This one came in via email from Philippe:
You’d think that a company with the page title “SSL Certificates from a Leading SSL Certificate Authority” could do a little better.
Michael submitted this SSL fail to us from the ICICI Bank Canada website. Another interesting thing about this website is that with javascript blocked, the default page won’t even load because they use a javascript redirect to send you to the main page (I suppose setting the DefaultDocuments directive (or rather the IIS equivalent) is too difficult).
Here’s the image:
kingthorin pointed us to https://financialcryptography.com
Checking out the site reminded me how cool some of Chrome’s SSL related info was when visiting an epic SSLfail site.
Given my last post on ssl_error_bad_cert_domain error you probably wouldn’t expect me to post another one so soon, but I thought that this really demonstrated my point. Mike Murray posted to twitter earlier today that something was up with their SSL and asked if perhaps it was a compromise of sorts. Tonight he sent us a a copy of the image. Mike’s a bright guy and well known in around InfoSec, if this made him question what was going on then I think it’s safe to say that these SSL error messages are a hindrance to our day to day use of the web.
I know I’ve already posted a Twitter SSL Fail in Chrome, but here’s the image Mike sent:
