Avast WEBforum

Other => Non-Avast security products => Topic started by: polonus on October 17, 2019, 11:00:08 PM

Title: Firefox 70 starts moving the EV indicator out of the URL Bar
Post by: polonus on October 17, 2019, 11:00:08 PM

"While many vendors tend to use the phrase "SSL/TLS Certificate", it may be more accurate to call them:
"Certificates for use with SSL and TLS",

since the protocols are determined by your server configuration, not the certificates themselves."
(Source: https://www.globalsign.com/en/blog/ssl-vs-tls-difference/

It has become harder now to know what is legit and what is not.

Read: https://www.troyhunt.com/extended-validation-certificates-are-dead/
First Apple moved it out, then Google and now Firefox followed.

To still show them: Use the Firefox extension "Certainly Something" by April King (Mozilla staff security engineer).
This is open source (https://github.com/april/certainly-something) and to be download from here: https://addons.mozilla.org/en-US/firefox/addon/certainly-something/.

But there is another way to go back (when you do not want to use profiling extensions):
in about:config there is a flag available to show EV certs despite this recent move:
security.identityblock.show_extended_validation ; setting should be changed to true to show EV certs.

But what when a certificate of a scammer is registered to certifying firm in Panama,
who keeps you and I from knowing who is really behind this cert.
What is the real validity of such a certificate? Only that it says, that it is being trusted by the browser.
No more, no less.

Consider here: https://www.scamadviser.com/check-website/isitascam.org

Now read this threat report: https://www.zscaler.com/blogs/research/february-2018-zscaler-ssl-threat-report

Troy Hunt also got support from some Belgian researcher:
https://ma.ttias.be/the-end-of-extended-validation-certificates/

Where are we going, everyone to use a free Let's Encrypt certificate?
Anyone? What can we really TRUST any longer on the Interwebz, I mean real really?
Not a lot these days, and that's a pity, folks, it is.

polonus

Title: Re: Firefox 70 starts moving the EV indicator out of the URL Bar
Post by: Asyn on October 28, 2019, 09:37:32 AM

Hi Pol, just as a side note, it's still available/shown in Firefox ESR. Groetjes