14 DAY TRIAL // Change the way you're thinking about the SSL certification, for it is not that safe, researchers from Netcraft advised. Don't go rushing ahead and provide all the personal information, for it might get stolen, and other phrases to that effect. Why's that? Because the companies assuring that the site is safe for visiting are not God, and because four sites that have been boasting with their Extended Validation SSL certificates have been found to contain malicious code.
The original SSL certificate only indicates that there is a third party that has checked the identity of the site's owner and an encrypted line of communication with the site has been set up, and nothing more. Should the tools with which the verification has been done be obsolete or miss something, or should the site itself be filled with holes to be exploited by cyber criminals, it will happen.
About a year ago, there was a similar subject floating on the site owner's lips, who was dutifully worried that the certification was not guaranteeing personal information privacy, but instead instituted a false sense of security, according to Paul Mutton, a researcher with Netcraft Ltd. As a direct result, the enhanced version has been rolled out, only to be faced with the same problems, because if the good guys constantly fight to preserve security, cyber criminals constantly battle the systems and more often than not, they manage to come up with incredibly dangerous countermeasures.
Once again, the need for updated anti-virus software and caution was advised, due to the fact that once a site with the SSL certification, be it extended or not, has been found by the hackers to be vulnerable, the data input by the users is siphoned off outside the encryption provided and visible, Mutton told the Associated Press.