5 things you need to know about SSL
Here's a quick and dirty guide to SSL/TLS, one of the most important technologies for securing data on the Internet.
Here's a quick and dirty guide to SSL/TLS, one of the most important technologies for securing data on the Internet.
Public certificate authorities (CAs) are warning that as of Nov. 1 they will reject requests for internal SSL server certificates that don't conform to new internal domain naming and IP address conventions designed to safeguard networks.
The popular services of Google, Facebook and Twitter are improving in terms of security, says Scott Behrens, head of Neohapsis Labs, which took a security snapshot of them on May 28 through an analysis that included looking at server headers sent during responses to the websites.
Responding to the increasing number of threats aimed at certificate authorities and the ecosystem of trusted online transactions they represent, seven certificate authorities have come together to form an advocacy group to advance security standards and promote best practices.
Organizations have spent vast sums of money on security systems and, when deployed and operated correctly, they play a key role in safeguarding the organization. However, most systems have one critical dependency: The traffic flowing through must be readable. If the traffic is encrypted, many systems are almost completely useless, giving the system owner a false sense of security.
Often called the "father of SSL" due to his role as a cryptographer at Netscape Communications where in the mid-'90s he helped bring SSL encryption to the Web, Dr. Taher Elgamal now travels the Middle East as an IT consultant and project coordinator for business and government there.
With all the publicity about breaches of <a href="http://www.networkworld.com/news/2011/081811-ssl-249874.html">SSL certificate authorities</a> and a hack that exploits a vulnerability in the supposedly secure protocol, it's time to consider something else to protect Internet transactions. If only there were something else to turn to.
SSL/TLS, the protocol that protects <a href="http://www.networkworld.com/topics/security.html">security</a> of e-commerce, has taken a beating lately, with news items ranging from the violation of certificate authorities to the discovery of an exploit that beats the protocol itself.
SSL, the encryption scheme that protects virtually all secure online transaction, requires that users rely on trusted third parties, but what if they can't be trusted?
Researchers have found a cheaper, faster way to process SSL/TLS with off-the-shelf hardware, a development that could let more Web sites shut down cyber threats posed by the likes of the Firesheep hijacking tool.
People who want to shield their use of Google's Web search engine from network snoops now have the option of encrypting the session with SSL protection.
Google launched a <a href="http://www.pcworld.com/article/196932/encrypted_search_comes_to_google.html">new beta service this week</a>--encrypted search using SSL (secure sockets layer) to protect searches from being snooped or intercepted while traversing the Internet. <a href="http://www.pcworld.com/businesscenter/article/196908/google_offers_encrypted_web_search_option.html?tk=rel_news">Encrypted Google search</a> is still not entirely private, but it has benefits for individuals and businesses to <a href="http://www.pcworld.com/businesscenter/article/195659/users_are_their_own_worst_enemy_for_online_privacy.html">ensure sensitive information is not exposed</a> to prying eyes.
VeriSign is introducing a certification service that confirms whether a business is legitimate and that their Web site is free of malware.
Banking giant UBS has started deploying a device from IBM that ensures online banking transactions aren't being interfered with by hackers.
More than 300 Web sites are being pestered by infected computers that are part of the Pushdo botnet, according to security researchers.