Jersey City, NJ, September 01, 2009 - In order to make the business of exchanging information on the Internet as clear as possible, even among different platforms and languages, software developers have designed a clear standard of communication. That standard is called the Hyper Text Transfer Protocol (HTTP).
The disadvantage of such a clear protocol is that anyone who intercepts an online transaction can easily read it unless it has been altered. The computers exchanging the information can agree upon a method to disguise it. The text can be changed using a process called encryption. When computers exchange encrypted text, the protocol is called HyperText Transfer Protocol Secure (HTTPS).
The two computers agree to transpose the message into an unintelligible "hash" of characters. HTTPS uses a document called a "digital certificate" to create the hash file. Only the owner of the private key associated with the digital certificate can read or understand the encrypted communication.
The two computers agree to transpose the message into an unintelligible "hash" of characters. For example, instead of plain characters, encrypted text looks like this:
D91172E6C30776967C3714A0F1B34BC58922540DD0DBA0AEE5A1AB73EE19
F1B5039E4EFE102FFABDE6FEB9D712C22270250A7A57710D6E5B0C9696B9
8A7CB217ED7BCAD1C56A43FC52B9E793337ED789668F7BECF9B3BDE2D37E
972BE099432C1F1BC76B24550E1932765FABA9EA86BD54CB28D65690BE61
5C8EC2E60D4E7182EE112E086AFD9D497ECB006C3213B8C94AC8844FE83F
783C1511D1A0C0630DB8B2267F83F0318438FC3CC5D2FE9AE221D73ADEFB
DC571A505F032FD488580982441AC1814AFD5C45F95CBF4E6989C9A23840
A953363D75B9E35A4A688B010DFAC96E23321E1B3A2BC7AF3BBEF3ACF110
E0C15AFC702353956D9C7CECE4DF447BB38BE8E559239D21AE904E080090
2A360E3CAB162787218422B9F0E6869CD7712A34099FE2718083EAE8C413
E468E0E8CC98AE26E9432B0E7252858930D94296
Most popular Internet browsers acknowledge SSL communications by displaying a small yellow padlock appears in their bottom right-hand corners.
Recently hackers have discovered that they could buy SSL certificates online, without their trustworthiness being checked. The only verification is a series of email challenges that determine whether the applicant has some access to the domain name listed in the purchased certificate. If a hacker passes the email test (even if he or she is not the legitimate owner of the domain), he or she receives a "domain-validated" SSL certificate, enabling the browser to display the golden padlock.
Many Internet users believe that the padlock signals that their online communications are safe. Although the hacker is using encryption, these low level certificates do not give any guarantee that a user is communicating with the right company. Their information may be securely transferred straight into the hands of a thief.
Checking a website's certificate is a good practice that helps netizens avoid spoof websites, sometimes called "phishing" sites. To check the certificate, click on the padlock. The browser will display the name of the owner of the certificate. This name should match the name of the website operator.
Companies requiring digital certificates have a better alternative for online communications: Extended Validation (EV) SSL certificates. To receive EV SSL certificates, online businesses must be verified as to their business identity and their existence. A business must be verified by a certificate authority, both that it is an existing business and that it has exclusive control over the domain.
When Internet users access a website using an EV SSL Certificate, they receive a special confirmation. All popular browsers turn their address bars bright green as an indicator that the business has passed the more complex validation process, adding a visual reassurance that this online transaction is with a confirmed entity.
Seeing a site with an EV SSL Certificate confirms two essential factors:
- That the user has a secure SSL (encrypted) link with this website
- That this website represents a real organization
To learn more about the protection provided by EV SSL certificates, visit http://cabforum.org/certificates.html or http://www.enterprisessl.com/.
About Comodo
Comodo is a leading brand in Internet security, covering an extensive range of security software and services, including digital certificates, PCI scanning, desktop security, online faxing, and computer technical support services.
Businesses and consumers worldwide recognize Comodo as standing for security and trust. Comodo products secure and authentic online transactions for over 200,000 business and have more than 18,000,000 installations of Comodo desktop security software, including an award-winning firewall and antivirus software offered at no charge.
The Comodo family of companies is committed to continual innovation, core competencies in PKI, authentication, and malware detection and prevention. As a catalyst in eliminating online crime, the companies' mission is to establish a Trusted Internet.
With US headquarters overlooking Manhattan on New Jersey's waterfront, and global resources in United Kingdom, China, India, Ukraine, and Romania, Comodo products offer intelligent security, authentication, and assurance.
Comodo -- Creating Trust Online®. For more information, visit Comodo's website.
Subscribe to Linux Email News Alerts
Subscribe via RSS
