-
Is equifaxsecurity2017.com legit?
Big news that Equifax leaked personal info of 143 million Americans. In the wake of the news, people were directed to check their status at the website www.equifaxsecurity2017.com. The domain name sounded fishy, in the same sense as someone claiming that ebay-security-alerts.com is an official Ebay site. So a lot of people are asking whether equifaxsecurity2017.com is legit.
Two questions need to be answered to determine the safety of a website:
- Is the domain really owned by the business as is claimed in the page contents?
- Are you really connecting to the website that you entered in the address bar?
We all learned that images and logos on the page cannot be trusted to determine the legitimacy of a website. So what can we trust?
The green lock that appears to the left of the address bar in your browser.
Whenever you see a green lock, it means the web page you are seeing indeed did come from the domain you’ve entered into the address bar. It answers question 2, but provides no assurance that the domain belongs to the business as the page claims. To answer question 1, the web site needs a stronger SSL certificate that also certifies the business ownership of the domain. When the stronger version of SSL certificate is presented by a domain, you’ll see the name of the business by the green lock.
When I loaded equifaxsecurity2017.com in my browser, I saw a green lock but no business name. So I decided to take a look at the SSL certificate (just tap the green lock).
Clicking on the “Certificate information” link reveals that the certificate was issued to ssl511860.cloudflaressl.com! But how come the browser did not complain that the name in the certificate was wrong?
As it turned out, the cloudflare certificate was not issued for one domain, but multiple domains, probably in the hundreds. And equifaxsecurity2017.com was one of them. What I was seeing was a shared, super SSL certificate that certifies the validity of a multitude of domains all in one shot. That feels like a sloppy thing to do for a financial service company.
In the end, is equifaxsecurity2017.com legit? Yes. It is owned and created by Equifax, as reported in mainstream media and linked in its official website. But I’m not assured of web site’s safety.
Recent Posts
- How to reset the pcWRT router
- How to create your SSH key and use it on the router
- How to reset router password by email
- How to set up SurfShark WireGuard VPN on the pcWRT router
- How to set up Proton VPN WireGuard on the pcWRT router
Recent Comments
- on How to create your SSH key and use it on the router
- on How to create your SSH key and use it on the router
- on How to setup TunnelBear OpenVPN on the pcWRT router
- on How to setup TunnelBear OpenVPN on the pcWRT router
- on How to enable native dynamic DNS on the pcWRT router
Archives
- April 2024
- March 2024
- August 2023
- May 2023
- February 2023
- June 2022
- December 2021
- November 2021
- August 2021
- January 2021
- December 2020
- October 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- February 2020
- January 2020
- December 2019
- October 2019
- December 2018
- August 2018
- July 2018
- June 2018
- January 2018
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- January 2017
- August 2016
- May 2016
- December 2015
- August 2015
- July 2015
- May 2015
- April 2015
- March 2015
Categories
After this post was published, the SSL certificate for equifaxsecurity2017.com was updated to a dedicated certificate. But still, it was appalling that a financial services company would use a free, shared SSL certificate in the first place.