Go Back   English Forum Switzerland > Living in Switzerland > Complaints corner  
Reply
 
Thread Tools Display Modes
  #1  
Old 10.01.2011, 17:13
Begga's Avatar
RIP
 
Join Date: Oct 2007
Location: Basel [Quality not Quantity]
Posts: 2,280
Groaned at 31 Times in 22 Posts
Thanked 2,879 Times in 1,067 Posts
Begga has a reputation beyond reputeBegga has a reputation beyond reputeBegga has a reputation beyond reputeBegga has a reputation beyond reputeBegga has a reputation beyond reputeBegga has a reputation beyond repute
VeriSign

I don't do much of online shopping, simply because I like to shop IRL.
But when you come across a website with labels that are 60% cheaper, you got to think about it.

So I found a website that seamed great. It has all sort of verified labels - almost too many of them. I got suspicious that this website was supposed to be in Geneva, yet the prices were in and also it seamed to be in several other countries (found through google, not linked together one the site), South Africa and Greece, the exactly the same prices and exactly the same products. When I went to the sign up there was no httpS so I canceled and decided for the first time to make a lookup on VeriSign for this shops. It took ages to find it, I got all sorts of pages how to detect a scam, did a scam test, got endless of pop ups in new windows, learned all about their nice green bar (which I couldn't find where to download) but finally I made it to the point where I could put in the url and run it through.
And the result was that VeriSign does not have this company registered.
So I thought the right thing to do was to report it. Again started too long search for a report button, a search that ended by 4 links of scam-reporting sites. And frankly, I'm just out of time for this now.

Does VeriSign really not want to know if someone is using their precious "You can trust us" logo without being their customer?
Reply With Quote
  #2  
Old 10.01.2011, 17:24
KB88111
 
Posts: n/a
Re: VeriSign

anyone can copy the "trust me, I'm Jeremy Beadle" logo.

what you need is to check the certificate matches the site name and that you trust the site.

it is possible for someone to buy a certificate for SSL - in the end, all it really achieves is that your connection to them over the Internet is secure.

Thieves can always get SSL if they're willing to pay.

The age-old rule applies - if it seems too good to be true..........
Reply With Quote
  #3  
Old 10.01.2011, 22:07
Butters's Avatar
Senior Member
 
Join Date: Apr 2009
Location: Basel
Posts: 260
Groaned at 0 Times in 0 Posts
Thanked 56 Times in 38 Posts
Butters is considered knowledgeableButters is considered knowledgeableButters is considered knowledgeable
Re: VeriSign

Hi Begga,

Verisign are just one of the certificate authorties that supply certificates for SSL (HTTPS) for web sites, and as KB88111 says anyone who's willing to pay can get a basic certificate.
However there are more tightly controlled types of certificate that aren't so freely available. With these, the certificate authority performs more in-depth checks to confirm the identity of the company requesting the certificate. In modern web browsers these certificates should cause all or part of the address bar to turn green.
Another thing you can do to check out a website is lookup details of the domain names registered owner. You can do this on whois.sc, although it's worth remembering that the registrars don't often take steps to verify that the info you see here is correct (one notable exception is the .us TLD).

Overall though, I'd say the golden rule is "if it looks too good to be true, it probably is!"

Hope this helps, and hopefully see you at the curry night this week
__________________
Oh hamburgers!
Reply With Quote
  #4  
Old 12.01.2011, 14:17
Begga's Avatar
RIP
 
Join Date: Oct 2007
Location: Basel [Quality not Quantity]
Posts: 2,280
Groaned at 31 Times in 22 Posts
Thanked 2,879 Times in 1,067 Posts
Begga has a reputation beyond reputeBegga has a reputation beyond reputeBegga has a reputation beyond reputeBegga has a reputation beyond reputeBegga has a reputation beyond reputeBegga has a reputation beyond repute
Re: VeriSign

I just found it annoying that
  1. It takes ages to find what you are looking for on their website.
  2. That they don't care (?) that a scammer is abusing their trademark. A lot of people trust that mark and don't think about doing background checks, nor know much about internet security.
Reply With Quote
  #5  
Old 12.01.2011, 15:14
Treverus's Avatar
Forum Legend
 
Join Date: Dec 2007
Location: Work in ZH, live in SZ
Posts: 12,403
Groaned at 365 Times in 295 Posts
Thanked 23,791 Times in 8,608 Posts
Treverus has a reputation beyond reputeTreverus has a reputation beyond reputeTreverus has a reputation beyond reputeTreverus has a reputation beyond reputeTreverus has a reputation beyond reputeTreverus has a reputation beyond repute
Re: VeriSign

Quote:
View Post
I just found it annoying that
  1. It takes ages to find what you are looking for on their website.
  2. That they don't care (?) that a scammer is abusing their trademark. A lot of people trust that mark and don't think about doing background checks, nor know much about internet security.
Just to make it sure: VeriSign is a private company offering security services for TECHNOLOGY. I would trust them that the connection is secure or that there is no virus in some download. Shops pay for their seal to give you the good feeling that the little garage seller will not blow up your PC with some malware.

