Hi, my name is Ben and I'm the co-founder and CTO of Mobile Commons in New York City. This is just another interesting tidbit from the podcast this morning:
Setting up SSL properly is really hard and letting an SSL certificate accidentally expire is really easy. I think every web developer ever has had a problem with SSL at some point in their career.
On the other hand, malicious web sites work very hard to make sure they look legit. Either they don’t use SSL at all, or they make sure their certificate appears kosher. No malicious sites use mismatched certificates.
In other words, we can assume that almost 100% of all browser certificate warnings are actually from legitimate sites. Weird, right?
