__/ [John Bokma] on Tuesday 03 January 2006 10:47 \__
> Borek <m.borkowski@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
>> On Tue, 03 Jan 2006 11:28:17 +0100, John Bokma <john@xxxxxxxxxxxxxxx>
>> wrote:
>>
>>> "Do Internet users pay attention to browser warnings alerting them to
>>> problems with a site's SSL certificate? The question got an
>>> unintended field test earlier this year when New Zealand's BankDirect
>>> accidentally allowed a certificate to expire. The mistake was fixed
>>> within 12 hours, during which about 300 customers were presented with
>>> a security alert when
>>> they visited the bank's website. Server logs show that all but one of
>>> 300 users dismissed the warning and logged in as usual."
>>>
>>> Ha ha ha, QED
>>
>> That's not as conclusive as you want it to be. If my bank SSL
>> certificate expires it will probably not stop me from accessing
>> my account, although I will do some additional checks first.
>
> Yup, you are probably 1 in 300.
He is. The bank is often liable, so few people bother to check certifices and
remain cautious. I log in quite mechanically, not even thinking about it.
Any prompts or announcements get out of the way involuntarily.
Since John and Borek are here, there are Perl script that get the 'meat'
automatically nowadays (well, for many years already):
http://cpan.develooper.com/modules/by-module/Finance/
>> But then I am slightly above Joe Average when it comes to
>> understanding internet.
>
> Yup. The rest of the article is interesting as well. It seems that SSL
> certificates are indeed used in phishing attempts, for quite some time
> even.
It's probably the least suspicious protocol, depending how you look at it.
Roy
|
|
