This article at C-Net talks about a move to increase the level of investigation required to obtain a valid secure socket layer certificate. The reason alleged is that people are too easily getting secure certificates, leading to phishing schemes that look authentic.
I suspect the real reason is that it will increase the cost of the certificates, resulting in significant extra profits for the issuing companies. I daily get phishing scam emails. Many look very real in HTML format email, but always (thus far) are clearly bogus in plain text format.
The actual sites, when you visit them are impressive. A domain we sometimes work on was hacked last week (only our second incident of successful hacking) and GoDaddy flagged the domain almost immediately and closed the site until the content was removed. That was pretty impressive. I really doubt that phishers are purchasing secure certificates with great regularity to make their sites look secure. More likely they are hacking onto someones already secure site.
The other item of note is that MicroSoft is still talking about releasing Internet Explorer 7. Until they do — and probably after they do — go get a copy of FireFox 1.5 at Mozilla.com.
