When people were originally concerned about buying products on line, there was already a technology in place called SSL to ensure secure transmission of credit card and personal information. It basically is a third party source that hands out something called security certificates. This means that a certificate was purchased by the online store, from one a a few trusted providers, to ensure a secure transmission of credit card information.
This was used by most online web stores and any site that was built well, and requested your private information. Web browsers enhanced their functionality by showing a pad lock open or closed, as well as showing at the address bar a special color for secure sites.
These certificates are maintained by something called a trust. Recently due to rough times, one such trust authority had lost control of their business and allowed a company to make 155 certificates that had untrustworthy intentions. Without getting any more technical, something happened in security that was never supposed to happen. A certificate authority (CA) was hijacked.
In response to this, various people have tried to explain how to tell if a security certificate is real or not.
Righard Zwienenberg wrote a great blog post at the eset security blog called "Password management for non-obvious accounts"
Firefox has an addon Certificate Patrol that will check certificate quality FOR YOU, or if the certificates you are using are actually real or fake.
Mixed with this threat is a recent problem that seems to be flying under the security software RADAR called DNSChanger, responsible for redirecting your computer web surfing to sites that are not correct. This is coming from a Trojan that can infect a computer in one second and hijack it for the purposes of SPAM distribution, to infect other machines and steal your personal information. Symantec has a walk through to repair this. Also it was written about in another security government blog, US-CERT. explaining that federal authorities are actually shutting down ISP's that have not fixed this problem.
No comments:
Post a Comment