B2B Articles - Aug 15, 2010 11:40:04 AM - By Ironpaper
Based on an article in the NY Times (Experts Warn of a Weak Link in the Security of Web Sites), security researchers are warning that even the most secure sites on the web, specifically websites for banking, e-commerce and others that use encryption may have vulnerabilities to attack.
Sites that use HTTPS resulting in a closed lock icon in the browser's address bar are certified by a third party organization that the site is authentic and the transmission of data to that site is encrypted. As more and more companies begin to issue HTTPS security products, the tool itself may become less trustworthy overall... for the HTTPS product itself can be a vehicle for eavesdroping or theft.
The responsibility of acting as a certificate authority has been delegated from browser makers to other companies (Verizon to provide one example), who in turn has re-issued the authority to other companies--thus diluting the "authority" of the tool.
The Electronic Frontier Foundation has identified about 650 organizations that are currently issuing certificates that are accepted by the leading browsers (Internet Explorer and Firefox). "Some of these organizations are in countries like Russia and China, which are suspected of engaging in widespread surveillance of their citizens." (NY TIMES, August 13, 2010, By MIGUEL HELFT, https://www.nytimes.com/2010/08/14/technology/14encrypt.html).
Etisalat, a wireless carrier in the UAE, was discovered to have installed spyware in 100,000 subscribers' headsets last year. Etisalat could the issuance of web certificates to spy on individuals and companies all around the world--including inside virtual private networks used as safehavens by corporations everywhere.