Certificate authorities aren’t scrutinizing who gets their SSL certificates, and now a large number of phishing sites have legitimate certificates, said Netcraft, a United Kingdom-based Internet security and research company.
SSL certificates rely on trust. Website operators deploy SSL on their sites so that the data transferred between the Web browser and the server are sent over a secure connection. Certificate authorities issue SSL certificates to show the holder is a legitimate owner of the site. Web browsers typically display a padlock sign to indicate the site has a valid certificate.
To read this article in full or to leave a comment, please click here