Shostack + Friends Blog Archive


Branded Security

branded-security.jpgFor quite some time, Ian Grigg has been calling for security branding for certificate authorities. When making a reservation for a Joie de Vivre hotel, I got the attached Javascript pop-up. (You reach it before the providing a credit card number.)

I am FORCED to ask, HOWEVER , what the average consumer is supposed to make of this? (“I can make a hat, and a boat…”) Who is this VERISIGN, and why might I care?

The word Verisign isn’t a link. It’s not strongly tied to what I’m seeing. (Except for the small matter of legality, I could make this site pop up that exact same dialog box.) It is eminently forgeable, there’s no URL, there’s nothing graphical.

Nevertheless, it probably pre-sages such dialog boxes popping up next to the colored URL bar, and confusing the message they’re trying to send.

3 comments on "Branded Security"

Comments are closed.