Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
From: bkfsec <bkfsec () sdf lonestar org>
Date: Tue, 15 Feb 2005 15:49:12 -0500
Gwendolynn ferch Elydyr wrote:


On Tue, 15 Feb 2005, bkfsec wrote:
The difference between CAs and the BBB is that the BBB is well known and highly accountable. CAs are not necessarily. There is no widely screened public discussion or understanding of the function of CAs. The accepted root CAs do their jobs on the browser entirely in the background. Their "seal of approval" is considered implicit by the lack of a message at all. 


The BBB is certainly well known, but describing it as highly accountable
is certainly inaccurate.  A quick web search will inform you that the
BBB has local 'affiliates', and that the quality of these 'affiliates'
can vary dramatically from location to location.

There's no widely screened public discussion or understanding of the
function of the BBB - and their seal of approval certainly appears on
sites and businesses they've never heard of.
Well, I meant more accountable than CAs are. I still think that that statement is accurate if you take my meaning. 

               -Barry

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]