So I was reading a security blog about https phishing attacks: http://www.thesecurityblogger.com/abusing-faith-in-https-overview-of-https-phishing-attacks, which mentioned Let's Encrypt, and remembered how CNN's Twitter account is about 50% fake users: https://www.twitteraudit.com/CNN (lol I won’t mention political jokes), and I started wondering if LE has done any research to find out how many of their millions of certificates are only being used for a few days for phishing scam domains? This may not be an easy thing to find out but it sure feels like valid research that could easily lead to a white paper or even being the basis for a talk at http://www.blackhat.com or one of the other security cons. Just curious…
there is an article on the CA’s role in fighting phishing etc
there are many challenges with doing the research you are proposing in an automated way are numerous and a manual review is not scaleable
Andrei
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.