design   1833158

« earlier    

We don’t need to consume less — we just need to design better products – World Economic Forum – Medium
The world doesn’t have a consumption problem, it has a design problem, says Lewis Perkins, President of the Cradle to Cradle Products Innovation Institute and a member of the Global Future Council on…
design  environment 
2 days ago by jeffhammond
Certified malice • text/plain
Eric Lawrence:
<p>One unfortunate (albeit entirely predictable) consequence of making HTTPS certificates “fast, open, automated, and free” is that both good guys and bad guys alike will take advantage of the offer and obtain HTTPS certificates for their websites.

Today’s bad guys can easily turn a run-of-the-mill phishing spoof:

<img src="https://textplain.files.wordpress.com/2017/01/image43.png" width="100%" />

…into a somewhat more convincing version, by obtaining a free “domain validated” certificate and lighting up the green lock icon in the browser’s address bar:

<img src="https://textplain.files.wordpress.com/2017/01/image44.png" width="100%" />

The resulting phishing site looks almost identical to the real site…

By December 8, 2016, LetsEncrypt had issued 409 certificates containing “Paypal” in the hostname; that number is up to 709 as of this morning. Other targets include BankOfAmerica (14 certificates), Apple, Amazon, American Express, Chase Bank, Microsoft, Google, and many other major brands. LetsEncrypt validates only that (at one point in time) the certificate applicant can publish on the target domain. The CA also grudgingly checks with the SafeBrowsing service to see if the target domain has already been blocked as malicious, although they “disagree” that this should be their responsibility. LetsEncrypt’s <a href="https://letsencrypt.org/2015/10/29/phishing-and-malware.html">short position paper</a> is worth a read; many reasonable people agree with it.</p>


It's a real mess.
security  design  https  phishing 
2 days ago by charlesarthur

« earlier    

related tags

adobe  alexa  andyclarke  animation  art  carousel  conversational-uis  create  creative  css  css3  culture  datavis  designpatterns  designsystem  development  done  ecommerce  electronics  email  environment  feel  fiveforfriday  font  fonts  foundry  freefont  games  get  google  graphic-design  graphic  graphicdesign  graphics  hamburger  hardware  how-to  how  howto  html  https  icon  icons  ifttt  infographic  inspiration  interface  iphone  java  javascript  js  layout  library  look  media  mobify  modo  monospace  music  old  patternlibrary  patterns  phishing  photoshop  pixel  pocket  presentation  producthunt  productivity  programming  quality  resources  science  security  shit  shop  signage  signs  sketch  sketchapp  smashmag  social  stats  style  styleguide  tables  teaching  tech  template  tools  tu  twitt  twitter  type  typography  ui  user-interface  user  user_awesome  ux  visualization  web-design  web-dev  web-development  web-programming  web  webdesign  webdev  wood  work  zinefont 

Copy this bookmark:



description:


tags: