- The 10 dumbest mistakes network managers make
- Six Windows 7 features admins will actually care about
- Why the iPhone can't be "killed"
- Nortel enterprise chief wants to bring back Bay
- More porn sneaks onto the iPhone
Microsoft and industry partners are pushing ahead with plans to make the Web a little safer with a new technology to combat phishing.
At next month's RSA Conference in San Francisco, the software giant plans to announce that a number of Web sites have gone through a new certification process designed to make it harder for phishers to spoof them. The process gives third-party certification authorities like VeriSign and Entrust a more stringent set of guidelines to follow when they are authenticating Web sites.
The result of the process is something called an Extended Validation Secure Sockets Layer (EV SSL) certificate, which can be used by Web sites to help reassure Web surfers that they are handing over their private information to a legitimate site.
Microsoft is ahead of other browser-makers in supporting EV SSL certificates, which will work with Internet Explorer 7 by the end of this month. But for the technology to take off it must also be widely adopted by Web sites.
Microsoft plans to show that this is now happening, said Markellos Diorinos, product manager with the Internet Explorer team. "We're getting more and more names that are going to be supporting Extended Validation, and we'll be announcing the first ones at RSA," he said.
Sites that have been EV SSL-certified will look a little different from today's secure sites, which typically display a small "lock" icon in the Web browser.
When IE hits part of a Web site that supports the EV SSL standard, there will still be a lock icon but the address bar will also turn green. Users will also be able to see what country the Web site is based in and who has certified it. "What this really means is that someone went and made sure that this corporation is in good standing," Diorinos said.
Web sites buy these EV SSL certificates from certification authorities, who in turn follow the Web site company's paper trail: making sure it is registered with local authorities, that it has a legitimate address, and that it actually has control over the Web domain in question, for example. In some cases the certificate authority may even send out a representative to confirm that the business is who it claims to be.
"If you're a company without a reliable paper trail, you're not going to get one of these," said Tim Callan, a product manager with VeriSign's business unit. "If you're incorporated, if you're an LLP, or if you're a registered charity, you have nothing to worry about."
The Leader in Network Knowledge
Comment