PEXA's digitial certificate software download is signed with a certificate issued to 'pexa.net.au'. Why should anyone trust software signed by a website? Especially one that is not in use? It is trivial to register website names, and numerous 'pexa.' domains are available for registration now by anyone. How are we to discern whether pexa.net.au is actually owned by the Property Exchange Australia Limited? How then, are we to determine whether to trust the signer and install this software? The software should be signed with a certificate issued to PROPERTY EXCHANGE AUSTRALIA LIMITED. Surely PEXA does not think that users should ignore incorrect security certification of its software? Or that we should trust anything with 'PEXA' in it somewhere? This is EXACTLY how fake (malicious) software is promulgated. Here is a snip of what the digital signatures look like on correctly signed software by two other well known software companies (left hand side) and on the right-hand side, a snip of the PEXA software signature. (Red markup added by me for emphasis) I posted about this in the general forum section, but received no response.
... View more