An exclusive gaming industry community targeted
to, and designed for Professionals, Businesses
and Students in the sectors and industries
of Gaming, New Media and the Web, all closely
related with it's Business and Industry.
A Rich content driven service including articles,
contributed discussion, news, reviews, networking, downloads,
and debate.
We strive to cater for cultural influencers,
technology decision makers, early adopters and business leaders in the gaming industry.
A medium to share your or contribute your ideas,
experiences, questions and point of view or network
with other colleagues here at iVirtua Community.
Microsoft has quietly flipped the switch on a new feature in Internet Explorer 7 meant to combat phishing scams but small businesses may be affected!
In early January they made a change on its computer systems that allowed Web sites fitted with a new type of security certificate to display a green-filled address bar in IE 7.
ZDNet Blog wrote:
The colored address bar, a new weapon in the fight against phishing scams, is meant as a sign that a site can be trusted, giving Web surfers the green light to carry out transactions there. The green bar already appears on the secured sites of Overstock.com and VeriSign.
VeriSign has about 300 customers, including online retailer Overstock.com, that have signed up for the green bar certification process, said Spiros Theodossiou, a senior product manager at VeriSign. The company plans to unveil the names of more participating Web sites at the RSA Conference, he said.
Now, this might be good for those sites commonly targeted by phishing sites and to help people identify if they site they are on is genuine, however, what if people take it the wrong way and the smaller retailers who cannot afford to register, ( of which there are many smaller retailers), and do not have the green bar, lose out because they think the site is not secure, or illegitimate, even though it is. Alot of people don't look at the little padlock for SSL,but the red bar which warns of suspected or reporting phishing sites does stand out and catch the users attention; and I have tested the green bar and it does stand out as the red one does. Although ti will reassure the IE7 user, it might drive many people away from smaller retailers if they get the wrong idea, and see any retailer with no green bar as a potential scam site, or as insecure or illegitimate. Also, Initially, only incorporated entities will be able to get the trust indicator--a rule that shuts out smaller businesses.
I think it will need to be perfected to allow retailers to sign up more easily, and free to be a fairer and more reliable system.
Firefox 3 also will see this technology, as may Opera.
Quote:
Microsoft is the first browser maker to adopt the EV SSL certificates. Some say the Redmond, Wash.-software giant even jumped the gun by adopting an unfinished standard for issuing the certificates. Other browser makers are still contemplating how to support the new certificates in their products.
"We are including support for EV certificates in Firefox 3, but we are still investigating how we will communicate the additional information to the user," said Window Snyder, security chief at Mozilla, which coordinates development of Firefox, the most used Web browser after IE. Firefox 3 is due in the second half of the year, Snyder said.
Representatives for Opera have said they are waiting to see how Microsoft fares with the green bar in IE7, which last month reached more than 100 million users, before adding such functionality to its browser.
A green bar isn't a seal of approval, it's just certification that the site is a legitimate business, says Microsoft. The bar also displays the name of company to further confirm with the user that they're at the site they intended to be at.
As Internet Explorer 7 usage increases, most significant will be after Windows Vista's launch, more people will trust those green bars that tell users that they're safe. Then they'll feel unsafe when they view "probable phishing" sites, and likely stop viewing them.
Your assertion unfortunately is uninformed and incorrect. The green addressbar is simply a new and different industry standard type of SSL certificate (with more validation done than a traditional SSL site). No money goes to Microsoft. You have to buy an Extended Validation SSL certificate from a certificate authority like Verisgn (and many others) similar to how you get an SSL certificate today. In fact, Opera, Firefox and other browsers have voiced their intent to follow Internet Explorer 7 and also implement the Extended Validation certifcation recognition. It is not saying that the website is 100% free of any security risks, it simply is to state that if you type in https://www.paypal.com - you really are at paypal.com, and not a potential phishing site. Think of it this way - it is very easy to make the look and feel of a website look like any other website. That is how phishing works. However, it is very difficult to fake an extended validation certificate and still make the address bar seem like the legitimate institution. If folks look for a green address bar before entering critical information, everyone on the internet will be a little more safe.
Although that's more of a response to the blog, not our forum topic, and it does not raise any of the key issues we realised to do with the impacts it could have; all it does is explain what it does.