|
|
04-06-2011, 01:05 PM | #1 |
Bunion
|
Web Security - welcome to my world
Here is a link to an article that does an acceptable job highlighting what is the Achilles heel for secure web access (urls that include 'https', where the 's' is about security).
http://www.nytimes.com/2011/04/07/te....html?_r=1&hpw Last fall, I taught a class on how the SSL/TLS protocols work. These protocols are what are in use with 'https'. The idea that you find out about someone's security key by getting a certificate from some place that you trust is a concept called a web of trust (for the truly geeky, google "Merkle's Tree Authentication"). Note that the protocols themselves can be absolutely secure, but if the information in the certificate is fraudulent, you get no security benefit from using that information. The gist of it all is that security within your web browser only works when everyone plays nice. Fortunately, at this time, everyone plays nice a majority of the time. There isn't a better scheme in place and the present system is so pervasive that, in my opinion, until the fundamental protocols are broken (not likely) the system will remain in place. However, look for more controls on how certificates are added to your browser and perhaps perhaps some mechanism for auditing their validity better at the source. Comodo is not the first major player to have this happen to, just the one that is being written about.
__________________
I refuse to belong to any organization that would have me as a member. ~ Groucho Marx |
04-06-2011, 01:18 PM | #2 |
Dear Lord, Thank You.
|
Re: Web Security - welcome to my world
I just want to look at stuff. The more transparent your job is, the better you've done your job, right? Speaking on your job, if I had to do it, I'd stab myself in the neck with a fork. God Love you for taking one for the team, my brother!!!
__________________
|
04-06-2011, 01:20 PM | #3 |
Dear Lord, Thank You.
|
Re: Web Security - welcome to my world
Oh, and if you guys can take care of the Nigerian Prince on Craigslist, that'd kick ass.
This week I played with him a bit, and now he's sending the FBI to get me. I don't need that kind of aggravation. The FBI doesn't even take their shoes off when they come in your house. That's just ignorant.
__________________
|
04-06-2011, 01:48 PM | #4 |
Will herf for food
|
Re: Web Security - welcome to my world
Be careful if outside the US and using SSL (site starting with https). Many countries limit the encryption level to a low enough standard that the local government can crack it (and monitorwhat you're doing).
Just my
__________________
“Eating and sleeping are the only activities that should be allowed to interrupt a man's enjoyment of his cigar;” Mark Twain |
04-06-2011, 01:51 PM | #5 |
Bunion
|
Re: Web Security - welcome to my world
Set your browser options appropriately and the connection won't be made with weaker security than you specify.
__________________
I refuse to belong to any organization that would have me as a member. ~ Groucho Marx |