Author Topic: Let's Encrypt Hands Out 15,000 Fraudulent Security Certificates to Phishers  (Read 143 times)

0 Members and 1 Guest are viewing this topic.

Offline Quizmaster

  • Flying Nurse
  • Seasonal Competition Team
  • *
  • Posts: 23301
    • Smokey's Security Forums
  • .: Surf Queen
Let's Encrypt Hands Out 15,000 Fraudulent Security Certificates to Phishers
28 March 2017, 12:23 am

Let's Encrypt, a free and open Certificate Authority, has issued close to 15,000 certificates containing the term "PayPal" for phishing sites. 

The discovery was made by encryption expert Vincent Lynch, who says 96.7% of the 15,270 security certificates featuring the term "PayPal" issued by Let's Encrypt in the past year have been for phishing sites. The highest density of certificates was issued starting in November 2016, data shows. 

Let's Encrypt hasn't been around for very long. In fact, it entered public beta back in December 2015 was out of beta by April. The idea behind the service is to encrypt websites and serve them over TLS in order to protect users' data from eavesdroppers. The point of these certificates is to reassure visitors of the webpages that the sites are safe. By issuing certificates to phishing sites, Let's Encrypt validated those websites. ... (read more)

Source: Softpedia News / Security

>> To obtain the full Softpedia Security News article, click the link in the first post line <<


Except where otherwise stated, all content, graphics, banners and images included © 2006 - 2018 Smokey Services™ -- All rights reserved
Design board graphics, banners and images by DSTM & PseFrank

This site does not store profiling-, tracking-, third-party and/or any other non-essential cookie(s) on client computers and is fully compliant with the EU ePrivacy Directive
Smokey's does not use any Web Analytics/Analysis Service, and also does not use any browser fingerprinting techniques

Smokey's also provides free fully qualified Log / Malware Analysis & Removal Help and System Health Checks