I’ve been meaning to mention this for a while, and today I got another reminder when I went to eBay to see how much I could get for a Dell PowerEdge 600SC server:
In IE7, the Address bar turns green to indicate that the secure connection is backed up by an “extended validation” certificate from a trusted certification authority (in this case, Verisign). So far, I’ve seen these certificates at PayPal and eBay, both of which are prime targets for phishing attacks.
When these certificates were announced, there was a bit of a brouhaha about how they would turn mom and pop retail outlets into second-class citizens. But organized criminals aren’t aggressively attacking those little sites; they’re going after the big names. So this approach makes sense. (Not only that, but many small businesses use PayPal or eBay stores for payment and order processing, which means they get the enhanced security without having to pay for an expensive certificate.)
Have you seen these certificates anywhere else?
Update: If you’re running IE7 on Windows XP, you’ll need to go to Windows Update and get the Root Certificates update (in the Optional section) before this feature will work.