[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fighting Spoofing



> Since we're on a larger topic anyway, ...

Look for HTTPS connections. All SSL connections involve a certificate on the server. That certificate must be signed by a CA (Certificate Authority) you trust, such as Verisign, Thawte, etc.

Only trust certificates that have not been revoked. Enable your OCSP service in Mozilla. Review the credentials in the certificate used to establish an SSL connection:

Does the host match the IP (via reverse lookup)?
Does the host match the host on the certificate?
Has the certificate expired?
Is the certificate on the CA's CRL (Certificate Revocation List)?

If anything doesn't feel right, call the company *** using a number you find somewhere else, not one provided in the phony email or website! *** and perform the transaction with a real person.

And no matter what, sometimes, you just can't fix stupid.

Mike/

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.