[LINK] Trustworthiness of Declarations of Untrustworthiness
Roger Clarke
Roger.Clarke at xamax.com.au
Mon Nov 14 10:20:47 AEDT 2011
I bank with the NAB. Their Internet Banking works okay-ish.
This morning I did it the usual way - typing nab.com.au into my browser-window.
But it did something different today.
It said"
>Safari can't verify the identity of the website "wwww.nab.com.au"
When I had a peek at the details, I found that you can't copy and
paste the contents. Another brilliant piece of programming, that is.
It says (typing errors possible):
www.nab.com.au
Issued by: VeriSign Class 3 Extended Validation SSL SGC CA
Expires: Thursday, 19 January 2012 1:59&:ss z
[The & is actually one of those odd marks I don't know much about -
like a capital 'S' the morning after, when you can't focus properly]
But the clincher is, in red:
This certificate was signed by an unknown authority.
The message didn't crop up in Firefox.
I came back later using Safari, and it didn't appear the second time.
So is a mug punter meant to trust the declaration of
untrustworthiness that was provided by Safari?
--
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
Visiting Professor in Computer Science Australian National University
More information about the Link
mailing list