[Update: apparently Romain and I posted the same image, so I've removed the image from my comment]
We recently had a link submitted (Thanks Jirka) that I think is a great example of betraying user trust in the SSL Realm. The link in question belongs to Microsoft and links to none other than their phishing filter FAQ. I can’t get this site to load without SSL in my browser (however, that could simply be network issues), so SSL is the only choice. I refuse to believe that Microsoft couldn’t afford a wildcard certificate to avoid this issue, or another IP address with a single domain cert. Sure once again, it may just be a ssl_error_bad_cert_domain error, but does this error need to exist?
Jirka Vejrazka
January 20, 2009
Obviously, I did report this issue to Microsoft. The response was “the certificate is from a Microsoft domain so we do not have a security concern on this issue”. Scary.