Tim and the Tin Titan


SSL is no miracle cure
Netcraft: SSL's Credibility as Phishing Defense Is Tested illustrates how SSL certificates are no guarantee of security.

Phishing is the act of trying to lure a user into giving you their information by pretending to be a legitimate site. There are many such scams going around targeting eBay and PayPal. In this latest variation, the perpetrators are using SSL certificates so that the "lock" icon apprears locked but these can be busted by checking the URL when you accept the certificate. In a even more frightening move, some even set the SSL encryption method to "plain text". This means that the user is not prompted to accept a new certificate (so he/she thinks this is the site they visit all the time) and a central certification authority is not consulted to verify the validity of the certificate since they are not used with this method.

The lesson: type your URL by hand and check those certificate details before giving some personal info.