PDA

View Full Version : Computer Help - Certificates?



CCWKen
03-14-2005, 11:41 PM
I just got this computer about a month ago (New). I stumbled across the Certificates in Internet Explorer and noticed that there's a BUNCH of them in there. Where did they come from? Loaded with XP?

sch
03-15-2005, 01:38 AM
You dont have to worry personally about the
certificates. Certificates are 'digital
signatures' cryptically designed by several
groups, Verisign being one of the more
common, that allow your computer to verify or authenticate a domain: for example your
bank, credit card or any one that uses a
SSL (secure sockets) website. These are designated as https: rather than
http: in the address. Part of Windows
keeps track of all this for you, and it generally works pretty well for individual
users as long as you don't fall for a phishing expedition. Steve

hammerhead74000
03-15-2005, 03:00 AM
I do this stuff for a living - and sch is right on.


More about phishing scams, for those of us who don't know already:

When you are going to a web page, to do a payment, or to log in to your accounts, especially if you are following a link, make sure it says https:// at the beginning of the web address. Also, make sure that the domain name in the address that you are going to says the company's name right before the .com part. For example:

This is the real eBay signin page:
https://signin.ebay.com/ws/eBayISAPI.dll?SignIn

But this one could be a scam:
http://signin.ebay.w3.com/ws/eBayISAPI.dll?SignIn

Notice that it starts with http://, not https:// - so it's not a secure (i.e., SSL, or encrypted) page. Then, notice that the main part of the domain name is not ebay.com, it's w3.com - the signin.ebay part of the scam web address simply names a diffrent server computer within w3.com, it doesn't take you to ebay.com (note that the normal ebay signin process uses a different server computer then does the search process, or the item view page, etc - but they are all within the ebay.com domain). A similar trick is to have multiple .com parts in a domain name: http://signin.ebay.com.w3.com/ -- only the last .com matters when it comes to getting to the real eBay.

One way to be sure that you don't fall for this kind of stuff is to never trust a link that it sent to you in an email - instead, go to the website of the company that you are trying to get to by typing the company's web address into the address bar of your browser yourself. Also, be aware that banks, eBay, PayPal, etc never need you to "verify" your account information - why would they, when they have access to your entire credit history, and they protect their databases with extensive backup systems? (The amount of personal information that the banking system has on us is positively frightening sometimes - but that's another topic entirely.)

Also, note that I chose as an example, w3.com to use in my ebay scam address - that's actually the web address of a company that registers domain names (like networksolutions.com, register.com, and godaddy.com just to name a few) - and is unlikely to be associated with scam activity; but if you see something that fits this profile, now you will know what's going on.

This webpage has more info about these scams:
http://antivirus.about.com/od/emailscams/ss/phishing.htm