Menu
Kim Kardashian Leaked Photos Backlash

Kim Kardashian Leaked Photos Backlash

Amber Heard Topless Photo Leaked

Amber Heard Topless Photo Leaked

The Sexiest Halloween Costumes of 2014

The Sexiest Halloween Costumes of 2014

iPhone 6 Plus Has Not the Best Smartphone Screen

iPhone 6 Plus Has Not the Best Smartphone Screen

Stephanie Beaudoin Dubbed Worlds Hottest Criminal

Stephanie Beaudoin Dubbed Worlds Hottest Criminal

Evaluating the dangers behind those Ominous Browser Warnings

Feb 6 2014, 8:33am CST | by , in News | Technology News

Evaluating the dangers behind those Ominous Browser Warnings
 
 

YouTube Videos Comments

Full Story

Evaluating the dangers behind those Ominous Browser Warnings

From time to time when searching the Internet, your browser will stop you with an ominous warning: “This connection is untrusted.”

I encountered this issue most recently when going to getcocoon.com, a privacy company I recently wrote about that boosts Internet protection by, in effect, letting you browse the Internet through their servers. The warning message on Firefox said it had let its security certificate expire two days before.

I have also sometimes noticed the warnings at krebsonsecurity.com, a site operated by investigative journalist Brian Krebs, who has done excellent work in analyzing the recent credit card breaches at Target and elsewhere.

So what gives, are these warnings accurately telling us that such sites are somehow infected or dangerous to visit? Most of the time no and, it turns out, the issue is fairly complex.

To boost security, companies buy SSL (Secure Sockets Layer) certificates, which provide an encrypted and authenticated connection between your browser and the website, barring others from monitoring the traffic. The opening “http” of an Internet address becomes “https,” indicating a secure connection.

“Encryption makes it difficult for eavesdroppers to listen; authentication guarantees that the website you are visiting is actually hosted by the domain displayed in the browser’s address bar, and not some man-in-the-middle bad guy who published a clone of bankofamerica.com,” with the fake site containing a zero rather than “o” in its address, says Eric Jung, founder of FoxyProxy, a proxy and VPN service, .

Companies pay as little as $9 a year for SSL certificates at NameCheap, although other kinds of proxies cost much more and there are far greater related costs. For example, companies need to pay for additional computing power required for improved security and there are various levels of security certificates.

Usually the untrusted connection message (which on Internet Explorer reads: “there is a problem with this website’s security certification”) comes from innocent error, according to Peter Eckersley, technology projects director for the Electronic Frontier Foundation. Two thirds of the time “it is a bureaucratic error that had no security dimension whatsoever: a certificate expired, was issued only for ‘www.example.com’ but you tried to go to ‘example.com’ without the ‘www.’, or the Certificate Authority that issued it was demanding more money from someone,” he said.

Another third of so of the warnings emanate from specifics of Wi-Fi in places such as hotels and cafes that require users first to accept their terms of use, says Eckersley, whose past work includes the often-praised HTTPS Everywhere browser plugin.

Only in rare cases does the browser warning indicate true danger. “One percent of the time, you see a certificate error because you are under attack for real,” he said.  “Somebody is actually trying to read your email, collect your search terms, or inject malware onto your computer.  Unfortunately, humans have been trained by the other 99 percent of cases to always click past the warning.”

Eckersley says a better system should replace SSL certificates: “We don’t think it’s reasonable to expect most humans to spend hours learning the bureaucracy and mathematics of how the SSL certificate system works, so we think it’s probably best if that system is put out of its misery and replaced with something that just works.”

Until then, what should one do when the browser warns you to avoid the website?

Eric Jung of FoxyProxy says the safest thing to do is to close the browser tab. But in reality it is tempting to forgo every last precaution. What he actually typically does is look whether the website is financially important such as a bank or investment firm or something sensitive that uses his email, address book or calendar. If so, he closes the browser. If not, he proceeds– with some precautions. “I will rarely — if ever — type any real data into a form displayed by the site… username, password, name, hotel room number — all these things I will falsify,” he says.

“This does not guard against all attacks–for example, site-specific cookies could still be stolen by accepting this warning, which would permit Bad Guy to be my imposter–but I accept the risks knowingly and with caution.”

And as for getcocoon.com and Kresonesecurity.com, both turn out to be cases when it was indeed fine to visit the sites despite the incidents of past warnings. For Cocoon, an administrative snafu delayed the renewal of their certificate for a few days – the site is now back to normal, the CEO says. Brian Krebs says his visitors sometimes see the warning purely for technical reasons. “The issue with my site is that a handful of the images and ads on my site are not served over https for several different reasons, and so you will get an error that says there’s a security problem,” he said.

Source: Forbes

 

You Might Also Like

Updates


Sponsored Update


Advertisement


More From the Web

Shopping Deals

 
 
 

<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

 

Comments

blog comments powered by Disqus

Latest stories

New South Park Season Tackles Redskins Scandal
New South Park Season Tackles Redskins Scandal
Comedy Central release a teaser for the new season premiering tomorrow. It tackles the Redskin controversy. Watch below.
 
 
Nikki Bella and John Cena are not yet Engaged
Nikki Bella and John Cena are not Engaged yet
Total Divas stars John Cena and Nikki Bella have not been spotted wearing an engagement ring yet despite reports of their engagement.
 
 
New iPhone 6 and iPhone 6 Plus TV Ads Released
New iPhone 6 and iPhone 6 Plus TV Ads Released
Apple released two new iPhone 6 TV commercials featuring the voices of Justin Timberlake and Jimmy Fallon.
 
 
iPhone 6 Plus Has Not the Best Smartphone Screen
iPhone 6 Plus Has Not the Best Smartphone Screen
The experts at DisplayMate have tested the new iPhone 6 Plus display. While it is impressive, it is not the best smartphone display on the market. Samsung is in the lead. Is it time for Apple to switch to OLED?
 
 
 

About the Geek Mind

The “geek mind” is concerned with more than just the latest iPhone rumors, or which company will win the gaming console wars. I4U is concerned with more than just the latest photo shoot or other celebrity gossip.

The “geek mind” is concerned with life, in all its different forms and facets. The geek mind wants to know about societal and financial issues, both abroad and at home. If a Fortune 500 decides to raise their minimum wage, or any high priority news, the geek mind wants to know. The geek mind wants to know the top teams in the National Football League, or who’s likely to win the NBA Finals this coming year. The geek mind wants to know who the hottest new models are, or whether the newest blockbuster movie is worth seeing. The geek mind wants to know. The geek mind wants—needs—knowledge.

Read more about The Geek Mind.