[cryptography] Paypal phish using EV certificate

Tom Ritter tom at ritter.vg
Tue Aug 13 07:20:44 EDT 2013


On 13 August 2013 07:00, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> Erwann Abalea <eabalea at gmail.com> writes:
>
>>Looks like paypal-communication.com is a legit domain owned by "Paypal, Inc".
>
> Even though, according to the second article I referenced, Paypal said it was
> a phishing site and said they'd take it down?

When sites have a phsihing domain that contains their name taken down,
isn't the domain actually transferred to them, because of copyright?
Perhaps it went into a domain pool, and someone unaware of its
provenance reused it.

-tom


More information about the cryptography mailing list