"All my life I have tried to pluck a thistle and plant a flower wherever the flower would grow in thought and mind."Abraham Lincoln
|
| |
Let The Email Wars Begin
Things just got a lot hotter in the hyper-competitive worldof online email providers.In response to Google's announcement that their soon-to-be-launched "Gmail" service will offer users 1 gigabyte ofemail storage, Yahoo! announced an upgrade of their ...
Want To Hit A Spamcop Hard?
In the film, "Cool Hand Luke," the vicious, sadistic prisonwarden was fond of saying, "What we have here is a failure tocommunicate." In the end, prisoner Paul Newman came to"understand" the true meaning of this comment. A while back, a friend of mine ...
7 Reasons NOT to Take Your Laptop on Holiday!
Heading off on vacation soon? Then perhaps you're tempted to take your trusty laptop along for the trip. After all, you bought it for its mobility, and it's nice to stay in touch via email with your family and friends back home. However, just before you ...
|
|
|
| |
You may reprint or publish this article free of charge as
long as the bylines are included.
Original URL (The Web version of the article)
---------------------------------------
href="http://www.defendingthenet.com/NewsLetters/Vote
NoConfidenceInSSL.htm" target=_blank>
Vote "No Confidence" In SSL
Title
-----
Vote "No Confidence" In SSL
SSL Encryption - My Mother Was Hacked?
-----------------------------------
I received a frantic email a week or so back from my mother.
While this wasn’t unusual, this wasn’t the typical motherly
report of which sibling did what stupid thing. She’d been
hacked, or so she claimed. While I found it unlikely that
she was hacked in any manner that I define the word, my
curiosity was piqued so I gave her a call to find out
exactly what happened.
Electronic Debit Card Theft
--------------------------
As it turns out, someone had filched her debit card number
and was using an ISP in the former Soviet Union to sign up
for several “singles” websites. Unfortunately, the way she
found out was discovering a negative balance in her checking
account. To her credit, she had already contacted her bank
and had the card frozen. She had also contacted the websites
involved and was in the process of resolving the debts with
them.
Knowing the details, I was comfortable that my mother hadn’t
been hacked, but someone with whom she has done business
with had their customer data compromised in some way. Not
wanting to ignore my familial and professional
responsibilities, I gave her computer a once over. It came
up clean with the exception of the typical doubleclick and
adserver cookies. Taking it a step further I decided to dig
up a couple of “Tips for secure web surfing” links for her
perusal.
Debit Cards, A Direct Link To Your Money
-------------------------------------
I have to admit I was somewhat disappointed in the results
of my search. While there was plenty of good advice
available there were two things I found troublesome. The
first was while most sites highly recommended using credit
cards exclusively for online purchases; only one site
stressed the danger of using debit cards. A debit card is a
direct link into your checking or savings account. Unlike a
credit card, where a fraudulent charge can be disputed and
the issuer will place a hold on the debt, once you reach the
point of disputing a debit card transaction, the money is
already gone.
My second concern was the high emphasis on the use of SSL,
more commonly known as “the little lock in your web
browser”. The Federal Trade Commission lists it first in
their “Shop Online Safely” bulletin which, in my opinion,
overemphasizes its weight.
Once upon a time, SSL certificates were expensive and there
was a relevant vetting process involved in having one
issued. This has created a false belief that an SSL
certificates contribute to a website’s legitimacy. In
reality, a SSL certificate can be had for as little as five
dollars by anybody who has a telephone number. An expensive
Thawte or a Verisign issued certificate provides no more or
less security than their cheaper counterparts. In fact, they
don’t provide any more security than a “bad” certificate
either. An expired or un-trusted certificate is equally
effective at encrypting data as a premium cert. Many
security and IT professionals work with these “bad”
certificates everyday with full confidence that they are
serving the purpose they need them to.
SSL Encrypts Online Web Communications
----------------------------------
For the most part, SSL serves one function only; it secures
the communication between your web browser and the vendor’s
web server at the time your data is transmitted. In reality,
even this isn’t necessarily true. I’ve recently become aware
that some SSL implementations have the option to set the
encryption cipher as “plain text”, meaning that in spite of
the presence of the lock, no encryption actually takes
place.
Conclusion
------------
In a nutshell, technology is not a substitute for due
diligence. The presence of SSL should never be a weighing
factor in deciding to purchase from a vendor, although the
lack of it should be an immediate red flag to take your
business elsewhere.
About the Author About The Author
----------
Erich Heintz currently specializes in providing network and
security solutions for small to medium businesses that
frequently have to resolve the conflict of need versus
budget. If you would like to know more about
computer security please visit us at
http://www.defendingthenet.com.
Written By: Erich Heintz
|
|
|
|
|
|
 New ISP trooper assigned to Greene County - Greene County Daily World
BLOOMINGTON -- Lt. Paul Bucher, Commander of the Bloomington Indiana State Police Post, announced that three recent Indiana State Police Academy graduates are now working in the area. Probationary Troopers Adam Davis, Julie Meisel, and Kent Rohlfing ...
UK e-mail law 'attack on rights' - BBC News
Rules forcing internet companies to keep details of every e-mail sent in the UK are a waste of money and an attack on civil liberties, critics say. From March all Internet Service Providers (ISPs) will by law have to keep information about every e ...
ISP: Slick roads causing numerous crashes - 22 WSBT
Story Created: Jan 6, 2009 at 12:23 PM EST Story Updated: Jan 6, 2009 at 12:38 PM EST Roads in the Lowell District of the Indiana State Police — which includes Lake, Porter, LaPorte, Newton, Jasper, Starke and Pulaski counties — are becoming snow ...
BIG EAST ISP Radio Network To Feature Seven Men's Basketball Games and ... - Big East
WINSTON-SALEM, N.C. – Georgetown and Notre Dame will tip off the seven-game BIG EAST ISP National Radio Network men's basketball schedule this Monday (Jan. 5) when those two nationally ranked teams meet in South Bend at 7 p.m. (EST). The BIG EAST ...
ISP can arrest Indians on reservation highway - KXLY
BOISE, Idaho (AP) -- Idaho state troopers can arrest American Indians on highways where they cross reservation land without violating a tribe's sovereignty, according to a recent Idaho Court of Appeals opinion. The case stems from the February 2007 ...
KY ISP WinNet Files for Bankruptcy - WHIR
Level 1 PCI DSS Certified Service Provider! DataPipe delivers the best network & support; top tier data centers; New York metro, Silicon Valley, London, Hong Kong, Shanghai. DataPipe - Personal Touch, Global Reach. (WEB HOST INDUSTRY REVIEW ...
CA man leads ISP on high speed chase - WTHR
Wayne County - A State Trooper attempting to pull over a speeder in Wayne County went on a high-speed chase that ended with the arrest of a suspect wanted for federal charges. It started on Interstate 70 eastbound at the 148 mile marker, where a ...
ISP assists with Kosciusko County meth lab - 22 WSBT
Story Created: Jan 6, 2009 at 5:32 AM EST Story Updated: Jan 6, 2009 at 5:32 AM EST A meth lab in Kosciusko County kept the Indiana State Police on site Monday night, cleaning up at a home in Milford. The unit was called to a home in the 300 block of ...
Qwest embroiled in New Mexico ISP case - Denver Business Journal
Qwest Communications International Inc. has been ordered to restore service to an independent Internet service provider in New Mexico pending a federal court hearing schedule for Jan. 13. The Denver-based telecom (NYSE: Q) shut down SkyWi Inc. ’s ...
New Mexico ISP customers still being reconnected after Qwest shutdown - Denver Business Journal
SkyWi customers still being reconnected Building the ground work Qwest pulls plug on SkyWi, works at reconnection Qwest embroiled in New Mexico ISP case School officials targeting cyberbullies New Mexico-based SkyWi Inc. said most of its voice and ...
|
