Making Sense of Mismatched Certificates?
Ropati writes “I bank with capitalone.com. Recently I went to log in to my credit card account, and my browser reported that the site certificate didn’t match the web site I was on. [Expletive.] I’m wondering if I am getting a poisoned DNS URL. I have to log in and do my banking, so I accept the mismatched certificate. The banking site is complete, my transactions are listed but that doesn’t mean there isn’t a man in the middle attack here. I am still curious how much I have exposed my banking assets.” Read on for more, and offer advice on how to interpret what sounds like a flaky response from the bank.
Read more of this story at Slashdot.
