Lets encrypt used for malicious website

[John Connor]

http://thehackernews.com/2016/01/free-ssl-certificate-malware.html

Who else didn't see this coming?


It was so obvious as I stressed earlier that the Let's Encrypt free HTTPS certificates would not just help legitimate website operators to encrypt its users' traffic, but also help criminals to bother innocent users with malware through secure sites.


Let's Encrypt allows anyone to obtain free SSL/TLS (Secure Socket Layer/Transport Layer Security) certificates for their web servers that encrypt all the Internet traffic passed between a server and users.

 

[VirtualLarry]

"Users should be aware that a 'secure' website is not always or necessarily a safe website"

To me this just seems like a "duh" thing, but I can see how many people that grew up on the web, learning to "look for the padlock", automatically assume that if they see that, then it's OK to spill their private data, even if the domain is paypal.fake.com.

 

[PliotronX]

"Users should be aware that a 'secure' website is not always or necessarily a safe website"

To me this just seems like a "duh" thing, but I can see how many people that grew up on the web, learning to "look for the padlock", automatically assume that if they see that, then it's OK to spill their private data, even if the domain is paypal.fake.com.

+1 Need to ween people off believing that padlocks mean safe from prying eyes. LE is a great idea and I wish CACert was trusted by browsers because SSL CA's just rake in the dough with usurious SSL subscriptions.

 

[Red Squirrel]

Yeah https just means the content is encrypted.... has nothing to do with whether or not the site is safe.

You trust the server because of who is hosting it (ex: a company you trust) not because of whether or not it is encrypted.