12th December 2017 - Link Blog
Extended Validation is Broken. Ian Carroll spent $100 incorporating a company called “Stripe, Inc” in the state of Kentucky and $77 on an Extended Validation certificate tied to that legal entity. Safari (and Mobile Safari) now hide the URL bar completely, displaying “Stripe, Inc” in its place. “This means the attacker does not even need to register a convincing phishing domain. They can register anything, and Safari will happily cover it with a nice green bar.”
Recent articles
- Notes on Pope Leo XIV's encyclical on AI - 25th May 2026
- Datasette Agent - 21st May 2026
- Gemini 3.5 Flash: more expensive, but Google plan to use it for everything - 19th May 2026