[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: [IP] Is VeriSign's New Security Seal Too Trusting?
Delivered-To: dfarber+@ux13.sp.cs.cmu.edu Date: Wed, 12 Nov 2003 15:58:24 -0800 From: CircleID Network <info@circleid.com> Subject: Is VeriSign's New Security Seal Too Trusting? To: dave@farber.net Dave, A report by Justin Everett-Church has revealed a potentially serious flaw with VeriSign's new jazzed up Seal that uses Flash instead of the previous GIF image: "On November 4, 2003, VeriSign announced a new "trust enhancing" seal which they built using Macromedia's Flash technology...While there are problems inherent to VeriSign's approach that call into question their understanding of "The Value of Trust," there are ways they could have made this particular implementation less trivially spoofable. The flaws I demonstrate on this page are flaws in the concept and the execution rather than anything inherently flawed in Flash. Overall this kind of graphical "trustmark" is extremely easy to forge just by recreating the artwork. But in this case, you don't even have to do that. The seal can still be called directly off the VeriSign servers, yet it is easily modified, without recreating artwork, and without doing anything untoward with VeriSign's servers!" Related Links: - http://www.circleid.com/article/372_0_1_0_C/ - http://www.verisign.com/corporate/news/2003/pr_20031104.html ------------------------------------- To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC