Tired of managing certificates? Automate it with ZeroSSL   Learn about ZeroSSL Automation x

Safari now supports EV SSL certificates

Apple has quietly released Safari 3.2 which adds support for EV SSL certificates. This addresses a big security concern for many including PayPal's Chief Information Security Officer, Michael Barrett who previously made this comment because of Safari's lack of EV SSL support:

Apple, unfortunately, is lagging behind what they need to do, to protect their customers. Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera.

The new support for EV SSL certificates should help in fighting phishing attacks. Whenever a user visits a site using a supported EV SSL certificate they will see the name of the company in green in the top right corner of the browser.

EV SSL Certificates in Safari 3.2

While this is a very minimalistic notification, similar to how Google Chrome approaches it, it will be a great boon to the security of the Safari browser. Other new features added in version 3.2 include some security fixes, improved JavaScript performance, and a slightly newer version of Webkit, improving its Acid3 score.

Originally posted on Sun Nov 16, 2008

Comments


Robert(2014-12-13)

I don't think any one is under the delusion that EV SSL certificates will solve all security problems. It is one small piece of the puzzle. I think you have made your opinion about EV certificates abundantly clear, Duane. There is no need to keep saying the same thing unless you have some new reasoning to add to your argument.

Duane(2014-12-13)

This all reminds me of the lemmings game, where every one is trying to follow the next guy off the cliff, apple also added anti-phising support too.

None of this is real security innovation or security for the masses, this won't save Joe Public who uses the same username and password on most websites from having it sniffed over wifi and then used against him to get into his bank account.

This is just snake oil dressing one aspect of security up that vendors can make a ton of cash from and then every blog and webmail out there still has none.

This is only news for how detrimental it is making other aspects of internet security.

Save

Advertisement • Hide