Author Topic: Yellow padlock is losing its trusted status :(  (Read 50817 times)

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14651
    • Video Blog
Yellow padlock is losing its trusted status :(
« on: June 26, 2009, 12:48:47 AM »
SSL losing its trust

This is a new video i have prepared to educate people about SSL and the issues with it.

Melih

Offline OmeletGuy

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2915
  • Dragon Theme Maker
Re: Yellow padlock is losing its trusted status :(
« Reply #1 on: June 26, 2009, 01:01:34 AM »
Indeed it is, mostly to us users that know how easy it is to get one. To normal every day users it’s a False Sense of Security and commonly used for fraud. To some people they don’t need to see a Yellow Padlock on the browser, one on the webpage is enough, but fake.
System Details: W8.1-64bit | 16GB DDR3 | Intel Core I7-4710MQ[at]2.5Ghz to 3.5Ghz | CIS 8.2 | Geforce 840M

Toggie

  • Guest
Re: Yellow padlock is losing its trusted status :(
« Reply #2 on: June 26, 2009, 04:53:40 AM »
I have to wonder how many 'normal' users know what the padlock means, assuming they even see it!

The underlying PKI, for now, is sound, but we need something much more obvious and enlightening about any 'secure' connection we make, especially if it involves the transmission of confidential data.

 



Offline eXPerience

  • Left the Forums
  • Comodo's Hero
  • *****
  • Posts: 6958
  • Free Forever !
Re: Yellow padlock is losing its trusted status :(
« Reply #3 on: June 26, 2009, 04:55:25 AM »
Lol, I didn't even know that the yellow padlock was there for that reason .  Well, at least I know it now  88)

Xan

Toggie

  • Guest
Re: Yellow padlock is losing its trusted status :(
« Reply #4 on: June 26, 2009, 05:04:37 AM »
Xan, step into my office, we need to have a conversation ;p

Offline J2897

  • Comodo's Hero
  • *****
  • Posts: 332
  • Limted User Account Enforcer
    • YouTube Channel
Re: Yellow padlock is losing its trusted status :(
« Reply #5 on: June 26, 2009, 12:08:27 PM »
That video was nice and clear; easy to understand. But if anyone missed it:

SSL (the Padlock) means that the Connection (from 'you' to 'the site' you are on) is Encrypted; but that's all it means.

It does NOT mean that the Site Owners are 'Legitimate' or 'Trust Worthy'.

Offline Endymion

  • Comodo's Hero
  • *****
  • Posts: 1360
  • Reality is subordinate to perception.
    • Faces -The Madman (Kahlil Gibran, 1918)
Re: Yellow padlock is losing its trusted status :(
« Reply #6 on: June 26, 2009, 12:13:08 PM »
IMHO in some cases even fairly limited guarantees may be enough, though this may be arguable.


Indeed despite providing different trust levels DV and OV certs are equally represented with the same padlock.

eg: some blog,forum and alike services that require user to provide not much than an email  use ssl certs :

https://forums.weather.com cert is an OV (Organization validation) one but https://help.ubuntu.com/community, https://blogs.secondlife.com/ and https://twitter.com/ are DV (Domain Validation) certs.



Whenever the padlock could lead to implicitly assume more guarantees than those actually implied is no negligible concern, I'm among the lines of those who are not totally against DV certs although I agree that in some scenarios DV certs are not reliable enough.


eg: https://www.createspace.com/ provide a shopping cart but use a DV cert whereas it is not possible to confirm its owner through whois (contact address use a 3rd party  privacy service)

Indeed www.createspace.com is an Amazon subsidiary http://www.amazon.com/gp/help/customer/display.html?nodeId=15015781

But there is no direct way to confirm the organization like there would be for EV or OV certs.
« Last Edit: June 26, 2009, 04:06:20 PM by Endymion »
I have learnt silence from the talkative, toleration from the intolerant, and kindness from the unkind; yet strange, I am ungrateful to these teachers.
Kahlil Gibran (1883 - 1931)

Offline eXPerience

  • Left the Forums
  • Comodo's Hero
  • *****
  • Posts: 6958
  • Free Forever !
Re: Yellow padlock is losing its trusted status :(
« Reply #7 on: June 26, 2009, 12:43:21 PM »
Xan, step into my office, we need to have a conversation ;p
Sure where do we meet ?

