[cryptography] not a Paypal phish using EV certificate

Andy Steingruebl andy at steingruebl.com
Tue Aug 13 12:19:37 EDT 2013


On Tue, Aug 13, 2013 at 6:25 AM, John Levine <johnl at iecc.com> wrote:

> In article <E1V9Ac6-0005vx-2g at login01.fos.auckland.ac.nz> you write:
> >I recently got a another of the standard phishing emails for Paypal,
> directing
> >me to https://email-edg.paypal.com, which redirects to
> >https://view.paypal-communication.com, which has a PayPal EV certificate
> from
> >Verisign.  According to this post
> >http://www.onelogin.com/a-paypal-phishing-attack/ it may or may not be a
> >phishing attack (no-one's really sure), and this post
> >http://www.linuxevolution.net/?p=12 says it is a phishing attack and the
> site
> >will be shut down by Paypal... back in May 2011.
> >
> >Can anyone explain this?
>

I'm investigating.

Definitely a PayPal domain.  Not sure why reports of it being phishing
would have been confirmed.  I've asked the right folks if there was a bug.


> I agree that it was not a great idea for Paypal to invent
> paypal-communication.com rather than a subdomain of one of their
> existing well-known domains such as communication.paypal.com.
>

An entirely separate discussion though about how one runs lower and higher
security things on the same domain given how inflexible the same-origin
policy and cookie policies are.    I agree these are tricky, but putting
everything on one domain is tricky as well...

- Andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130813/9b73a8eb/attachment.html>


More information about the cryptography mailing list