Let’s Encrypt is a non-profit certificate authority that gives out the digital certificates you need to run an HTTPS site for free. The organization’s noble goal is to increase the use of secure web sites and HTTPS.
I support free and easy HTTPS for everyone, and think Let’s Encrypt’s service is a good thing. However, there is a black cloud in their model; free HTTPS certificates makes it easy for cyber criminals to secure their traffic too. Recently, a researcher used Let’s Encrypt’s transparent records to learn that criminals have exploited the service to make tens of thousands of certificates with “PayPal” in the domain. Watch below to learn how this makes phishing easier, and what we can do about it.
Episode Runtime: 3:36
Direct YouTube Link: https://www.youtube.com/watch?v=q-L2qaKwBDU
EPISODE REFERENCES: