-
Blog Post Aug 26, 2019
Mozilla Should Reconsider Removing the EV Green Address Bar
The week before last, very quickly and without advance warning, Mozilla announced that it would remove the Extended Validation SSL certificate indicator from its upcoming build 70. This announcement spawned a very lively debate that is still going on. Below is my response to the thread, explaining why I believe it to be ill- considered and detrimental to overall internet security. Jason Soroko and I also covered Mozilla's decision to remove the EV SSL indicator in our Root Causes PKI and security podcast series.
-
Listen Now
EPISODE 32
Broadcast Date:
August 15, 201925 minutes
Podcast Aug 15, 2019Root Causes 32: Why Do Browsers & Academics Say Differently About EV?
Research shows that sites with Extended Validation SSL certificates are less likely for malware and phishing. So why do browsers say it isn't effective?
-
News Article Aug 01, 2019
Probability That an EV SSL Certificate Is Associated with a Bad...
New research conducted by the Georgia Institute of Technology Cyber Forensics Innovation (CyFI) Laboratory confirms that a website with a company-branded address bar greatly decreases the chance of internet users falling victim to a malware attack or phishing scam.
-
Learn More
Study Finds 99.99 Percent Probability That Websites with...
News Article from Sectigo
News Article Jul 31, 2019To conduct the study, researchers at the CyFI Lab cross-correlated a global repository of web domains with EV certificates against an aggregation of web domains associated with malware, suspicious activity blacklists, and underground marketplace communications.
-
Learn More
Study: 99.99% Probability That Green Address Bars Show Trusted Domains
Press Release from Sectigo
Press Release Jul 30, 2019New research conducted by the Georgia Institute of Technology Cyber Forensics Innovation (CyFI) Laboratory confirms that a website with a company-branded address bar greatly decreases the chance of internet users falling victim to a malware attack or phishing (fraud) scam.
-
Learn More
SSL Certificates Aren't Enough; Businesses Need Extended Validation...
News Article from Sectigo
News Article Jul 30, 2019SSL certificates provide internet users with the assurance that the website they’re visiting is safe, secure and under the control of a legitimate operator. Or at least they're supposed to.
-
Learn More
New Research on EV SSL Security from Georgia Tech
Blog Post from Sectigo
Blog Post Jul 29, 2019Online criminal actors reveals that domains with EV SSL certificates are 99.99% likely to be unassociated with bad cyber actors. CyFI studied 2.6 million domains associated with EV SSL to arrive at these results.
-
Download Now
Understanding the Role of EV Certificates in Internet Abuse
Whitepaper from Sectigo
Whitepaper Jul 29, 2019Research from Georgia Tech's Cyber Forensics Innovation Lab shows that domains with EV SSL certificates are 99.99% likely to be free of online abuse.
-
Learn More
EV Fallacies Debunked
Blog Post from Sectigo
-
Learn More
How Loss Aversion Ties into Decision Making for EV SSL Certificates
Blog Post from Sectigo
Blog Post Jul 01, 2019I have been engaged with many decisions makers who are evaluating whether or not to use Extended Validation SSL on their sites, and I have repeatedly observed how a psychological phenomenon called loss aversion biases this decision-making process. Read on to learn more.
-
Press Release Jun 27, 2019
40% of Large NA Banks Fail to Use Security Best-Practices Vs. Phishing
Sectigo today released findings from its latest Secure Impressions: Online Banking Study, revealing how well the largest banks in North America and Europe ensure and demonstrate security of customer information on their online banking websites. The study found that a notable percentage of banks left customers vulnerable to phishing scams, but that all banks do use some form of SSL certificates.
-
Learn More
A Quarter of European Banks Leave Customers Exposed to Phishing Scams
News Article from Sectigo
News Article Jun 27, 2019An assessment of the digital certificates used to secure the home and login pages of major banks’ websites was conducted by Sectigo, the world’s largest commercial CA for online security technology.
