-
Blog Post Aug 26, 2019
Mozilla Should Reconsider Removing the EV Green Address Bar
The week before last, very quickly and without advance warning, Mozilla announced that it would remove the Extended Validation SSL certificate indicator from its upcoming build 70. This announcement spawned a very lively debate that is still going on. Below is my response to the thread, explaining why I believe it to be ill- considered and detrimental to overall internet security. Jason Soroko and I also covered Mozilla's decision to remove the EV SSL indicator in our Root Causes PKI and security podcast series.
-
Podcast Aug 15, 2019
Root Causes 32: Why Do Browsers & Academics Say Differently About EV?
Research shows that sites with Extended Validation SSL certificates are less likely for malware and phishing. So why do browsers say it isn't effective?
-
News Article Aug 01, 2019
Probability That an EV SSL Certificate Is Associated with a Bad...
New research conducted by the Georgia Institute of Technology Cyber Forensics Innovation (CyFI) Laboratory confirms that a website with a company-branded address bar greatly decreases the chance of internet users falling victim to a malware attack or phishing scam.
-
News Article Jul 31, 2019
To conduct the study, researchers at the CyFI Lab cross-correlated a global repository of web domains with EV certificates against an aggregation of web domains associated with malware, suspicious activity blacklists, and underground marketplace communications.
-
Press Release Jul 30, 2019
New research conducted by the Georgia Institute of Technology Cyber Forensics Innovation (CyFI) Laboratory confirms that a website with a company-branded address bar greatly decreases the chance of internet users falling victim to a malware attack or phishing (fraud) scam.
-
News Article Jul 30, 2019
SSL certificates provide internet users with the assurance that the website they’re visiting is safe, secure and under the control of a legitimate operator. Or at least they're supposed to.
-
Blog Post Jul 29, 2019
Online criminal actors reveals that domains with EV SSL certificates are 99.99% likely to be unassociated with bad cyber actors. CyFI studied 2.6 million domains associated with EV SSL to arrive at these results.
-
Whitepaper Jul 29, 2019
Research from Georgia Tech's Cyber Forensics Innovation Lab shows that domains with EV SSL certificates are 99.99% likely to be free of online abuse.
-
-
Blog Post Jul 01, 2019
I have been engaged with many decisions makers who are evaluating whether or not to use Extended Validation SSL on their sites, and I have repeatedly observed how a psychological phenomenon called loss aversion biases this decision-making process. Read on to learn more.
-
Press Release Jun 27, 2019
40% of Large NA Banks Fail to Use Security Best-Practices Vs. Phishing
Sectigo today released findings from its latest Secure Impressions: Online Banking Study, revealing how well the largest banks in North America and Europe ensure and demonstrate security of customer information on their online banking websites. The study found that a notable percentage of banks left customers vulnerable to phishing scams, but that all banks do use some form of SSL certificates.
-
News Article Jun 27, 2019
An assessment of the digital certificates used to secure the home and login pages of major banks’ websites was conducted by Sectigo, the world’s largest commercial CA for online security technology.