Why Web Browser Padlocks Shouldn't Be Trusted

Why Web Browser Padlocks Shouldn't Be Trusted

Popular ‘safe browsing’ padlocks are now passe as a majority of bad guys also use them.

For years, Apple, Firefox, Google and Microsoft relentlessly made the point that in order to avoid rogue sites you must make sure your browser “padlock” is either locked, green or is otherwise indicating a site as being “secure.” Now, cybersecurity firms are stressing that those padlocks are not enough.

“You must look beyond the lock,” said Dean Coclin, senior director of business development at DigiCert. “They simply can’t be trusted anymore.”

That’s because, years after all major browsers have added visual safety cues to their address bars, the majority of bad guys are also using them.

On Monday, the Anti-Phishing Working Group (APWG) released a study (PDF) that tracked a large uptick in phishing attacks in Q2 of 2020. The surge involves rogue sites using the cryptographic protocol Transport Layer Security or TLS, most commonly referred to by its legacy name Secure Sockets Layer, or SSL.

SSL padlocks indicate that a browser is using a secure and encrypted communication pipe to the server hosting the desired website. SSL warnings are also complemented by the additional “HTTPS” indication within a browser address bar, meaning the browser is transmitting information safely using Hypertext Transfer Protocol Secure.

cryptography web security anti-phishing working group apple business email compromise certificate extended validation certificates firefox google https web browser

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

The Essential Guide to Email Security: Threats, Costs, and Strategies

We all use email on a regular basis, but we aren’t always cognizant of the email security standards we use. If a hacker gains access to your account, or manages to fool you into downloading an attachment with malware via email, it could have devastating consequences for your business.

Google’s Chrome 86: Critical Payments Bug, Password Checker Among Security Notables

Google is rolling out 35 security fixes, and a new password feature, in Chrome 86 versions for Windows, Mac, Android and iOS users. Google's Chrome 86: Critical Payments Bug, Password Checker Among Security Notables ... Google is rolling out 35 security fixes, and a new password feature, in Chrome 86 versions for Windows, Mac, Android and iOS ...

Apple Knocked Off Perch as Most Imitated Brand for Phishing Attacks

COVID-19 pandemic spurs spoofing preference changes, plus a surge in email-based attacks.

Amazon-Themed Phishing Campaigns Swim Past Security Checks

A pair of recent campaigns aim to lift credentials and other personal information under the guise of Amazon package-delivery notices.

These are the Top 5 Browsers for Privacy and Security

Anonymity on the internet has been in a steady state of decline. In the interest of reversing that trend, this is a list of the top five browsers for privacy and security.