[cryptography] Paypal phish using EV certificate

Natanael natanael.l at gmail.com
Tue Aug 13 08:52:55 EDT 2013


That's trademarks, not copyright, and they get it transfered IF they
request it and the original owner did not have a valid reason to use that
domain with the trademarked name/phrase.

And either way, reusing previously malicious domains for legit purposes is
probably THE WORST method ever of accidentally (?) training users to fall
for scams. Because then you train the user that whatever sign they look for
of it being fake isn't "good enough" to reject it as a scam, so they are
forced to accept *everything* instead. (Or to stop using the service.)
Den 13 aug 2013 13:21 skrev "Tom Ritter" <tom at ritter.vg>:

> On 13 August 2013 07:00, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> > Erwann Abalea <eabalea at gmail.com> writes:
> >
> >>Looks like paypal-communication.com is a legit domain owned by "Paypal,
> Inc".
> >
> > Even though, according to the second article I referenced, Paypal said
> it was
> > a phishing site and said they'd take it down?
>
> When sites have a phsihing domain that contains their name taken down,
> isn't the domain actually transferred to them, because of copyright?
> Perhaps it went into a domain pool, and someone unaware of its
> provenance reused it.
>
> -tom
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130813/bda61af4/attachment.html>


More information about the cryptography mailing list