Secure site seals may be misleading: Netcraft

[InfoSec News <isn () c4i org>]

http://www.smh.com.au/articles/2002/07/29/1027818508949.html

July 29 2002

Secure site seals handed out to sites by certificate authorities and
lock icons shown by browsers can often mislead consumers into
believing that a site is more secure than it actually is, according to
the latest Netcraft Web Server Survey.

The survey said a recent dialogue between the two leading certificate
authorities - Verisign and Geotrust has highlighted the fact that
though the site seal and browser lock may look reassuring, there was
no assurance at all that the site is not vulnerable to some well known
exploit, and typically many are.

It said the discovery of remote vulnerabilities in Microsoft Commerce
Server and Microsoft-IIS published last month, had left many commerce
and financial sites open to attack, and there was often no clear cut
way in which a site's prospective customers can legally determine
whether their transactions and data were likely to be safe or not.

Due to these factors, Netcraft said it was likely that payment
mechanisms on the Internet would increasingly become centralised.

The survey also showed that IIS has made a gain of three percent in
number of sites hosted on the Net due to the fact that register.com
putting a Windows-based front end back in place on their domain
parking system. It said register.com had alternated recently between a
Windows and Linux front end, and this caused a fluctuation when it
changed.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.