Phishing Quiz

I came across this fun quiz on phishing on the McAfee site:

If you have 5 to 10 minutes, give it a try.  A couple of the questions are fairly easy, a couple of them are fairly tricky.  But the last one is my favorite:

True of false: An SSL certificate ensures that a site is genuine.

Ah, not so easy to answer.  There are a number of ways to answer this and each has their own set of arguments.  The problem with the question is two-fold:  technically the question is implying 100% certainty, and of course, there is no such thing.  Secondly, the concept of genuine is a bit vague.   Perhaps the simplest possible meaning is sincere -- in which case false would be the correct answer. 

On the other hand, at the core, I believe yes, it does ensure the site is genuine.  By genuine, I mean authentic and owned by the site my browser tells me it is coming from.  Whether I trust that site content, or whether or not it is legitimate, is another matter.  Put simply, I feel certain that there is no man-in-the-middle brokering the conversation.

In reality, though, most people don't pay complete attention to the URL; and more importantly, many trusted CAs don't do rigorous checks to ensure the authenticity of a website before issuing a certificate.  Although the high assurance certificates have gotten a few eye-rolls here and there from the community, it's an unfortunate necessity in today's world -- and for the average consumer, a benefit.
Comments are closed

My Apps

Dark Skies Astrophotography Journal Vol 1 Explore The Moon
Mars Explorer Moons of Jupiter Messier Object Explorer
Brew Finder Earthquake Explorer Venus Explorer  

My Worldmap

Month List