Man in the middle attack (MITM) is one of the unbeaten ways of intercepting information such as passwords, user ids etc in LAN (local area network). In simple words it can be explained as an attacker or a hacker tracking all the information transmitted in between the client and the server. This is where SSL certificates comes to picture.

To keep a check on these kinds of attacks the use of Hypertext Transfer Protocol Secure (HTTPS) was started by Email providers. Such arrangement of the Hypertext Transfer Protocol (HTTP) with SSL (Secure socket layer) protocol is done in order to provide encrypted communication between the client and the server. So every time an MITM attack is carried out by a hacker, the victim is put on an alert with an invalid SSL Certificate.

A successful MITM attack and that too without suspicion requires the usage of a tool called SSL strip. Instead of using HTTPS to connect sites like Gmail, Pay pal, the victim should be allowed to use HTTP. An SSL strip replaces HTTPS with an HTTP link and keeps a plot of the changes. The attacking machine supplies certificates to the web server which it provides to the client in order to verify the identity of the site, alongside its list of trusted certificate authorities.

It’s therefore always a good idea to choose a trusted and encrypted Wi-Fi networks or VPNs, on whichever site you are be it LinkedIn or any other site. If something like this isn’t available, SSL should be used for logins and other sensitive web pages.

Tags: gmail security settings, linkedin networking tips, security, SSL certificates, ssl security certificate, vpn network security, vpn secure connection, vpn security certificate
Posted in SSL Certificate | 2 Comments »

Today, Internet is not a very safe place. Information transmitted online could be read by anyone having access to the internet. Malicious people (known as crackers) have developed several ways to learn and obtain sensitive information which visitors are exchanging with your website, for example passwords or credit card numbers. These people present a modified version of your website to the customers who are completely uninformed about your website, in order to collect some vital information from you.

In order to counter such circumstances, a special Internet protocol called SSL (Secure Sockets Layer was created (when speaking of viewing Web pages over SSL, often the term HTTPS is used).

SSL is a global standard security technology developed by Netscape in 1994. SSL is all about encryption. It creates an encrypted link between a web server and a web browser. The link ensures that all data conceded between the web server and browser remains confidential and secure and is recognized by millions of consumers by a secure padlock, which appears in their browser.

The SSL protocol is used by millions of e-Business providers to protect their customers, thereby ensuring confidential online transactions. In order to be able to use the SSL protocol, a web server requires the use of an SSL Certificate which is provided by Certification Authorities (CA) who in most cases also offers additional products and services to aid e-Businesses to demonstrate that they are trustworthy. Consumers have grown to correlate the ‘golden padlock‘, that appears within their browsers display, as an indication of trust in the web site. This simple fact allows e-Business providers an opportunity to leverage increased trust level to turn visitors into paying customers – as long as you are aware, which type to choose.

SSL certificates are generally used with ecommerce shopping carts, or anywhere from where you want to collect information from a user securely on your website. If you use a secure server certificate with a form; and that form emails the results to you; keep in mind that the email is not secure.

Online transactions are not considered to be safe by most of the users. With the advent of hacking incidents, and unauthorized sharing of personal data with third parties, the users have become even more careful while making online transactions. So for businesses which have ecommerce presence or have corporate internet and where the users and company’s data security is of paramount importance, the most significant way is SSL certificate.

You would require a Web SSL Certificate, if:

• You have an online store or accept online orders and credit cards.
• Your business partners log in to confidential information on the internet.
• You have offices that share confidential information over the internet.
• You process sensitive data such as address, birth date, license, or ID numbers.
• You need to comply with privacy and security requirements.
• You value privacy and expect others to trust you.

Although the certificate authority market is quite diverse, you purchase the same according to your need and budget; there are many offerings in different price range, with the Open Directory Project identifying 22 third parties offering the service and more than 20 root certificates bundled into Internet Explorer and Firefox—it is dominated by a few major firms.

According to a June 2005 survey from Netcraft and similar January 2007 tallies from Security Space, the largest vendors are: VeriSign plus its Thawte subsidiary (www.verisign.com), Equifax via its GeoTrust subsidiary (www.equifax.com), Comodo (www.comodo.com), GoDaddy/Starfield (www.godaddy.com), Entrust.net (entrust.net), and Digicert (www.digicert.com). Together these six have approximately dominated 95% of the market, depending on the measurement methodology, Verisign Still holds the largest market share of 72%, comodo approx 18%, Geotrust at 3.43%, Entrust approx 2.5 %, GoDaddy approx 1% and rest about 3 to 4%.

Although there is no functional difference between the SSL certificates issued by these recognized CAs, vendors do establish product distinctions through a variety of added features and in the level of company validation.

As with most services, competition has proven beneficial for Web site operators, with large number of vendors pushing down the costs for business-class certificates. Given their potential abuse by phishers and scam artists, businesses should avoid using the bargain basement and domain only products. While those wishing to provide highest level of security to their users should consider the new EV certificates.

Tags: SSL certificates, thawte SSL, Verisign SSL
Posted in SSL Certificate | 20 Comments »