Latest News: Technology |  Celebrity |  Movies |  Apple |  Cars |  Business |  Sports |  TV Shows |  Geek

Trending

Filed under: News | Technology News

 

Evaluating the dangers behind those Ominous Browser Warnings

Feb 6 2014, 8:33am CST | by

1 Updates
Evaluating the dangers behind those Ominous Browser Warnings
 
 

YouTube Videos Comments

Full Story

Evaluating the dangers behind those Ominous Browser Warnings

From time to time when searching the Internet, your browser will stop you with an ominous warning: “This connection is untrusted.”

I encountered this issue most recently when going to getcocoon.com, a privacy company I recently wrote about that boosts Internet protection by, in effect, letting you browse the Internet through their servers. The warning message on Firefox said it had let its security certificate expire two days before.

I have also sometimes noticed the warnings at krebsonsecurity.com, a site operated by investigative journalist Brian Krebs, who has done excellent work in analyzing the recent credit card breaches at Target and elsewhere.

So what gives, are these warnings accurately telling us that such sites are somehow infected or dangerous to visit? Most of the time no and, it turns out, the issue is fairly complex.

To boost security, companies buy SSL (Secure Sockets Layer) certificates, which provide an encrypted and authenticated connection between your browser and the website, barring others from monitoring the traffic. The opening “http” of an Internet address becomes “https,” indicating a secure connection.

“Encryption makes it difficult for eavesdroppers to listen; authentication guarantees that the website you are visiting is actually hosted by the domain displayed in the browser’s address bar, and not some man-in-the-middle bad guy who published a clone of bankofamerica.com,” with the fake site containing a zero rather than “o” in its address, says Eric Jung, founder of FoxyProxy, a proxy and VPN service, .

Companies pay as little as $9 a year for SSL certificates at NameCheap, although other kinds of proxies cost much more and there are far greater related costs. For example, companies need to pay for additional computing power required for improved security and there are various levels of security certificates.

Usually the untrusted connection message (which on Internet Explorer reads: “there is a problem with this website’s security certification”) comes from innocent error, according to Peter Eckersley, technology projects director for the Electronic Frontier Foundation. Two thirds of the time “it is a bureaucratic error that had no security dimension whatsoever: a certificate expired, was issued only for ‘www.example.com’ but you tried to go to ‘example.com’ without the ‘www.’, or the Certificate Authority that issued it was demanding more money from someone,” he said.

Another third of so of the warnings emanate from specifics of Wi-Fi in places such as hotels and cafes that require users first to accept their terms of use, says Eckersley, whose past work includes the often-praised HTTPS Everywhere browser plugin.

Only in rare cases does the browser warning indicate true danger. “One percent of the time, you see a certificate error because you are under attack for real,” he said.  “Somebody is actually trying to read your email, collect your search terms, or inject malware onto your computer.  Unfortunately, humans have been trained by the other 99 percent of cases to always click past the warning.”

Eckersley says a better system should replace SSL certificates: “We don’t think it’s reasonable to expect most humans to spend hours learning the bureaucracy and mathematics of how the SSL certificate system works, so we think it’s probably best if that system is put out of its misery and replaced with something that just works.”

Until then, what should one do when the browser warns you to avoid the website?

Eric Jung of FoxyProxy says the safest thing to do is to close the browser tab. But in reality it is tempting to forgo every last precaution. What he actually typically does is look whether the website is financially important such as a bank or investment firm or something sensitive that uses his email, address book or calendar. If so, he closes the browser. If not, he proceeds– with some precautions. “I will rarely — if ever — type any real data into a form displayed by the site… username, password, name, hotel room number — all these things I will falsify,” he says.

“This does not guard against all attacks–for example, site-specific cookies could still be stolen by accepting this warning, which would permit Bad Guy to be my imposter–but I accept the risks knowingly and with caution.”

And as for getcocoon.com and Kresonesecurity.com, both turn out to be cases when it was indeed fine to visit the sites despite the incidents of past warnings. For Cocoon, an administrative snafu delayed the renewal of their certificate for a few days – the site is now back to normal, the CEO says. Brian Krebs says his visitors sometimes see the warning purely for technical reasons. “The issue with my site is that a handful of the images and ads on my site are not served over https for several different reasons, and so you will get an error that says there’s a security problem,” he said.

Source: Forbes

 

iPad Air Giveaway. Win a free iPad Air.

You Might Also Like

Updates


Sponsored Update


Advertisement


More From the Web

Shopping Deals

 
 
 

<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

 

Comments

blog comments powered by Disqus

Latest stories

Miranda Kerr Was Persistently Contacted By Justin Bieber
Miranda Kerr Was Persistently Contacted By Justin Bieber
Rumors Began in 2012 When Orlando Bloom Was Still Married to Kerr.
 
 
Into The Woods: Disney Finally Releases First Trailer and Movie Stills
Into The Woods: Disney Finally Releases First Trailer and Movie Stills
Disney's offering a sneak peek "Into The Woods," where Meryl Streep weaves a complicated and magical fairytale.
 
 
Bill Belichick Praises Ty Law
Bill Belichick Praises Ty Law
New England Patriots head coach Bill Belichick is all praises former Patriots cornerback Ty Law, who will enter the team Hall of Fame on Aug. 1.
 
 
Sharknado 2: Death, Cameos, and Twitter
Sharknado 2: Death, Cameos, and Twitter
Sharknado raked in nearly a billion conversations and mentions on Twitter-in part because celebrities showed up everywhere.
 
 
 

About the Geek Mind

The “geek mind” is concerned with more than just the latest iPhone rumors, or which company will win the gaming console wars. I4U is concerned with more than just the latest photo shoot or other celebrity gossip.

The “geek mind” is concerned with life, in all its different forms and facets. The geek mind wants to know about societal and financial issues, both abroad and at home. If a Fortune 500 decides to raise their minimum wage, or any high priority news, the geek mind wants to know. The geek mind wants to know the top teams in the National Football League, or who’s likely to win the NBA Finals this coming year. The geek mind wants to know who the hottest new models are, or whether the newest blockbuster movie is worth seeing. The geek mind wants to know. The geek mind wants—needs—knowledge.

Read more about The Geek Mind.