« previous next »
Pages: [1]   Go Down

Author Topic: How do you check certificates?  (Read 3934 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33905
  • malware fighter
How do you check certificates?
« on: April 20, 2010, 11:06:31 PM »
Hi malware fighters,

Trust can be abused, so can certification trust. So time to check the security of the https certificates that appear in the Fx or flock browser.
We all heard of the extension perspectives for Fx and flock browser, download from here and install:
https://addons.mozilla.org/en-US/firefox/addon/7974
Perspectives as an extension certainly needs a re-write, and the NS deveoper would like to do that if Giorgio Maone only found the time for this, but it is a great companion of security extensions like NoScript and RequestPolicy, that many of our users here  in the mean time cannot do without inside their Firefox or flock browser as security script blocker and request policy extension.

Another additional extension to use is Certificate patrol inside Fx or flock browser and other browsers,
re: http://patrol.psyced.org/
Download and install from here: https://addons.mozilla.org/firefox/addon/6415
Perspectives and Certificate Patrol can do a great team work together inside the browser.

Now surf a bit more secure ye all, enjoy!

polonus
« Last Edit: April 20, 2010, 11:09:36 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Jahn

  • Guest
Re: How do you check certificates?
« Reply #1 on: April 21, 2010, 12:09:41 AM »
I use Comodo Dragon as my main browser which alerts me for any CV issues. Currently, Comodo Dragon = Chromium 4 + Comodo Verification Engine.

For example, entering https://www.mywot.com/en/user will flag you that the site may not be safe to access with the following message:

Quote
Whenever you make a connection to a secure website, the server hosting that site will send an SSL certificate to your browser to verify its identity. Your browser attempts to use the information on this certificate to verify that you are connected with the website you intended and that the organization behind the website can be trusted. However, some types of certificate do not contain enough information for your browser to make such a decision. These certificates are known as 'Low Assurance' certificates. Low Assurance certificates are issued to an organization using a system of 'challenge-response' emails. This system requires only that the applicant is able to reply to an email sent to an address at the domain for which they are applying. They do not require that the organization undergoes background checks by an independent and trusted 3rd party. These trusted 3rd parties are known as Certification Authorities, with the principal ones subject to strict compliance requirements as dictated by an entity known as WebTrust.

BTW, IE 8 gives a similar message.
Logged

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48568
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: How do you check certificates?
« Reply #2 on: April 22, 2010, 06:01:14 PM »
What makes the site you listed unsafe ???
Logged
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

sded

  • Guest
Re: How do you check certificates?
« Reply #3 on: April 22, 2010, 06:33:05 PM »
In Opera, there is a button (under browser view) called "security".  It puts a padlock on your tab bar, with a number in it for your class of certificate (if any you get a 1 or 3) or is unlocked.  If you click on the padlock, you get both an explanation of certificate source and the level of certificate (just encrypted, or secure for SSL commerce) and can also perform a fraud check on the site.  I think it is not nearly widely enough advertised (not a default?) but is a nice concise way to check on things.  Attachment is for Comodo forums https://forums.comodo.com, which uses a level 1 certificate (just encrypted, not secure for SSL commerce) and a 1 appears in the padlock to instantly characterize the situation.  Very simple for user to understand.  Compare this to the secure site for Smith Barney brokerage, with a 3 in the padlock.  And to a plain old http site-Comodo forums again in http access mode.
« Last Edit: April 22, 2010, 06:54:08 PM by sded »
Logged

Jahn

  • Guest
Re: How do you check certificates?
« Reply #4 on: April 22, 2010, 10:20:01 PM »
Quote from: bob3160 on April 22, 2010, 06:01:14 PM
What makes the site you listed unsafe ???

Quote
The security (or SSL) certificate for this website indicates that the organization operating it may not have undergone trusted third-party validation that it is a legitimate business. Although the information passed between you and this website will be encrypted, you have no assurance of who you are actually exchanging information with, and many websites connected to cyber-crimes use this type of security certificate. Prior to exchanging sensitive information including login/password, personal identity information, or financial details such as credit card numbers with any website that generates this warning, you should find some alternative method of validating this business or consider abandoning the transaction.
Logged

Omega40

  • Guest
Re: How do you check certificates?
« Reply #5 on: April 22, 2010, 10:59:31 PM »
Polonus, the extension you have listed here is for older versions of Fx.
Logged
Pages: [1]   Go Up
« previous next »