Quote:
The VeriSign Trust Seal means that VeriSign has verified your identity and that you are the rightful owner or operator of your Web site. The seal verification page displays your business information, encryption information and shows that your Web site has passed a daily malware scan, helping visitors feel safe from search to browse to buy.
What they do not do is offering security for your money. They will never make sure that the guys behind their seal are honest business people or selling you knock off designer stuff... that's not Verisign's business.

So no matter if any seal is stolen or real - be careful where you shop in order to get what you want and not cheated...
Reply With Quote
  #6  
Old 12.01.2011, 15:52
Guest
 
Posts: n/a
Re: VeriSign

Quote:
View Post
Just to make it sure: VeriSign is a private company offering security services for TECHNOLOGY. I would trust them that the connection is secure or that there is no virus in some download. Shops pay for their seal to give you the good feeling that the little garage seller will not blow up your PC with some malware.
Not quite. Verisign couldn't possibly assure you that there's no virus in the download.

SSL, as indicated by the HTTPS:// portion of a URL provides two major services:

1. Authentication: That the server you're talking to is who it says it is.
2. Transport Layer Encryption: That communications between you and the server are encrypted and uninterrupted (i.e. no man-in-the-middle can eavesdrop).

Now anybody can go and buy a certificate but Verisign are pretty damn good at point 1. They insist on a VAT number, a listing of the company in some public record and they call the phone number listed against that public record to verify that the company exists and that the requestor is authorised to act on behalf of the company. But that's where it ends; As you correctly point out, the company's business practices are not the business of Verisign - their certificates just provide a reasonable level of authentication.

Part 2 works well but is also often misunderstood. The content could be a virus. That virus will be encrypted as it traverses the untrusted network (the internet), but when it reaches you and is decrypted its still a virus.

The other misunderstood part is that only the connection is covered by point 2. Once the data reaches the end server it is decrypted and its no longer an SSL problem. It can sit on a USB stick unencrypted for all you know, or be forwarded straight to a printer in the middle of an open plan office.

SSL is very good technology. The biggest failing is that its intricacies are not well understood by 99% of its consumers. Companies like Verisign and those developing web browsers tell people that the an HTTPS connection is secure, but they don't do a good enough job of telling people what secure means in this context.

Sorry for nerding the whole place up
Reply With Quote
The following 2 users would like to thank for this useful post:
  #7  
Old 12.01.2011, 16:05
Treverus's Avatar
Forum Legend
 
Join Date: Dec 2007
Location: Work in ZH, live in SZ
Posts: 12,403
Groaned at 365 Times in 295 Posts
Thanked 23,791 Times in 8,608 Posts
Treverus has a reputation beyond reputeTreverus has a reputation beyond reputeTreverus has a reputation beyond reputeTreverus has a reputation beyond reputeTreverus has a reputation beyond reputeTreverus has a reputation beyond repute
Re: VeriSign

Quote:
View Post
Not quite. Verisign couldn't possibly assure you that there's no virus in the download.

...

Sorry for nerding the whole place up
Well, if you have to: Verisign is nowadays owned by Symantec (a company famous for their virus scanners) and SSL is just a part of their services. "Daily malware scans" of websites is part of the seals the offer and that would be the virus protection I mentioned...
Reply With Quote
This user would like to thank Treverus for this useful post:
  #8  
Old 12.01.2011, 16:16
golfer's Avatar
Member
 
Join Date: Nov 2007
Location: Bern
Posts: 112
Groaned at 2 Times in 1 Post
Thanked 78 Times in 48 Posts
golfer is considered knowledgeablegolfer is considered knowledgeablegolfer is considered knowledgeable
Re: VeriSign

@ Begga

What is the URL of the "famous" online shop?
Reply With Quote
This user would like to thank golfer for this useful post:
  #9  
Old 12.01.2011, 16:16
Guest
 
Posts: n/a
Re: VeriSign

Quote:
View Post
Well, if you have to: Verisign is nowadays owned by Symantec (a company famous for their virus scanners) and SSL is just a part of their services. "Daily malware scans" of websites is part of the seals the offer and that would be the virus protection I mentioned...
So they do, I take it back.

