What happens when you meet a DV with Comodo Dragon.

Comodo Dragon - CD Beta Corner - CD
#1

Thought i should show you guys what happens when you come across a Domain Validation Cert with Comodo Dragon.

I got to this DV certificate from this rogue site, securekeeper.com (This site is Dangerous) and then I clicked BUY (I got approval to post the URL). Comodo Dragon catches this fake page payment page because its using a (DV) Certificate that does not contain the Identity of the Company or User on the other side of the connection. It is very common for Malware websites to use this type of Certificate to fool people, but Comodo Dragon defends you against this.

[attachment deleted by admin]

#2

These DV certs should NOT be trusted!

Comodo Dragon is the first and so far still the ONLY Browser that helps you differentiate that. And this is so very important! Majority if not all of the malware sites use DV certificates to trick end users…no more… :slight_smile:

Melih

#3

clicking on help me understand does not do anything.

#4

all the help etc get put in after beta…

Melih

#5

gotcha

#6

Why am i getting this alert for facebook??

#7

Face book is using a DV Certificate, thats why your getting this alert.

#8

Why facebook login page is using a DV cert while there is so much phishing going on is beyond me :frowning:

Melih

#9

:comodosavedmylife:

Thanks melih, thats revolutionary indeed :ilovecomodo:

#10

Interesting results

  • IE8 takes me to the previously mentioned site by OmletGuy and to the Buy Now Link without a blink of an eye and no warning.

  • Opera 10 does the same.

  • FF 3.5.3 with WOT disabled it does all the same as the above.

With WOT enabled even going to the main site throws an alert as it’s rated in WOT Toolbar as dangerous.

Geez, what’s an internet surfer to do lol…

Anyway, very impressive stuff, looking forward to further development

Eric

#11

Very good point.

Also with the DV alert, i guess you are adding the “help me understand” info later on?

#12

I had it happen with Facebook too but I proceeded to the site anyway. I would not do that for a site I had never been to before.

#13

Indeed…before the final release all the content will be in place…

Melih

#14

I use Inbox.com for my email but when I enter the site
http://www.inbox.com/
and click on the email icon at the top of the page, I get

      https://www.inbox.com/login.aspx?gdi=true 

     Server's certificate is not trusted
     Domain Control Validation Error in Certificate has been detected

Does this mean that it’s unsafe to use Inbox.com for my email.

If I ignore the warning, and proceed to log into my email account, I don’t get any more warning pages.

#15

I also have an Inbox account and I’m sure it’s safe. It certainly works with IE8 with no problems.

#16

the problem with DV is unless you typed the URL into the address bar you can’t trust it.

Its most likely to be ok…but using DV cert on such important site where people put their communication is not good.

Melih

#17

Thanks for the replies.

#18

Interesting, also inspired me to give the Beta version of this browser a go. :comodosavedmylife:

#19

Sorry but since many legitimate sites still use DV certs and the back button bug being very annoying, I have uninstalled Dragon for now.

#20

“Let me put it this way, plain and simple…IT’S SLACK. God knows why they don’t, a company with over 350 million users on their social netowoking. They try to promote privacy and how you control it but don’t get the fundamental points right which cause concern”

Drive it into them Melih, show them the way and get (no make!) them get your SSL… >:-D