Xan

Offline harmony

  • Newbie
  • *
  • Posts: 7
    • Creating a Trusted Internet
Re: Yellow padlock is losing its trusted status :(
« Reply #8 on: June 28, 2009, 11:18:11 PM »
Dangerous Validation! Ha...very Newsful, Melih. Thnx.

Kind regards,
Srikanth

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14651
    • Video Blog
Re: Yellow padlock is losing its trusted status :(
« Reply #9 on: June 29, 2009, 11:19:30 AM »
IMHO in some cases even fairly limited guarantees may be enough, though this may be arguable.


Indeed despite providing different trust levels DV and OV certs are equally represented with the same padlock.

eg: some blog,forum and alike services that require user to provide not much than an email  use ssl certs :

https://forums.weather.com cert is an OV (Organization validation) one but https://help.ubuntu.com/community, https://blogs.secondlife.com/ and https://twitter.com/ are DV (Domain Validation) certs.



Whenever the padlock could lead to implicitly assume more guarantees than those actually implied is no negligible concern, I'm among the lines of those who are not totally against DV certs although I agree that in some scenarios DV certs are not reliable enough.


eg: https://www.createspace.com/ provide a shopping cart but use a DV cert whereas it is not possible to confirm its owner through whois (contact address use a 3rd party  privacy service)

Indeed www.createspace.com is an Amazon subsidiary http://www.amazon.com/gp/help/customer/display.html?nodeId=15015781

But there is no direct way to confirm the organization like there would be for EV or OV certs.

Indeed there are some uses of DV, although fairly limited.

DVs are being used in ecommerce to "establish trust" today. This is wrong, VERY wrong. DV should NOT be used for establishing trust, because there is no trust component in a DV certificate.

Melih

Offline OmeletGuy

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2915
  • Dragon Theme Maker
Re: Yellow padlock is losing its trusted status :(
« Reply #10 on: June 29, 2009, 02:27:08 PM »
Just a question Melih, Why dont the forums have a green bar insted of just the Yellow Padlock.
System Details: W8.1-64bit | 16GB DDR3 | Intel Core I7-4710MQ[at]2.5Ghz to 3.5Ghz | CIS 8.2 | Geforce 840M

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14651
    • Video Blog
Re: Yellow padlock is losing its trusted status :(
« Reply #11 on: June 29, 2009, 03:09:53 PM »
Just a question Melih, Why dont the forums have a green bar insted of just the Yellow Padlock.

because we havent' put an EV cert there..
i guess we should...

Melih

Offline eXPerience

  • Left the Forums
  • Comodo's Hero
  • *****
  • Posts: 6958
  • Free Forever !
Re: Yellow padlock is losing its trusted status :(
« Reply #12 on: June 30, 2009, 03:57:34 AM »
because we havent' put an EV cert there..
i guess we should...

Melih
That would be better, yes :)

Xan

Offline zyrelle27

  • Newbie
  • *
  • Posts: 17
  • "Keep Moving Forward..."
Re: Yellow padlock is losing its trusted status :(
« Reply #13 on: July 01, 2009, 03:05:07 AM »
Wow. Now I know what those yellow padlock is for... I didn't even know what it means, before I just thought that it's some sort of a secure connection between me (my browser) and the site I'm trying to enter.

New knowledge installed.  ;D

Thanks Melih.

Offline SiberLynx

  • Comodo's Hero
  • *****
  • Posts: 2194
Re: Yellow padlock is losing its trusted status :(
« Reply #14 on: July 06, 2009, 01:37:53 AM »
Greetings all,

Since this thread is about Yellow Padlock I'm posting here, but please move it if you find that another place is more appropriate.

It is just I never saw this combination before at Comodo forum site

where “Certified & Authentic” is actually “unauthenticated” and “does not provide ownership”

...which means …  ???

Cheers!
« Last Edit: July 06, 2009, 01:39:45 AM by SiberLynx »
Main OS - Ubuntu
XP Pro, SP3 (32bit), Admin; Comodo Firewall 3.14.130099.587; Proactive with Defense+; Emsisoft Anti-Malware v9; Sandboxie
Win 7 x64, Admin (UAC off); Win7 advanced FW +TinyWall; Emsisoft Anti-Malware v9; Sandboxie
Win 7 Ultimate 32bit (UAC off); Emsisoft Internet Security v9 beta

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek