I was visiting some phishing sites (as you do) and came across this one. These things have short lifetimes; it may not be there when you check. It is/was an eBay spoof page, spam-advertised, which had a spiffy-looking Verisign Site Seal in the bottom corner, which was actually linked to the correct URL at Verisign! Perhaps this is a result of them just saving the eBay page to disk and whacking it up on the webserver. Anyway, I know no-one ever clicks on these things, but I thought I'd try it, to make sure I got a scary message from Verisign.
In fact, what I got was this:
Unable to validate this sealWe are unable to verify the status of this seal at this time. Please try again later.
Click here to learn more about SSL Certificates.
Wow, that has me scared. I'll be sure not to type my eBay credentials into the site now...
Posted by gerv at April 17, 2008 3:37 PM | TrackBackI got a blank page. Hooray for badly designed Javascript-only sites!
Posted by: ant at April 17, 2008 6:20 PMIf you replace the name of the site by some random string you always get that "please try again later".
https://seal.verisign.com/splash?form_file=fdf/splash.fdf&lang=en&dn=www.mkjhsdmfghmksgh.com
Not very serious work from Verisign here.
Also when they publicize than user trust so much more EV than ordinary certificates, that means that EV will become sooner or later a major target for pirates. Until those pirates succeed to destroy that trust.
I get no phishing/malware warning with Firefox 3 Beta 5. Is this correct?
Posted by: bugging at April 17, 2008 9:29 PMjmdesp: Indeed; it uses the referrer to check, I believe.
EV may well become a target; but getting an EV cert as a phisher is no easy feat. Read the spec. If you find flaws in it, let us know. :-)
bugging: It seems no-one has yet submitted this site to the appropriate phishing lists.
Posted by: Gerv at April 18, 2008 9:00 AM