When you see the little Key symbol you think you are safe?

Well, here we are again.

So you are login into the banks or Credit card. You made sure that you have the Key in the browser and you think you are safe?

Well, unfortunately, you are not. As most websites including Gmail, Cahoot, Tesco etc use the version 1.0 SSL.

http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/

Trouble is this has been broken. So, you say oh dear. they will send out a fix. Well, the Fix has been out since 2006. But, the websites are somewhat in a chicken and egg problem.

As the normal browser including IE, Chrome, FF  etc are set at version 1.0. Although most can use 1.2 which is the most secure. If they did force you to use this level then quite a few of the commercial sites would refuse to work. :o( and of course the site would lose web traffic.

So, they decided to leave it. Now, of course, it is going to come and bite them. As they have left open a way for an attacker to high jacking the session. Trouble is, you will not know.

As you will turn up to the right website and be unaware of anything being wrong. You will see the lock in the browser and to the normal person. Everything would be fine.

So, my suggestion is to convince Google and other Search engines to rate the Websites positions by what SSL level they are using. So, the safe ones that use 1.2 are the ones that don’t.

Personally, I think you would then find a lot of websites migrating to the secure version. Which, then would make the site more secure the default standard. A quick tweak to the browser security settings and everyone would be using 1.2 in a short space of time. Then, the hackers would have to crack the 1.2. Which is going to be a lot more difficult.

The search engines then get the credit for providing a more secure internet. The banks have a very little excuse. They should have completed this upgrade many moons ago.

Well, that’s my point of view. What’s yours?

Thanks for reading.

David Vincent.

About tagware

I've worked in IT for over 30 years. As the owner of one of the earlier AutoDesk Dealerships, when Richard Handyside was the main UK guy in The Cut! We supplied complete CAD, Networks and visualisation systems to Corporate clients such as RIBAS, Channel 4, NHS, BBC, Merrill Lynch, COMET Plc, Morgan Stanley too mention a few. We also developed the graphical ADB system for the Department of Health and a graphically lead Asset system for Merrill Lynch. Subsequently became a contract IT Consultant in both Developement and Production area's for both Large and small businesses. Which is what I'm still doing.
This entry was posted in Banking, Microsoft Windows and tagged , , , , , , , , . Bookmark the permalink.

1 Response to When you see the little Key symbol you think you are safe?

Leave a Reply

Your email address will not be published. Required fields are marked *

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.