AnsweredAssumed Answered

What keeps a hacker from getting A+ rating on a fake web site?

Question asked by Bob Stromberg on Nov 26, 2018
Latest reply on Nov 27, 2018 by Bob Stromberg

First, I'd like to express my appreciation for the SSL Server Test web page. I have been able to send requests for improvements to several web sites, and a couple of them even responded via email and improved their grades. Progress!!!

 

I'm curious to know how effective the SSL Server Test is at detecting fake web sites? If, as a hypothetical example, a hacker created a lookalike web site with a tricky misspelling (perhaps using "punycode" -- see Look-Alike Domains and Visual Confusion — Krebs on Security), wouldn't they be able to scarf up some valid security certificates for the actual web site URL, such that the SSL Server Test would give the site a grade of A or A+ (maybe "B", although I think "B" is sub-par, and avoid such sites)?

Outcomes