EV (Extended Validation) SSL Security - XSS Attacks

dev041726

So I’m on a webinar right now, listening to a gentlemen from Verisign talking about how the EV (Extended Validation) SSL Cert’s prevent Phishing among other things. You have probably seen the Green Bar and SSL Certificate – The name next to the lock is embedded in the certificate, and the theory is that this cannot be modified by the attacker or phisher. Here is a picture courtesy of Versign:

040948

I’ve asked the presenter to address the following XSS Attacks:

But, I’m hearing mostly about the “Green Bar”, and seeing statistics on how users like the “Green Bar” and sites that get increased transaction volume, transaction ticket sizes, as well as as reduced cart abandonment. Unfortunately the “Security” presentation has turned to a “Sales” presentation… But with these XSS attacks:

The green address bar displayed by the web browser would assure users that they are looking at a website that can be trusted, even though the page they are looking at may contain scripts or HTML created by a remote attacker.

Comments

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×