Site Archives ev

Refute the FUD


In my capacity it’s my job to counter a few baseless claims which some use in order to try to spread Fear, Uncertainty and Doubt (FUD) regarding the digital certificates which StartCom issues for free without charge. This is a response to Sebasti├ín Bortnik, David Harley and Dan Raywood regarding their articles I found recently […]

SSL Flaw by (Browser) Design?


A while ago, the two security “white hats” Alexander Sotirov and Mike Zusman announced that they are going to publish a tool for exploiting EV SSL secured sites at the Black Hat Security Conference at the end of this month. Some sites reported the alleged attack on EV SSL secured sites as a means to […]

The Race Is On - You Won


The competition in the digital certification business is preparing for StartCom’s entry with its super-cheap EV SSL offerings. Proclaims a director of a well known certification authority:
“EV SSL certificates are no longer an expensive premium for Web security; they are a necessary tool to help thwart phishing, man-in-the-middle and other malicious fraud attacks”

CA/Browser Forum


Since this weekend the StartCom Certification Authority is officially a member of the CA/Browser Forum. This forum is a closed group of commercial certification authorities and software vendors - in particular browser vendors - which was founded sometime in 2006. At a previous occasion the StartCom CA was denied participation, but having now met their […]

Positive Indicators


Phishing attacks seldom use SSL certificates for their fake sites resembling Paypal, eBay or whatever, because they look as good without it. So far this apparently just worked fine because a somewhat careless user simply doesn’t pay attention to the microscopic indicators the browsers used to give us in the past. Well, that’s perhaps an […]

Extended Validation - What it really means


I’m going to give you a better understanding about what extended validation (EV) means and what it really gives to you. Throughout many discussion at Mozilla and elsewhere - and specially since my last article about spoofing the secure state of the upcoming Firefox browser, EV certificates are touted by many as the solution […]