The Washington Post’s security blog uncovered a phishing site using a valid SSL certificate, among other little tricks. Fortunately, the site was quickly shut down.
We knew this was coming down the pike. Phishers were already spoofing digital certificates, and using a real one was a logical next move. Scary. The fact that a big data warehouser, Equifax, pawned off this service a while back makes it kind of funny. That Choicepoint, (leaky as a $15MM sieve) helped out with this latest flub makes it even funnier.