Sign in / up

Reply to post: This could be addressed in the browser itself

Facebook's own TLS cert used by crooks in double logon phish

Aunty Dan

This could be addressed in the browser itself

Why can't the browser itself alert the user when there is a mixture of TLS certicates from different domains on the same page? Most of them already alert if you visit a page where the TLS certificate subject name does not match the URL you have visited.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon