As someone who focuses most of his work hours on SSL and related technologies, I read a lot of what is written on that subject in the press and the blogosphere and social media sites. I've grown used to a certain amount of misinformation floating around out there and typically view it as a hazard of the online medium.
It happens right now that the dialog around SSL is having a particular problem with information being misinterpreted or taken out of context, or occasionally appearing out of thin air. I'm going to dedicate a few postings to explaining what these misinterpretations are and shining a light on the associated facts.
Let's start with this article that appeared last week from Netcraft. This article discusses the cross-site scripting attack (XSS) and its presence on sites featuring Extended Validation SSL. The trouble with this article in a nutshell is that it implies a connection between two security matters (XSS and EV SSL) that are unconnected.