, and without doing anything untoward with VeriSign's servers!" Related Links: - http://www.circleid.com/article/372_0_1_0_C/ - http://www.verisign.com/corporate/news/2003/pr_20031104.html ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- Is VeriSign's New Security Seal Too Trusting? Dave Farber (Nov 12)