Re: Re: Defending users of unprotected login pages with TrustBar 0.4.9.93

[mike03051 () yahoo com]

Amir,

Let’s differentiate the issues a bit for clarity. Specifically, let’s differentiate your Hall of Shame list from 
TrustBar features and functions.

We should all be able to agree on statements of fact: Both http: and https: (SSL) sites are subject to MITM exploits. 

I wonder then what is the justification for placing some sites in your Hall of Shame listing. It is not unreasonable to 
view your pages and come to the conclusion that HOS entries are there because they allow access to logon forms using an 
HTTP url. 

If that is the case, then I take exception to the prima facia claims on your site that these are Hall of Shame. They 
all submit secure web forms, like any other secure web site in the world. Your HOS identified sites are no more (or no 
less) susceptible to MITM than any other site in the world, either.

Now as for TrustBar. I have not downloaded or tested TrustBar, so I cannot vouch for how well it works, but from the 
web site it detects HTTPS connections and attempts to match the certificate with the url. This helps to read a 
certificate. One nice touch is the nice logo display for visual verification.

Now a question: does it work if the certificate is valid but says something like citibank.asecur-e.com? Do your company 
logo displays from a db or are they downloaded from the site?

Mike