They didn't offer that when I last used them (and its a bit of a gimmick really). What's surprising is that they offer it on even their cheapest certs.
Reply With Quote
This user would like to thank for this useful post:
  #10  
Old 12.01.2011, 16:22
Begga's Avatar
RIP
 
Join Date: Oct 2007
Location: Basel [Quality not Quantity]
Posts: 2,280
Groaned at 31 Times in 22 Posts
Thanked 2,879 Times in 1,067 Posts
Begga has a reputation beyond reputeBegga has a reputation beyond reputeBegga has a reputation beyond reputeBegga has a reputation beyond reputeBegga has a reputation beyond reputeBegga has a reputation beyond repute
Re: VeriSign

Quote:
View Post
@ Begga

What is the URL of the "famous" online shop?
http://www.manoloblahnikgeneve.com/
http://www.manoloblahnikgreece.com/

This one does not have all the verifies like the above, but seams to be the same sh!t:
http://www.manoloblahniksouthafrica.com/
Reply With Quote
  #11  
Old 12.01.2011, 16:53
golfer's Avatar
Member
 
Join Date: Nov 2007
Location: Bern
Posts: 112
Groaned at 2 Times in 1 Post
Thanked 78 Times in 48 Posts
golfer is considered knowledgeablegolfer is considered knowledgeablegolfer is considered knowledgeable
Re: VeriSign

Yes, they just have "pictures" of the seal.

The real version - you can click on it, and a kind of validation will open.

Top right corner:
http://www.verisign.com/ssl/seal/index.html
Reply With Quote
  #12  
Old 12.01.2011, 17:38
Treverus's Avatar
Forum Legend
 
Join Date: Dec 2007
Location: Work in ZH, live in SZ
Posts: 12,403
Groaned at 365 Times in 295 Posts
Thanked 23,791 Times in 8,608 Posts
Treverus has a reputation beyond reputeTreverus has a reputation beyond reputeTreverus has a reputation beyond reputeTreverus has a reputation beyond reputeTreverus has a reputation beyond reputeTreverus has a reputation beyond repute
Re: VeriSign

Quote:
View Post
http://www.manoloblahnikgeneve.com/
http://www.manoloblahnikgreece.com/

This one does not have all the verifies like the above, but seams to be the same sh!t:
http://www.manoloblahniksouthafrica.com/
Take an educated guess: Do you think that this company runs an official Manolo Blahnik shop in Geneva?

Domain Name ..................... manoloblahnikgeneve.com
Name Server ..................... dns23.hichina.com
dns24.hichina.com
Registrant ID ................... hc350507340-cn
Registrant Name ................. la wasi
Registrant Organization ......... la wasi
Registrant Address .............. la wasi trade ltd
Registrant City ................. beijing
Registrant Province/State ....... BJ
Registrant Postal Code .......... 100100
Registrant Country Code ......... CN
Registrant Phone Number ......... +86.01024222121 -
Registrant Fax .................. +86.01024222121 -
Registrant Email ................
Administrative ID ............... hc350507340-cn
Administrative Name ............. la wasi
Administrative Organization ..... la wasi
Administrative Address .......... la wasi trade ltd
Administrative City ............. beijing
Administrative Province/State ... BJ
Administrative Postal Code ...... 100100
Administrative Country Code ..... CN
Administrative Phone Number ..... +86.01024222121 -
Administrative Fax .............. +86.01024222121 -
Administrative Email ............
Billing ID ...................... hc350507340-cn
Billing Name .................... la wasi
Billing Organization ............ la wasi
Billing Address ................. la wasi trade ltd
Billing City .................... beijing
Billing Province/State .......... BJ
Billing Postal Code ............. 100100
Billing Country Code ............ CN
Billing Phone Number ............ +86.01024222121 -
Billing Fax ..................... +86.01024222121 -
Billing Email ...................
Technical ID .................... hc350507340-cn
Technical Name .................. la wasi
Technical Organization .......... la wasi
Technical Address ............... la wasi trade ltd
Technical City .................. beijing
Technical Province/State ........ BJ
Technical Postal Code ........... 100100
Technical Country Code .......... CN
Technical Phone Number .......... +86.01024222121 -
Technical Fax ................... +86.01024222121 -
Technical Email .................
Reply With Quote
This user would like to thank Treverus for this useful post:
  #13  
Old 12.01.2011, 17:41
Assassin's Avatar
Forum Legend
 
Join Date: Mar 2010
Location: Chasing clouds
Posts: 4,023
Groaned at 180 Times in 123 Posts
Thanked 11,558 Times in 3,148 Posts
Assassin has a reputation beyond reputeAssassin has a reputation beyond reputeAssassin has a reputation beyond reputeAssassin has a reputation beyond reputeAssassin has a reputation beyond reputeAssassin has a reputation beyond repute
Re: VeriSign

Quote:
View Post
Take an educated guess: Do you think that this company runs an official Manolo Blahnik shop in Geneva?
Hang on! I think I know the answer to this one..... just give me a minute...
Reply With Quote
Reply

Tags
verisign




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +2. The time now is 10:57.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.1.0